Abstract
The promise of smart contracts (computer programs running on a decentralized virtual computer) lies in the ability to execute agreements without the risk of interference by powerful intermediaries. However, in practice, many smart contracts reintroduce privileged parties on the application layer. They are programmed to enforce that certain functions can only be executed by the owners of defined accounts. We propose and validate a method to detect such privileged parties from binary smart contract code on the Ethereum platform. Our open-source implementation, Ethpector, can be used to verify claims about “zero-trust,” reveal ownership structures, forensically analyze networks of virtual shell organizations, and may support auditors when testifying ownership of intangible assets on Ethereum held by conventional legal entities.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The UNESCO defines governance as: “...structures and processes that are designed to ensure accountability, transparency, responsiveness, rule of law, stability, equity and inclusiveness, empowerment, and broad-based participation.”; See http://www.ibe.unesco.org/en/geqaf/technical-notes/concept-governance, Accessed: 14 June 2022.
- 2.
https://www.cryptokitties.co/about, Accessed 18 Jan 2022.
- 3.
For 36% of the deployed contracts we cannot infer a contract type. They neither export functions nor belong to the our set of known bytecodes. The database of known interfaces and bytecodes is curated from public sources, e. g., https://eips.ethereum.org/, GitHub etc. A complete list of items can be found at https://github.com/uibk-ethpector/ethpector/blob/main/src/ethpector/classify/classification.py; function and event signatures are obtained from the 4-bytes directory and etherface.io.
- 4.
In principle, one could also look for the origin, i. e., the party who signed the transaction. To the best of our knowledge, almost all authorization decisions on Ethereum are based on the message sender.
- 5.
https://github.com/ConsenSys/mythril, Accessed: 07 June 2022.
- 6.
https://ethgasstation.info/json/gasguzz.json, Accessed: 13 May 2022. The ranking aggregates gas use over 1500 blocks (roughly six hours).
- 7.
5850U at 1.90–4.40 GHz, 8 cores, 16 threads, and 16 MB cache.
- 8.
https://github.com/EthereumContractBackdoor/PiedPiperBackdoor/blob/main/Backdoor_List.md, Accessed 18 Oct 2022.
- 9.
Ethereum address 0xa821f14fb6394e82839f5161f214cacc90372453.
- 10.
The code for generating the figure can be found at https://github.com/uibk-ethpector/ethpector/blob/main/experiments/privileged-parties/paper/storage_evolution.py.
- 11.
References
Azouvi, S., Maller, M., Meiklejohn, S.: Egalitarian society or benevolent dictatorship: the state of cryptocurrency governance. In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 127–143. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-662-58820-8_10
Baldoni, R., Coppa, E., D’elia, D.C., Demetrescu, C., Finocchi, I.: A survey of symbolic execution techniques. ACM Comput. Surv. 51(3), 1–39 (2018)
Bratspies, R.M.: Cryptocurrency and the myth of the trustless transaction. Mich. Telecommun. Technol. Law Rev. 25, 1 (2018)
Chen, T., et al.: Tokenscope: automatically detecting inconsistent behaviors of cryptocurrency tokens in Ethereum. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1503–1520 (2019)
Chen, W., Zhang, T., Chen, Z., Zheng, Z., Lu, Y.: Traveling the token world: a graph analysis of ethereum ERC20 token ecosystem, pp. 1411–1421. Association for Computing Machinery, New York, NY, USA (2020)
Di Angelo, M., Salzer, G.: Tokens, types, and standards: identification and utilization in ethereum. In: 2020 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS), pp. 1–10. IEEE (2020)
Di Angelo, M., Salzer, G.: Identification of token contracts on ethereum: standard compliance and beyond. Int. J. Data Sci. Anal. 16, 333–352 (2021)
Di Angelo, M., Salzer, G.: Towards the identification of security tokens on ethereum. In: 2021 11th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5. IEEE (2021)
Fröwis, M., Böhme, R.: In code we trust? measuring the control flow immutability of all smart contracts deployed on ethereum. In: Garcia-Alfaro, J., Navarro-Arribas, G., Hartenstein, H., Herrera-Joancomartí, J. (eds.) Data Privacy Management, Cryptocurrencies and Blockchain Technology, ESORICS 2017 International Workshops. Lecture Notes in Computer Science, vol. 10436, pp. 357–372. Springer, Cham (2017). https://doi.org/10.1007/s41060-021-00281-1
Fröwis, M., Böhme, R.: Not all code are create2 equal. In: Matsuo, S., et al. (eds.) FC 2022. LNCS, vol. 13412, pp. 516–538. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-32415-4_3
Gorgoris, P.: Identifying administrators of smart contracts from transaction data. Master’s Thesis, TU Wien (2021)
King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)
Ma, F., et al.: Pied-piper: revealing the backdoor threats in ethereum ERC token contracts. Trans. Softw. Eng. Methodol. 32(3), 1–24 (2022)
Mehdi Salehi, J.C., Mannan, M.: Not so immutable: upgradeability of smart contracts on ethereum. In: Matsuo, S., et al. (eds.) FC 2022. LNCS, vol. 13412, pp. 539–554. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-32415-4_33
Somin, S., Gordon, G., Altshuler, Y.: Network analysis of ERC20 tokens trading on ethereum blockchain. In: Morales, A.J., Gershenson, C., Braha, D., Minai, A.A., Bar-Yam, Y. (eds.) ICCS 2018. SPC, pp. 439–450. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96661-8_45
Victor, F., Lüders, B.K.: Measuring ethereum-based ERC20 token networks. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 113–129. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32101-7_8
Vidan, G., Lehdonvirta, V.: Mine the gap: bitcoin and the maintenance of trustlessness. New Media Soc. 21(1), 42–59 (2019)
Zhang, L.: Your CryptoKitty isn’t forever - why DApps aren’t as decentralized as you think (2017). https://medium.com/loom-network/your-crypto-kitty-isnt-forever-why-dapps-aren-t-as-decentralized-as-you-think-871d6acfea. Accessed 31 Dec 2021
Acknowledgements
This work has received funding from the Austrian Research Promotion Agency (FFG), the Austrian Security Research Programme (KIRAS), and the Austrian Blockchain Center (ABC).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Validation Data
Validation Data
Example output of the Ethpector console UI. The address under analysis is the SoarCoin smart contract. Its privileged function zero_fee_transaction is a backdoor that caused a loss of $6.6 million to an Australian firm [13].
Rights and permissions
Copyright information
© 2024 International Financial Cryptography Association
About this paper
Cite this paper
Fröwis, M., Böhme, R. (2024). Detecting Privileged Parties on Ethereum. In: Essex, A., et al. Financial Cryptography and Data Security. FC 2023 International Workshops. FC 2023. Lecture Notes in Computer Science, vol 13953. Springer, Cham. https://doi.org/10.1007/978-3-031-48806-1_30
Download citation
DOI: https://doi.org/10.1007/978-3-031-48806-1_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-48805-4
Online ISBN: 978-3-031-48806-1
eBook Packages: Computer ScienceComputer Science (R0)