We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Replay Attacks on Ethereum Smart Contracts

00:00

Formal Metadata

Title
Replay Attacks on Ethereum Smart Contracts
Title of Series
Number of Parts
322
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
In this paper, a new replay attack based on Ethereum smart contracts is presented. In the token transfer, the risk of replay attack cannot be completely avoided when the sender's signatures are abused, which can bring the loss to users. And the reason is that the applying scope of the signatures is not properly designed in the smart contracts. To test and verify this loophole, we selected two similar smart contracts for our experiment, at the same time, we used our own accounts in these two contracts to carry out the experiment. Because the same signatures of the two contracts were used in the experiment, we got a double income from sender successfully. The experiment verified that the replay attack is really exist. Besides, the replay attack may exist in multiple smart contracts. We calculated the number of smart contracts with this loophole, as well as the corresponding transaction activities, which find some Ethereum smart contracts are risked for this loophole. According to the vulnerability of the contract signature, the risk level is calibrated and depicted. Furthermore, the replay attack pattern is extended to within contract, cross contract and cross chain, which provide the pertinence and well reference for protection. Finally, the countermeasures are proposed to fix this vulnerability.
Group actionGoodness of fitProcess (computing)Information securityPlastikkarteDesign by contractData managementInformation technology consultingChainCore dumpInformation securityBlock (periodic table)XMLComputer animation
StatisticsType theoryNumeral (linguistics)MereologySimilarity (geometry)Information securityVector potentialPlastikkarteKey (cryptography)Wireless LANVulnerability (computing)Design by contractSoftwareTelecommunicationProduct (business)Group actionMereologyPhysical systemCore dumpComputer virusInternetworkingInformation securityPlastikkarteWireless LANDesign by contract
CodeOrder (biology)Theory of relativityHacker (term)DigitizingFault-tolerant systemComputer configurationGroup actionChainMetric systemMoment (mathematics)Physical systemToken ringSystem administratorPresentation of a groupState observerPlastikkarteComputer fileBit rateCondition numberTimestampSingle-precision floating-point formatRight angleGame controllerMechanism designDatabaseRow (database)Self-organizationSoftwareDigitizingFunctional (mathematics)ChainMereologyPhysical systemDatabase transactionScaling (geometry)Software maintenanceOperator (mathematics)System administratorState observerDNS <Internet>PlastikkarteBit rateCharacteristic polynomialTrailTimestampNeuroinformatikBlock (periodic table)Image registrationMechanism designDesign by contractComputer animation
Pattern recognitionInternetworkingField (computer science)VotingCartesian coordinate systemDomain nameInternetworkingVotingCartesian coordinate systemDomain nameImage registrationComputer animation
CodeDressing (medical)Computer programmingDigitizingFunctional (mathematics)Heat transferData storage devicePlastikkarteRule of inferenceSoftware developerIntegrated development environmentInformation securityPlastikkarteNeuroinformatikRule of inferenceDesign by contractSoftware developerComputer animation
Programming languageChainMaxima and minimaServer (computing)Information securityPlastikkarteDesign by contractSoftware developerMobile appFormal languageComputer programmingIdeal (ethics)Maxima and minimaProcess (computing)AbstractionPlastikkarteDesign by contractComputer animation
CodeSoftwareFile systemPhysical systemInformation securityCartesian coordinate systemProxy serverDesign by contractCodeSoftwareIntegrated development environmentPhysical systemElektronische WahlPlastikkarteDesign by contractComputer animation
Data managementConnected spacePhysical systemCartesian coordinate systemPlastikkarteDemosceneDesign by contractVotingDomain nameImage registrationDesign by contractProgram flowchart
Hacker (term)AverageFlow separationMereologyDatabase transactionInformation securityPlastikkarteMultiplication signBuffer overflowDatabase transactionInformation securityDesign by contractXML
Flow separationInformation securityOpen setPlastikkarteVulnerability (computing)SynchronizationToken ringInformation securityPlastikkarteDesign by contractDiagram
Physical systemMeasurementCASE <Informatik>Software bugHacker (term)Scaling (geometry)Dependent and independent variablesGreedy algorithmPlastikkarteVulnerability (computing)Port scannerDesign by contract
MereologyDesign by contractDesign by contract
SoftwareValidity (statistics)Database transactionElectronic signatureMultiplication signDesign by contractValidity (statistics)Database transactionHeat transferElectronic signatureDesign by contractComputer animation
PlastikkarteContext awarenessVulnerability (computing)Design by contractInformation securityPlastikkarteContext awarenessDesign by contractComputer animation
Feasibility studyProcess (computing)Strategy gameElectronic signatureSource codePlastikkarteVulnerability (computing)Design by contractFeasibility studyFormal verificationProcess (computing)Strategy gameElectronic signatureSource codePlastikkarteVulnerability (computing)Design by contractComputer animation
NumberPlastikkarteVulnerability (computing)Standard deviationPort scannerDesign by contractVulnerability (computing)Standard deviationDesign by contractComputer animation
CodeComputer programmingFunctional (mathematics)Data recoveryData storage deviceWebsiteDesign by contractNetwork topologyValidity (statistics)DeterminantFunctional (mathematics)Data recoveryPlastikkarteVulnerability (computing)Port scannerDesign by contractComputer animation
Content (media)Heat transferElectronic signatureData storage deviceInterface (computing)Design by contractContent (media)Heat transferElectronic signaturePlastikkarteProxy serverDesign by contractJSONComputer animationSource code
Functional (mathematics)Line (geometry)Parameter (computer programming)Process (computing)Electronic signatureHash functionoutputDesign by contractSource code
Database transactionHeat transferToken ringElectronic signatureoutputAddress spacePlastikkarteProxy serverService (economics)Design by contractProcess (computing)Sign (mathematics)Diagram
Row (database)Formal verificationProcedural programmingDatabase transactionToken ringNormal (geometry)ExistenceCorrespondence (mathematics)Design by contractRow (database)Formal verificationDatabase transactionProcess (computing)PlastikkarteDesign by contractComputer animation
Functional (mathematics)Database transactionHeat transferParameter (computer programming)outputCorrespondence (mathematics)LengthProxy serverImplementationFormal verificationFunctional (mathematics)Database transactionHeat transferParameter (computer programming)Process (computing)outputAddress spaceComputer animation
ImplementationResultantDatabase transactionÜbertragungsfunktionHeat transferoutputPlastikkarteDesign by contractImplementationFormal verificationFunctional (mathematics)ResultantDatabase transactionHeat transferParameter (computer programming)Process (computing)outputPlastikkarteDesign by contractXML
Analytic setHeat transferToken ringFormal verificationHeat transferToken ringProcess (computing)XMLComputer animation
Heat transferToken ringDesign by contractHill differential equationToken ringSelectivity (electronic)Design by contractComputer animation
InformationFunctional (mathematics)ChainDatabase transactionÜbertragungsfunktionHeat transferToken ringParameter (computer programming)Process (computing)Instance (computer science)Electronic signatureAddress spaceProxy serverDemo (music)Design by contractGroup actionAddress spaceFluxProxy server
Token ringChemical equationDesign by contractComputer animation
Parameter (computer programming)Electronic signatureChemical equation2 (number)Design by contractEmailXMLSource code
outputPasswordProxy serverFAQSource code
Mathematical analysisTheory of relativityStatisticsToken ringChemical equationDesign by contractExecution unitGraphic designXMLComputer animationSource code
InformationString (computer science)Group actionElectronic signatureoutputAddress spacePlastikkarteVulnerability (computing)Design by contractMathematical analysisInformationStatisticsString (computer science)Group actionElectronic signatureLatent heatAddress spacePlastikkarteVulnerability (computing)Design by contractComputer animation
Feasibility studyGroup actionElectronic signatureLatent heatClosed setDesign by contractMathematical analysisStatisticsFeasibility studyGroup actionToken ringElectronic signatureLatent heatDesign by contractComputer animation
State of matterGroup actionElectronic signatureoutputDesign by contractMathematical analysisStatisticsFeasibility studyIntegrated development environmentDeterminantGroup actionSigma-algebraSolomon (pianist)Term (mathematics)Token ringElectronic signatureLatent heatMeta elementMessage passingConjunctive normal formSoftware developerComputer animation
Row (database)FrequencySoftware testingChainDatabase transactionNumberDesign by contractMathematical analysisRow (database)SoftwareStatisticsFrequencyFeasibility studyTotal S.A.Group actionChainPolygon meshDatabase transactionToken ringElectronic signatureLatent heatPlastikkarteDesign by contractVermaschtes NetzComputer animation
Row (database)InformationDigitizingChainDatabase transactionRange (statistics)Electronic signatureTraffic reportingPlastikkarteVulnerability (computing)Design by contractMathematical analysisRow (database)InformationStatisticsFrequencyTotal S.A.ChainDatabase transactionRange (statistics)Electronic signatureLatent heatTraffic reportingPlastikkarteDesign by contractComputer animation
Electronic signatureInformation securityPlastikkarteVulnerability (computing)Design by contractElectronic signatureInformation securityPlastikkarteDesign by contractComputer animation
EmailData managementInformation technology consultingChainCore dumpInformation securityBlock (periodic table)
Transcript: English(auto-generated)