CBT 2021
5th International Workshop on Cryptocurrencies and Blockchain Technology
Gallersdörfer, U., Ebel, J. and Matthes, F.
Technical University Munich, Munich, Germany
{ulrich.gallersdoerfer, jonas.ebel, matthes}@tum.de
Users in blockchain systems are exposed to address replacement attacks due to the weak binding between websites and smart contracts, as they have no way to verify the authenticity of obtained addresses. Prior research introduced TLS-endorsed Smart Contracts (TeSC) that equip Smart Contracts with authentication information, proving the relation to the domain name of the respective website. For an efficient and user-friendly approach, this technology needs to be integrated with wallets. Based on the analysis of browser warnings regarding TLS-certificates, we augment MetaMask with the ability to detect TeSC and warn users if attack scenarios are detected. To evaluate our work, we conduct a study with 40 participants to show the effectiveness of TeSC to prevent address-replacement attacks and ensure the safe interaction of users and addresses.
TBD
TBD
All browsers choose different approaches to highlight sub-parts of the URL in the address bar and have slightly different approaches for indicating a security downgrade.
Conceptual Models for TeSC error pages
Flow diagram of the TeSC verification algorithm
Introduction to Blockchain and MetaMask
| Contract Name | Address |
|---|---|
| TeSCRegistry | 0x0678D9838740c79170139e6d48b86b71460795c2 |
| GreatCoin Contract | 0x919d5FD953e9F268985e792aD9E43F99AbB979dd |
| Bad Contract | 0x1566E143b59ba6590d52D6fB3bf2fc4f6e7d5ebF |
| Participant Account | 0x5C553867B3B01D4F2e68B0070c1E84e1e12E4A0C |