We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Replay Attacks on Ethereum Smart Contracts

00:00
subtitles
off
playback rate
1
off
English (auto-generated)
0.25
0.5
0.75
1
1.25
1.5
1.75
2
576p
137
 Cite
 Share
 Download Purchase
No logo availableDEF CON
 Bai, Zhenxuan Zheng, Yuwei Chai, Kunzhe Wang, Senhua

Formal Metadata

Title
Replay Attacks on Ethereum Smart Contracts
Title of Series
Number of Parts
322
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
In this paper, a new replay attack based on Ethereum smart contracts is presented. In the token transfer, the risk of replay attack cannot be completely avoided when the sender's signatures are abused, which can bring the loss to users. And the reason is that the applying scope of the signatures is not properly designed in the smart contracts. To test and verify this loophole, we selected two similar smart contracts for our experiment, at the same time, we used our own accounts in these two contracts to carry out the experiment. Because the same signatures of the two contracts were used in the experiment, we got a double income from sender successfully. The experiment verified that the replay attack is really exist. Besides, the replay attack may exist in multiple smart contracts. We calculated the number of smart contracts with this loophole, as well as the corresponding transaction activities, which find some Ethereum smart contracts are risked for this loophole. According to the vulnerability of the contract signature, the risk level is calibrated and depicted. Furthermore, the replay attack pattern is extended to within contract, cross contract and cross chain, which provide the pertinence and well reference for protection. Finally, the countermeasures are proposed to fix this vulnerability.
00:00
Group actionGoodness of fitProcess (computing)Information securityPlastikkarteDesign by contractData managementInformation technology consultingChainCore dumpInformation securityBlock (periodic table)XMLComputer animation
00:54
StatisticsType theoryNumeral (linguistics)MereologySimilarity (geometry)Information securityVector potentialPlastikkarteKey (cryptography)Wireless LANVulnerability (computing)Design by contractSoftwareTelecommunicationProduct (business)Group actionMereologyPhysical systemCore dumpComputer virusInternetworkingInformation securityPlastikkarteWireless LANDesign by contract
02:18
CodeOrder (biology)Theory of relativityHacker (term)DigitizingFault-tolerant systemComputer configurationGroup actionChainMetric systemMoment (mathematics)Physical systemToken ringSystem administratorPresentation of a groupState observerPlastikkarteComputer fileBit rateCondition numberTimestampSingle-precision floating-point formatRight angleGame controllerMechanism designDatabaseRow (database)Self-organizationSoftwareDigitizingFunctional (mathematics)ChainMereologyPhysical systemDatabase transactionScaling (geometry)Software maintenanceOperator (mathematics)System administratorState observerDNS <Internet>PlastikkarteBit rateCharacteristic polynomialTrailTimestampNeuroinformatikBlock (periodic table)Image registrationMechanism designDesign by contractComputer animation
06:01
Pattern recognitionInternetworkingField (computer science)VotingCartesian coordinate systemDomain nameInternetworkingVotingCartesian coordinate systemDomain nameImage registrationComputer animation
06:51
CodeDressing (medical)Computer programmingDigitizingFunctional (mathematics)Heat transferData storage devicePlastikkarteRule of inferenceSoftware developerIntegrated development environmentInformation securityPlastikkarteNeuroinformatikRule of inferenceDesign by contractSoftware developerComputer animation
08:21
Programming languageChainMaxima and minimaServer (computing)Information securityPlastikkarteDesign by contractSoftware developerMobile appFormal languageComputer programmingIdeal (ethics)Maxima and minimaProcess (computing)AbstractionPlastikkarteDesign by contractComputer animation
08:55
CodeSoftwareFile systemPhysical systemInformation securityCartesian coordinate systemProxy serverDesign by contractCodeSoftwareIntegrated development environmentPhysical systemElektronische WahlPlastikkarteDesign by contractComputer animation
09:39
Data managementConnected spacePhysical systemCartesian coordinate systemPlastikkarteDemosceneDesign by contractVotingDomain nameImage registrationDesign by contractProgram flowchart
10:12
Hacker (term)AverageFlow separationMereologyDatabase transactionInformation securityPlastikkarteMultiplication signBuffer overflowDatabase transactionInformation securityDesign by contractXML
11:37
Flow separationInformation securityOpen setPlastikkarteVulnerability (computing)SynchronizationToken ringInformation securityPlastikkarteDesign by contractDiagram
12:43
Physical systemMeasurementCASE <Informatik>Software bugHacker (term)Scaling (geometry)Dependent and independent variablesGreedy algorithmPlastikkarteVulnerability (computing)Port scannerDesign by contract
14:27
MereologyDesign by contractDesign by contract
14:58
SoftwareValidity (statistics)Database transactionElectronic signatureMultiplication signDesign by contractValidity (statistics)Database transactionHeat transferElectronic signatureDesign by contractComputer animation
15:58
PlastikkarteContext awarenessVulnerability (computing)Design by contractInformation securityPlastikkarteContext awarenessDesign by contractComputer animation
16:33
Feasibility studyProcess (computing)Strategy gameElectronic signatureSource codePlastikkarteVulnerability (computing)Design by contractFeasibility studyFormal verificationProcess (computing)Strategy gameElectronic signatureSource codePlastikkarteVulnerability (computing)Design by contractComputer animation
17:21
NumberPlastikkarteVulnerability (computing)Standard deviationPort scannerDesign by contractVulnerability (computing)Standard deviationDesign by contractComputer animation
18:09
CodeComputer programmingFunctional (mathematics)Data recoveryData storage deviceWebsiteDesign by contractNetwork topologyValidity (statistics)DeterminantFunctional (mathematics)Data recoveryPlastikkarteVulnerability (computing)Port scannerDesign by contractComputer animation
19:06
Content (media)Heat transferElectronic signatureData storage deviceInterface (computing)Design by contractContent (media)Heat transferElectronic signaturePlastikkarteProxy serverDesign by contractJSONComputer animationSource code
20:12
Functional (mathematics)Line (geometry)Parameter (computer programming)Process (computing)Electronic signatureHash functionoutputDesign by contractSource code
20:57
Database transactionHeat transferToken ringElectronic signatureoutputAddress spacePlastikkarteProxy serverService (economics)Design by contractProcess (computing)Sign (mathematics)Diagram
23:01
Row (database)Formal verificationProcedural programmingDatabase transactionToken ringNormal (geometry)ExistenceCorrespondence (mathematics)Design by contractRow (database)Formal verificationDatabase transactionProcess (computing)PlastikkarteDesign by contractComputer animation
24:13
Functional (mathematics)Database transactionHeat transferParameter (computer programming)outputCorrespondence (mathematics)LengthProxy serverImplementationFormal verificationFunctional (mathematics)Database transactionHeat transferParameter (computer programming)Process (computing)outputAddress spaceComputer animation
25:06
ImplementationResultantDatabase transactionÜbertragungsfunktionHeat transferoutputPlastikkarteDesign by contractImplementationFormal verificationFunctional (mathematics)ResultantDatabase transactionHeat transferParameter (computer programming)Process (computing)outputPlastikkarteDesign by contractXML
25:43
Analytic setHeat transferToken ringFormal verificationHeat transferToken ringProcess (computing)XMLComputer animation
26:16
Heat transferToken ringDesign by contractHill differential equationToken ringSelectivity (electronic)Design by contractComputer animation
26:51
InformationFunctional (mathematics)ChainDatabase transactionÜbertragungsfunktionHeat transferToken ringParameter (computer programming)Process (computing)Instance (computer science)Electronic signatureAddress spaceProxy serverDemo (music)Design by contractGroup actionAddress spaceFluxProxy server
28:18
Token ringChemical equationDesign by contractComputer animation
28:53
Parameter (computer programming)Electronic signatureChemical equation2 (number)Design by contractEmailXMLSource code
30:17
outputPasswordProxy serverFAQSource code
31:36
Mathematical analysisTheory of relativityStatisticsToken ringChemical equationDesign by contractExecution unitGraphic designXMLComputer animationSource code
32:06
InformationString (computer science)Group actionElectronic signatureoutputAddress spacePlastikkarteVulnerability (computing)Design by contractMathematical analysisInformationStatisticsString (computer science)Group actionElectronic signatureLatent heatAddress spacePlastikkarteVulnerability (computing)Design by contractComputer animation
33:38
Feasibility studyGroup actionElectronic signatureLatent heatClosed setDesign by contractMathematical analysisStatisticsFeasibility studyGroup actionToken ringElectronic signatureLatent heatDesign by contractComputer animation
34:29
State of matterGroup actionElectronic signatureoutputDesign by contractMathematical analysisStatisticsFeasibility studyIntegrated development environmentDeterminantGroup actionSigma-algebraSolomon (pianist)Term (mathematics)Token ringElectronic signatureLatent heatMeta elementMessage passingConjunctive normal formSoftware developerComputer animation
35:18
Row (database)FrequencySoftware testingChainDatabase transactionNumberDesign by contractMathematical analysisRow (database)SoftwareStatisticsFrequencyFeasibility studyTotal S.A.Group actionChainPolygon meshDatabase transactionToken ringElectronic signatureLatent heatPlastikkarteDesign by contractVermaschtes NetzComputer animation
36:24
Row (database)InformationDigitizingChainDatabase transactionRange (statistics)Electronic signatureTraffic reportingPlastikkarteVulnerability (computing)Design by contractMathematical analysisRow (database)InformationStatisticsFrequencyTotal S.A.ChainDatabase transactionRange (statistics)Electronic signatureLatent heatTraffic reportingPlastikkarteDesign by contractComputer animation
37:56
Electronic signatureInformation securityPlastikkarteVulnerability (computing)Design by contractElectronic signatureInformation securityPlastikkarteDesign by contractComputer animation
38:35
EmailData managementInformation technology consultingChainCore dumpInformation securityBlock (periodic table)
Transcript: English(auto-generated)