Abusing the Ethereum Smart Contract Verification Services for Fun and Profit

Pengxiang Ma

Network and Distributed System Security (NDSS) Symposium 2024 · Day 2 · Blockchain & Smart Contracts

In the intricate and high-stakes world of blockchain, trust is paramount, especially when billions of dollars in assets are managed by **smart contracts**. The integrity of these contracts hinges on a crucial, yet often overlooked, component: **smart contract verification services**. This talk, "Abusing the Ethereum Smart Contract Verification Services for Fun and Profit," presented by Pengxiang Ma at the NDSS Symposium, shines a much-needed spotlight on the pervasive security vulnerabilities within these fundamental services. The presentation delves into how attackers can exploit weaknesses in platforms like Etherscan, Sourcify, and Blockscout to either discredit legitimate contracts or cloak malicious ones under a veneer of trustworthiness, leading to significant financial losses and erosion of user confidence.