Security Evaluation of Smart Contract-Based On-chain Ethereum Wallets

摘要

Ethereum is a leading blockchain platform that supports decentralised applications (Dapps) using smart contract programs. It executes cryptocurrency transactions between user accounts or smart contract accounts. Wallets are utilised to integrate with Dapps to manage and hold users' transactions and private keys securely and effectively. Ethereum wallets are available in different forms, and we especially examine on-chain smart contract wallets to measure their safeness property. We have conducted an exploratory study on 86 distinct bytecode versions of Ethereum smart contract wallets and analysed them using four popular security scanning tools. We have identified that, on average, 10.2% of on-chain wallets on the Ethereum platform are vulnerable to different problems. We propose a novel analysis framework to classify the security problems in smart contract wallets using the experimental data. Most of the vulnerabilities detected from smart contract wallets are related to security issues in programming code and interaction with external sources.