The Ether Wars: Exploits, counter-exploits and honeypots on Ethereum

The presentation discusses the automated exploitation of vulnerable smart contracts on the Ethereum blockchain and the game-theoretic consequences of such exploits.

• Introduction of Karl, an Ethereum blockchain monitor, and Scrooge McEtherface, an auto-exploitation bot that extracts Ether from vulnerable smart contracts
• Use of symbolic execution to detect vulnerable states and construct exploit payloads using the Z3 constraint solver
• Game-theoretic consequences of multiple bots competing for exploiting the same contracts and honeypots that counter-exploit bots
• Demonstration of vulnerable contracts, honeypots, and counter-honeypots, and explanation of transaction ordering and frontrunning
• Challenges for the audience to solve vulnerable smart contracts

The presenters showed a demo of Scrooge McEtherface, which creates exploit transactions and sends them to the blockchain, giving the user an interactive CLI to manipulate or execute the steps of the attack. However, the presenters warned that using such tools can make the user vulnerable to front running and fake exploitable contracts called honeypots, which can make the attack fail and require the user to send ether.

Ethereum smart contracts are Turing-complete programs that mediate transfers of money. It doesn't come as a surprise that all hell is breaking loose on the Ethereum blockchain. In this talk, we'll introduce Karl, an Ethereum blockchain monitor, and Scrooge McEtherface, an auto-exploitation bot that extracts Ether from vulnerable smart contracts. Scrooge uses symbolic execution to detect vulnerable states that live up to three transactions deep and constructs exploit payloads using the Z3 constraint solver. We'll also examine the game-theoretic consequences of Scrooge's existence. What if multiple bots compete for exploiting the same contracts? How about honeypots that counter-exploit bots? Is it possible to cheat those honeypots? When all is said and done, who is going to end up stealing money from whom? During the talk, we'll show many examples for vulnerable contracts, honeypots, and counter-honeypots, explain the role of transaction ordering and frontrunning, and launch a little challenge for the audience.