Vultron : towards secure smart contracts -- a runtime monitoring approach
Ethereum smart contracts are paving their way into the future of commerce and high stakes are placed upon the correct implementation of their specifications. However, in the history of Ethereum, several vulnerabilities have been exploited which compromised the trust and effectiveness of smart contra...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2019
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/78964 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-78964 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-789642023-03-03T20:36:01Z Vultron : towards secure smart contracts -- a runtime monitoring approach Yang, Xuan Li Yi School of Computer Science and Engineering Engineering::Computer science and engineering Ethereum smart contracts are paving their way into the future of commerce and high stakes are placed upon the correct implementation of their specifications. However, in the history of Ethereum, several vulnerabilities have been exploited which compromised the trust and effectiveness of smart contracts. Errors in executable specification languages are especially challenging to detect using a static approach. Therefore, a dynamic runtime monitoring approach is often preferred. The proposed approach, Vultron, a generalised solution which is not limited in its capabilities, can proactively detect vulnerabilities during runtime, and pre-emptively alter the function execution. For Vultron, we look at inserting operations into smart contracts to manipulate the gas instrumentation of Ethereum such that additional debugging instructions can be executed without affecting the gas consumption. This is achieved through modifying both the Solidity compiler and Ethereum Virtual Machine. The source code of the compiler and virtual machine are open-sourced and can be viewed on GitHub. The modifications to the compiler and virtual machine illustrate the feasibility of adding custom gas manipulating operations and serve as fundamental building blocks of a fully developed and automated runtime monitoring approach. Given the limitations of static solutions and the advantages of a runtime monitoring approach, we highly recommend adopting Vultron in advancing towards secure smart contracts. Bachelor of Engineering (Computer Science) 2019-11-14T00:52:27Z 2019-11-14T00:52:27Z 2019 Final Year Project (FYP) http://hdl.handle.net/10356/78964 en Nanyang Technological University 54 p. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering |
| spellingShingle |
Engineering::Computer science and engineering Yang, Xuan Vultron : towards secure smart contracts -- a runtime monitoring approach |
| description |
Ethereum smart contracts are paving their way into the future of commerce and high stakes are placed upon the correct implementation of their specifications. However, in the history of Ethereum, several vulnerabilities have been exploited which compromised the trust and effectiveness of smart contracts. Errors in executable specification languages are especially challenging to detect using a static approach. Therefore, a dynamic runtime monitoring approach is often preferred. The proposed approach, Vultron, a generalised solution which is not limited in its capabilities, can proactively detect vulnerabilities during runtime, and pre-emptively alter the function execution.
For Vultron, we look at inserting operations into smart contracts to manipulate the gas instrumentation of Ethereum such that additional debugging instructions can be executed without affecting the gas consumption. This is achieved through modifying both the Solidity compiler and Ethereum Virtual Machine. The source code of the compiler and virtual machine are open-sourced and can be viewed on GitHub.
The modifications to the compiler and virtual machine illustrate the feasibility of adding custom gas manipulating operations and serve as fundamental building blocks of a fully developed and automated runtime monitoring approach. Given the limitations of static solutions and the advantages of a runtime monitoring approach, we highly recommend adopting Vultron in advancing towards secure smart contracts. |
| author2 |
Li Yi |
| author_facet |
Li Yi Yang, Xuan |
| format |
Final Year Project |
| author |
Yang, Xuan |
| author_sort |
Yang, Xuan |
| title |
Vultron : towards secure smart contracts -- a runtime monitoring approach |
| title_short |
Vultron : towards secure smart contracts -- a runtime monitoring approach |
| title_full |
Vultron : towards secure smart contracts -- a runtime monitoring approach |
| title_fullStr |
Vultron : towards secure smart contracts -- a runtime monitoring approach |
| title_full_unstemmed |
Vultron : towards secure smart contracts -- a runtime monitoring approach |
| title_sort |
vultron : towards secure smart contracts -- a runtime monitoring approach |
| publishDate |
2019 |
| url |
http://hdl.handle.net/10356/78964 |
| _version_ |
1759855369755033600 |