Attack and Defence of Ethereum Remote APIs
- Publication Type:
- Conference Proceeding
- 2018 IEEE Globecom Workshops, GC Wkshps 2018 - Proceedings, 2019
- Issue Date:
© 2018 IEEE. Ethereum, as the first Turing-complete blockchain platform, provides various application program interfaces for developers. Although blockchain has highly improved security, faulty configuration and usage can result in serious vulnerabilities. In this paper, we focus on the security vulnerabilities of the official Go-version Ethereum client (geth). The vulnerabilities are because of the insecure API design and the specific Ethereum wallet mechanism. We demonstrate attacks exploiting these vulnerabilities in an Ethereum testbed. The vulnerabilities are confirmed by the scanning results on the public Internet. Finally, corresponding countermeasures against attacks are provided to enhance the security of the Ethereum platform.
Please use this identifier to cite or link to this item: