A Survey on Ethereum Systems Security: Vulnerabilities, Attacks and Defenses

TL;DR

This survey provides a comprehensive overview of Ethereum's security landscape, detailing vulnerabilities, attack methods, and defense strategies to guide future research and improve system robustness.

Contribution

It systematically categorizes Ethereum security issues, offering a holistic understanding that fills a gap in existing literature and serves as a tutorial for researchers.

Findings

Identifies key vulnerabilities in Ethereum systems.

Analyzes common attack vectors and their impacts.

Summarizes effective defense mechanisms.

Abstract

The blockchain technology is believed by many to be a game changer in many application domains, especially financial applications. While the first generation of blockchain technology (i.e., Blockchain 1.0) is almost exclusively used for cryptocurrency purposes, the second generation (i.e., Blockchain 2.0), as represented by Ethereum, is an open and decentralized platform enabling a new paradigm of computing --- Decentralized Applications (DApps) running on top of blockchains. The rich applications and semantics of DApps inevitably introduce many security vulnerabilities, which have no counterparts in pure cryptocurrency systems like Bitcoin. Since Ethereum is a new, yet complex, system, it is imperative to have a systematic and comprehensive understanding on its security from a holistic perspective, which is unavailable. To the best of our knowledge, the present survey, which can also be used as a tutorial, fills this void. In particular, we systematize three aspects of Ethereum systems security: vulnerabilities, attacks, and defenses. We draw insights into, among other things, vulnerability root causes, attack consequences, and defense capabilities, which shed light on future research directions.