Attack and Defence of Ethereum Remote APIs
- Publication Type:
- Conference Proceeding
- 2018 IEEE Globecom Workshops, GC Wkshps 2018 - Proceedings, 2019
- Issue Date:
|Source Attack and Defence of Ethereum Remote APIs.pdf||Published version||3.71 MB|
Copyright Clearance Process
- Recently Added
- In Progress
- Open Access
This item is currently unavailable due to the publisher's embargo.
The embargo period expires on 13 Dec 2020
© 2018 IEEE. Ethereum, as the first Turing-complete blockchain platform, provides various application program interfaces for developers. Although blockchain has highly improved security, faulty configuration and usage can result in serious vulnerabilities. In this paper, we focus on the security vulnerabilities of the official Go-version Ethereum client (geth). The vulnerabilities are because of the insecure API design and the specific Ethereum wallet mechanism. We demonstrate attacks exploiting these vulnerabilities in an Ethereum testbed. The vulnerabilities are confirmed by the scanning results on the public Internet. Finally, corresponding countermeasures against attacks are provided to enhance the security of the Ethereum platform.
Please use this identifier to cite or link to this item: