Digital investigation of attacks on Ethereum smart contracts

Mistakes in the programming of Ethereum smart contracts can lead to significant financial ramifications due to the theft of digital currency.

Although tools to detect vulnerabilities can prevent the deployment of insecure contracts, their deployment is not precluded. Once a compromised contract is initiated on the blockchain and becomes the focus of malicious activities, the identification of exploitative transactions becomes imperative in evaluating whether actual breaches have occurred and in pinpointing the malevolent or manipulated accounts involved.

In this exposition, we delve into the examination of retroactive analysis of Ethereum breaches utilizing crafted Indicators of Compromise (IoC) designed for implementation within the blockchain context. The definitions of IoCs must encapsulate the repercussions of successful breaches within the Ethereum blockchain milieu.

Consequently, we formulate a framework for the execution of smart contracts, encompassing multiple tiers of abstraction that emulate the diverse perspectives of code execution on a blockchain.

Subsequently, we juxtapose IoC descriptions across the various tiers in terms of their efficacy and feasibility through EtherClue, a prototype tool developed for scrutinizing security breaches on the Ethereum platform.