Advertisement

Detect Abnormal Behaviours in Ethereum Smart Contracts Using Attack Vectors

  • Quoc-Bao Nguyen
  • Anh-Quynh Nguyen
  • Van-Hoa Nguyen
  • Thanh Nguyen-Le
  • Khuong Nguyen-AnEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11814)

Abstract

Blockchain has gradually been popularized by its transparency, fairness, and democracy. This technology has opened the door to the development of Ethereum, a blockchain platform with smart contracts that can hold and automatically transfer tokens. Like a legacy computer program, smart contracts are vulnerable to security bugs. In recent years, many successful attacks on Ethereum network have been recorded, cost victims millions of dollars. In this paper, we classify attack vectors of Ethereum smart contracts, then propose some behaviour-based methods to detect them. To realize the ideas, we implement Abbe, a tool that can not only discover known attacks but also detect zero-day vulnerabilities.

Keywords

Smart contract Security Ethereum Blockchain 

Notes

Acknowledgement

During the preparation of this work, the first author was partially supported by University of Technology (HCMUT), VNU-HCM under “Student Scientific Research” Grant Number 121/HOpen image in new window-Open image in new windowHBK-KHCN&DA; and the last author was partially funded by Vietnam National University-HCMC under Grant C2019-20-14. The authors would like to thank Nguyen Van Thanh for his comments helping to improve the manuscript significantly.

References

  1. 1.
    Post-Mortem Investigation (2016). https://www.kingoftheether.com/postmortem.html
  2. 2.
    Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017).  https://doi.org/10.1007/978-3-662-54455-6_8CrossRefGoogle Scholar
  3. 3.
    Beregszaszi, A.: EVM: overflow detection in arithmetic instructions (2016). github.com/ethereum/EIPs/issues/159
  4. 4.
    Beyer, S.: Storage allocation exploits in ethereum smart contracts (2018). https://medium.com/cryptronics/storage-allocation-exploits-in-ethereum-smart-contracts-16c2aa312743
  5. 5.
    Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, pp. 91–96. ACM (2016)Google Scholar
  6. 6.
    Buterin, V.: Ethereum Improvement Proposal 7 (2015). https://github.com/ethereum/EIPs/blob/master/EIPS/eip-7.md
  7. 7.
    Buterin, V.: Ethereum Improvement Proposal 170 (2016). https://github.com/ethereum/EIPs/blob/master/EIPS/eip-170.md
  8. 8.
    Buterin, V., et al.: A next-generation smart contract and decentralized application platform. White Paper (2014)Google Scholar
  9. 9.
    Buterin, V., et al.: Difference between CALL, CALLCODE and DELEGATECALL (2016). https://ethereum.stackexchange.com/questions/3667/difference-between-call-callcode-and-delegatecall
  10. 10.
  11. 11.
    Falkon, S.: The story of the DAO - its history and consequences (2017). https://medium.com/swlh/the-story-of-the-dao-its-history-and-consequences-71e6a8a551ee
  12. 12.
    Hoyte, D.: MerdeToken: it’s some hot shit (2018). https://github.com/Arachnid/uscc/tree/master/submissions-2017/doughoyte
  13. 13.
    Kalra, S., Goel, S., Dhawan, M., Sharma, S.: Zeus: analyzing safety of smart contracts. In: NDSS (2018)Google Scholar
  14. 14.
    Luu, L., et al.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269. ACM (2016)Google Scholar
  15. 15.
  16. 16.
    McKie, S.: Solidity learning: Revert(), Assert(), and Require() in solidity, and the new REVERT Opcode in the EVM (2017). https://medium.com/blockchannel/the-use-of-revert-assert-and-require-in-solidity-and-the-new-revert-opcode-in-the-evm-1a3a7990e06e
  17. 17.
    Mueller, B.: Mythril - Reversing and Bug Hunting Framework for the Ethereum BlockchainGoogle Scholar
  18. 18.
    Nakamoto, S., et al.: Bitcoin: A Peer-to-Peer Electronic Cash System (2008)Google Scholar
  19. 19.
    Nikolić, I., et al.: Finding the greedy, prodigal, and suicidal contracts at scale. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 653–663. ACM (2018)Google Scholar
  20. 20.
    Palladino, S.: The parity wallet hack explained - zeppelin blog (2017). https://blog.zeppelin.solutions/on-the-parity-wallet-multisig-hack-405a8c12e8f7
  21. 21.
    SmartDec: automatically checking smart contracts for vulnerabilities and bad practices (2018). https://tool.smartdec.net
  22. 22.
    SMARX: Capture the ether - the game of ethereum smart contract security (2018). https://capturetheether.com
  23. 23.
    SpankChain: We Got Spanked: What We Know So Far (2018). https://medium.com/spankchain/we-got-spanked-what-we-know-so-far-d5ed3a0f38fe
  24. 24.
    Szabo, N.: Smart Contracts. Unpublished manuscript (1994)Google Scholar
  25. 25.
    Tann, A., Han, X.J., Gupta, S.S., Ong, Y.S.: Towards safer smart contracts: a sequence learning approach to detecting vulnerabilities (2018). arXiv preprint arXiv:1811.06632
  26. 26.
    Tsankov, P., et al.: Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82. ACM (2018)Google Scholar
  27. 27.
    Wood, G., et al.: Ethereum: A Secure Decentralised Generalised Transaction Ledger. Ethereum project yellow paper 151, 1–32 (2014)Google Scholar
  28. 28.
    Zeppelin team: The Ethernaut Wargame. https://ethernaut.zeppelin.solutions

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Quoc-Bao Nguyen
    • 1
  • Anh-Quynh Nguyen
    • 2
  • Van-Hoa Nguyen
    • 3
  • Thanh Nguyen-Le
    • 3
  • Khuong Nguyen-An
    • 1
    Email author
  1. 1.University of Technology (HCMUT), VNU-HCMHo Chi Minh CityVietnam
  2. 2.Nanyang Technological UniversitySingaporeSingapore
  3. 3.Verichains LabHo Chi Minh CityVietnam

Personalised recommendations