Skip to main content
SpringerLink
Log in

Detect Abnormal Behaviours in Ethereum Smart Contracts Using Attack Vectors

  • Conference paper
  • First Online:
Future Data and Security Engineering (FDSE 2019)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11814))

Included in the following conference series:

Abstract

Blockchain has gradually been popularized by its transparency, fairness, and democracy. This technology has opened the door to the development of Ethereum, a blockchain platform with smart contracts that can hold and automatically transfer tokens. Like a legacy computer program, smart contracts are vulnerable to security bugs. In recent years, many successful attacks on Ethereum network have been recorded, cost victims millions of dollars. In this paper, we classify attack vectors of Ethereum smart contracts, then propose some behaviour-based methods to detect them. To realize the ideas, we implement Abbe, a tool that can not only discover known attacks but also detect zero-day vulnerabilities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://coinmarketcap.com/currencies/ethereum/.

  2. 2.

    Name of the cryptocurrency used in Ethereum blockchain. Ether can be transferred among accounts and exchanged to other currencies. 1 ether will be exchanged for each US$217 (recorded at Aug 18, 2019).

  3. 3.

    Price per each unit of gas is determined by the sender. The higher the price, the faster the transaction may be processed. All consumed gas must be paid in ether.

  4. 4.

    https://solidity.readthedocs.io/en/latest/miscellaneous.html#layout-of-state-variables-in-storage.

  5. 5.

    All releases of solcjs are listed at https://ethereum.github.io/solc-bin/bin/list.js.

  6. 6.

    The private repository of Abbe is located at https://github.com/nxqbaos/abbe2. Access to this repository is granted upon requests.

  7. 7.

    The Abbe tool has been invited to be presented at Hack In The Box (HITB+) Cyber Week’s Conference, Oct. 15–17, 2019, Abu Dhabi, UAE.

References

  1. Post-Mortem Investigation (2016). https://www.kingoftheether.com/postmortem.html

  2. Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8

    Chapter  Google Scholar 

  3. Beregszaszi, A.: EVM: overflow detection in arithmetic instructions (2016). github.com/ethereum/EIPs/issues/159

  4. Beyer, S.: Storage allocation exploits in ethereum smart contracts (2018). https://medium.com/cryptronics/storage-allocation-exploits-in-ethereum-smart-contracts-16c2aa312743

  5. Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, pp. 91–96. ACM (2016)

    Google Scholar 

  6. Buterin, V.: Ethereum Improvement Proposal 7 (2015). https://github.com/ethereum/EIPs/blob/master/EIPS/eip-7.md

  7. Buterin, V.: Ethereum Improvement Proposal 170 (2016). https://github.com/ethereum/EIPs/blob/master/EIPS/eip-170.md

  8. Buterin, V., et al.: A next-generation smart contract and decentralized application platform. White Paper (2014)

    Google Scholar 

  9. Buterin, V., et al.: Difference between CALL, CALLCODE and DELEGATECALL (2016). https://ethereum.stackexchange.com/questions/3667/difference-between-call-callcode-and-delegatecall

  10. Consensys: Solidity Recommendations (2018). https://consensys.github.io/smart-contract-best-practices/recommendations/

  11. Falkon, S.: The story of the DAO - its history and consequences (2017). https://medium.com/swlh/the-story-of-the-dao-its-history-and-consequences-71e6a8a551ee

  12. Hoyte, D.: MerdeToken: it’s some hot shit (2018). https://github.com/Arachnid/uscc/tree/master/submissions-2017/doughoyte

  13. Kalra, S., Goel, S., Dhawan, M., Sharma, S.: Zeus: analyzing safety of smart contracts. In: NDSS (2018)

    Google Scholar 

  14. Luu, L., et al.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269. ACM (2016)

    Google Scholar 

  15. Manticore (2018). https://github.com/trailofbits/manticore

  16. McKie, S.: Solidity learning: Revert(), Assert(), and Require() in solidity, and the new REVERT Opcode in the EVM (2017). https://medium.com/blockchannel/the-use-of-revert-assert-and-require-in-solidity-and-the-new-revert-opcode-in-the-evm-1a3a7990e06e

  17. Mueller, B.: Mythril - Reversing and Bug Hunting Framework for the Ethereum Blockchain

    Google Scholar 

  18. Nakamoto, S., et al.: Bitcoin: A Peer-to-Peer Electronic Cash System (2008)

    Google Scholar 

  19. Nikolić, I., et al.: Finding the greedy, prodigal, and suicidal contracts at scale. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 653–663. ACM (2018)

    Google Scholar 

  20. Palladino, S.: The parity wallet hack explained - zeppelin blog (2017). https://blog.zeppelin.solutions/on-the-parity-wallet-multisig-hack-405a8c12e8f7

  21. SmartDec: automatically checking smart contracts for vulnerabilities and bad practices (2018). https://tool.smartdec.net

  22. SMARX: Capture the ether - the game of ethereum smart contract security (2018). https://capturetheether.com

  23. SpankChain: We Got Spanked: What We Know So Far (2018). https://medium.com/spankchain/we-got-spanked-what-we-know-so-far-d5ed3a0f38fe

  24. Szabo, N.: Smart Contracts. Unpublished manuscript (1994)

    Google Scholar 

  25. Tann, A., Han, X.J., Gupta, S.S., Ong, Y.S.: Towards safer smart contracts: a sequence learning approach to detecting vulnerabilities (2018). arXiv preprint arXiv:1811.06632

  26. Tsankov, P., et al.: Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82. ACM (2018)

    Google Scholar 

  27. Wood, G., et al.: Ethereum: A Secure Decentralised Generalised Transaction Ledger. Ethereum project yellow paper 151, 1–32 (2014)

    Google Scholar 

  28. Zeppelin team: The Ethernaut Wargame. https://ethernaut.zeppelin.solutions

Download references

Acknowledgement

During the preparation of this work, the first author was partially supported by University of Technology (HCMUT), VNU-HCM under “Student Scientific Research” Grant Number 121/H-HBK-KHCN&DA; and the last author was partially funded by Vietnam National University-HCMC under Grant C2019-20-14. The authors would like to thank Nguyen Van Thanh for his comments helping to improve the manuscript significantly.

Author information

Authors and Affiliations

  1. University of Technology (HCMUT), VNU-HCM, Ho Chi Minh City, Vietnam

    Quoc-Bao Nguyen & Khuong Nguyen-An

  2. Nanyang Technological University, Singapore, Singapore

    Anh-Quynh Nguyen

  3. Verichains Lab, Ho Chi Minh City, Vietnam

    Van-Hoa Nguyen & Thanh Nguyen-Le

Authors
  1. Quoc-Bao Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anh-Quynh Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Van-Hoa Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thanh Nguyen-Le
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Khuong Nguyen-An
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Khuong Nguyen-An .

Editor information

Editors and Affiliations

  1. Ho Chi Minh City University of Technology, Ho Chi Minh City, Vietnam

    Tran Khanh Dang

  2. Johannes Kepler Universität Linz, Linz, Austria

    Josef Küng

  3. Hosei University, Tokyo, Japan

    Makoto Takizawa

  4. Telecommunications University, Nha Trang City, Vietnam

    Son Ha Bui

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nguyen, QB., Nguyen, AQ., Nguyen, VH., Nguyen-Le, T., Nguyen-An, K. (2019). Detect Abnormal Behaviours in Ethereum Smart Contracts Using Attack Vectors. In: Dang, T., Küng, J., Takizawa, M., Bui, S. (eds) Future Data and Security Engineering. FDSE 2019. Lecture Notes in Computer Science(), vol 11814. Springer, Cham. https://doi.org/10.1007/978-3-030-35653-8_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-35653-8_32

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-35652-1

  • Online ISBN: 978-3-030-35653-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation