Global Journal of Computer Science and Technology, D: Neural & Artificial Intelligence, Volume 23 Issue 2

timestamp provided by blockchain miners while mining a new block. This vulnerability mainly affects blockchain platforms that include a timestamp as part of the block data, such as Ethereum. vi. Gas Griefing Attacks These attacks exploit the Gas payment mechanism in the Ethereum network. Gas serves as a unit of measurement for the computational resources required for transactions and smart contract executions. Hackers can employ these attacks to inflate the cost of executing smart contracts, resulting in prohibitively expensive transactions and trading. vii. Oracle Manipulation Attacks These attacks exploit vulnerabilities in smart contracts associated with oracles. Oracles are third- party services that provide real-world information for smart contracts. If hackers can manipulate the information provided by oracles, they can falsify smart contracts as fraudulent. b) Real-world Incidents and Consequences Smart contracts are computer records that are stored on the blockchain and can be used to transact. They are mostly used in decentralized finance (DeFi) and can be used to borrow and exchange cryptocurrencies. However, smart contracts are not immune to hacking. there have been a lot of promising smart hacks in recent years. Some of the most important are i. The DAO Hack The DAO attack was a significant security breach that occurred in June 2016. DAO, short for Decentralized Autonomous Organization, was a financial resource managed by the Ethereum community, raising over $150 million worth of ether (ETH) through a token sale. However, on June 17, 2016, hackers exploited a vulnerability in the DAO's code, withdrawing 3.6 million ETH, which was valued at around $70 million at the time. This attack triggered turmoil within the Ethereum community, sparking a debate between those who advocated for making it harder to recover stolen funds and those who argued that such actions would compromise the principles of blockchain evolution. Finally, the Ethereum community has decided to challenge the blockchain. This resulted in two separate blockchains: Ethereum and Ethereum Classic. Ethereum Classic is the first blockchain without a hard fork. Ethereum is a forked blockchain that receives stolen funds. The DAO hack is a big problem for the Ethereum project. However, it also brings some improvements in smart contract security. Smart contracts are more secure today than they were in 2016. ii. Yearn Finance hack Yearn Finance is a DeFi platform that enables users to generate profits from their cryptocurrency investments through the use of smart contracts. However, on April 13, 2023, Yearn Finance experienced a security breach resulting in the loss of approximately $11.54 million worth of cryptocurrencies. The attackers exploited a vulnerability within yUSDT, a stable currency linked to the US dollar value of the Yearn Finance smart contract. yUSDT is created by depositing USDT into the Yearn Finance platform. The attackers took advantage of this vulnerability to deposit significant amounts of USDT on the platform and subsequently generated large quantities of yUSDT. They then utilized the yUSDT to purchase other tokens on the Yearn Finance platform, causing the tokens' values to increase and enabling the attackers to profit. The hackers managed to steal approximately $11.54 million worth of cryptocurrency before the vulnerabilities were addressed. This hack posed a significant challenge for the Yearn Finance project. However, the project's team has since taken measures to enhance platform security, including the identification of smart contract vulnerabilities and the implementation of new security measures. iii. Merlin Hack Merlin is a decentralized exchange (DEX) built on top of the zkSync layer 2 scaling solution, offering users the ability to exchange coins without incurring gas fees. However, on April 26, 2023, Merlin fell victim to a security breach in which approximately $1.8 million worth of cryptocurrency was stolen. The attackers exploited a vulnerability in the way Merlin's smart contracts managed liquid pools-collections of tokens used to facilitate DEX transactions. Merlin's smart contracts utilize a single pool for all traded tokens on the platform. Exploiting this vulnerability, hackers removed a substantial number of tokens from the liquid pool, causing their values to plummet. Subsequently, the attackers repurchased these tokens at a lower cost. They then sold the tokens back to the liquidity pool, ultimately profiting by approximately $1.8 million. The Merlin Hack posed a significant challenge for the Merlin project. Nevertheless, the project's team has taken steps to enhance platform security, including the use of multiple repositories and the implementation of new security measures. iv. Bonq Dao Exploit Bonq DAO is a decentralized autonomous organization (DAO) that facilitates cryptocurrency borrowing and lending through smart contracts to expedite the loan process. On February 1, 2023, Bonq DAO was launched with approximately $120 million worth of cryptocurrencies. However, it fell victim to a security breach when hackers exploited a vulnerability within its smart contract related to price feeds. Price feeds serve as real data sources utilized by smart contracts to determine asset values. In Bonq DAO's case, it relied on the Tellor oracle to obtain price information for the AllianceBlock (ALBT) token. Global Journal of Computer Science and Technology Volume XXIII Issue II Version I 62 ( ) Year 2023 D Strengthening Smart Contracts: An AI-Driven Security Exploration © 2023 Global Journals