Attack and Defence of Ethereum Remote APIs

Publication Type:
Conference Proceeding
2018 IEEE Globecom Workshops, GC Wkshps 2018 - Proceedings, 2019
Issue Date:
Full metadata record
© 2018 IEEE. Ethereum, as the first Turing-complete blockchain platform, provides various application program interfaces for developers. Although blockchain has highly improved security, faulty configuration and usage can result in serious vulnerabilities. In this paper, we focus on the security vulnerabilities of the official Go-version Ethereum client (geth). The vulnerabilities are because of the insecure API design and the specific Ethereum wallet mechanism. We demonstrate attacks exploiting these vulnerabilities in an Ethereum testbed. The vulnerabilities are confirmed by the scanning results on the public Internet. Finally, corresponding countermeasures against attacks are provided to enhance the security of the Ethereum platform.
Please use this identifier to cite or link to this item: