Detect Abnormal Behaviours in Ethereum Smart Contracts Using Attack Vectors

  • Quoc-Bao Nguyen
  • Anh-Quynh Nguyen
  • Van-Hoa Nguyen
  • Thanh Nguyen-Le
  • Khuong Nguyen-AnEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11814)


Blockchain has gradually been popularized by its transparency, fairness, and democracy. This technology has opened the door to the development of Ethereum, a blockchain platform with smart contracts that can hold and automatically transfer tokens. Like a legacy computer program, smart contracts are vulnerable to security bugs. In recent years, many successful attacks on Ethereum network have been recorded, cost victims millions of dollars. In this paper, we classify attack vectors of Ethereum smart contracts, then propose some behaviour-based methods to detect them. To realize the ideas, we implement Abbe, a tool that can not only discover known attacks but also detect zero-day vulnerabilities.


Smart contract Security Ethereum Blockchain 



During the preparation of this work, the first author was partially supported by University of Technology (HCMUT), VNU-HCM under “Student Scientific Research” Grant Number 121/HOpen image in new window-Open image in new windowHBK-KHCN&DA; and the last author was partially funded by Vietnam National University-HCMC under Grant C2019-20-14. The authors would like to thank Nguyen Van Thanh for his comments helping to improve the manuscript significantly.


  1. 1.
    Post-Mortem Investigation (2016).
  2. 2.
    Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). Scholar
  3. 3.
    Beregszaszi, A.: EVM: overflow detection in arithmetic instructions (2016).
  4. 4.
    Beyer, S.: Storage allocation exploits in ethereum smart contracts (2018).
  5. 5.
    Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, pp. 91–96. ACM (2016)Google Scholar
  6. 6.
    Buterin, V.: Ethereum Improvement Proposal 7 (2015).
  7. 7.
    Buterin, V.: Ethereum Improvement Proposal 170 (2016).
  8. 8.
    Buterin, V., et al.: A next-generation smart contract and decentralized application platform. White Paper (2014)Google Scholar
  9. 9.
    Buterin, V., et al.: Difference between CALL, CALLCODE and DELEGATECALL (2016).
  10. 10.
  11. 11.
    Falkon, S.: The story of the DAO - its history and consequences (2017).
  12. 12.
    Hoyte, D.: MerdeToken: it’s some hot shit (2018).
  13. 13.
    Kalra, S., Goel, S., Dhawan, M., Sharma, S.: Zeus: analyzing safety of smart contracts. In: NDSS (2018)Google Scholar
  14. 14.
    Luu, L., et al.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269. ACM (2016)Google Scholar
  15. 15.
  16. 16.
    McKie, S.: Solidity learning: Revert(), Assert(), and Require() in solidity, and the new REVERT Opcode in the EVM (2017).
  17. 17.
    Mueller, B.: Mythril - Reversing and Bug Hunting Framework for the Ethereum BlockchainGoogle Scholar
  18. 18.
    Nakamoto, S., et al.: Bitcoin: A Peer-to-Peer Electronic Cash System (2008)Google Scholar
  19. 19.
    Nikolić, I., et al.: Finding the greedy, prodigal, and suicidal contracts at scale. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 653–663. ACM (2018)Google Scholar
  20. 20.
    Palladino, S.: The parity wallet hack explained - zeppelin blog (2017).
  21. 21.
    SmartDec: automatically checking smart contracts for vulnerabilities and bad practices (2018).
  22. 22.
    SMARX: Capture the ether - the game of ethereum smart contract security (2018).
  23. 23.
    SpankChain: We Got Spanked: What We Know So Far (2018).
  24. 24.
    Szabo, N.: Smart Contracts. Unpublished manuscript (1994)Google Scholar
  25. 25.
    Tann, A., Han, X.J., Gupta, S.S., Ong, Y.S.: Towards safer smart contracts: a sequence learning approach to detecting vulnerabilities (2018). arXiv preprint arXiv:1811.06632
  26. 26.
    Tsankov, P., et al.: Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82. ACM (2018)Google Scholar
  27. 27.
    Wood, G., et al.: Ethereum: A Secure Decentralised Generalised Transaction Ledger. Ethereum project yellow paper 151, 1–32 (2014)Google Scholar
  28. 28.
    Zeppelin team: The Ethernaut Wargame.

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Quoc-Bao Nguyen
    • 1
  • Anh-Quynh Nguyen
    • 2
  • Van-Hoa Nguyen
    • 3
  • Thanh Nguyen-Le
    • 3
  • Khuong Nguyen-An
    • 1
    Email author
  1. 1.University of Technology (HCMUT), VNU-HCMHo Chi Minh CityVietnam
  2. 2.Nanyang Technological UniversitySingaporeSingapore
  3. 3.Verichains LabHo Chi Minh CityVietnam

Personalised recommendations