Graduate School and Research Center in Digital Sciences

Collateral use of deployment code for smart contracts in ethereum

di angelo, Monika; Salzer, Gernot

NTMS 2019, 10th IFIP International Conference on New Technologies, Mobility and Security, 24-26 June 2019, Canary Islands, Spain

Ethereum is still the most prominent platform for smart contracts. For the deployment of contracts on its blockchain, the so-called deployment code is executed by Ethereum's virtual machine. As it turns out, deployment code can do a lot more than merely deploying a contract. This paper identifies less-anticipated uses of contract deployment in Ethereum by analyzing the available blockchain data. In particular, we analyze the specifics of deployment code used beyond actually deploying a contract in a quantitative and qualitative manner. To this end, we identify code patterns in deployment code by distilling recurring code skeletons from all external transactions and internal messages that contain deployment code. Tracking the use of these patterns reveals a set of vulnerabilities in contracts targeted by skillfully crafted deployment code. We summarize the encountered exploitative cases of collateral use of deployment code and report respective quantities. Example scenarios illustrate the recent usage. Collateral use of deployment code starts to appear in the middle of 2018 and becomes dominant among contract creations in autumn of 2018. We intend to raise awareness about the less obvious uses of deployment code and its potential security issues.

Document Doi Bibtex

Title:Collateral use of deployment code for smart contracts in ethereum
Keywords:analysis, deployment code, exploit, Ethereum, smart contract
City:Canary Islands
Department:Digital Security
Eurecom ref:5934
Copyright: © 2019 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Bibtex: @inproceedings{EURECOM+5934, doi = {}, year = {2019}, title = {{C}ollateral use of deployment code for smart contracts in ethereum}, author = {di angelo, {M}onika and {S}alzer, {G}ernot}, booktitle = {{NTMS} 2019, 10th {IFIP} {I}nternational {C}onference on {N}ew {T}echnologies, {M}obility and {S}ecurity, 24-26 {J}une 2019, {C}anary {I}slands, {S}pain}, address = {{C}anary {I}slands, {SPAIN}}, month = {06}, url = {} }
See also: