Skip to main content
SpringerLink
Log in

A Practical Detection and Defense Scheme Against Smart Contract Attacks Based on Transaction Features

  • Conference paper
  • First Online:
Mobile Internet Security (MobiSec 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1644))

Included in the following conference series:

Abstract

As a main component of blockchain technology, smart contracts support multiple functions and hold large amounts of assets, which makes them a target for attackers. Statistics show that attacks on smart contracts account for three-quarters of all attacks on the blockchain applications, causing huge economic losses to users of smart contracts. The existing research mainly focuses on vulnerability detection of contracts that cannot achieve real-time protection of deployed contracts. In this paper, we propose a practical detection and defense scheme against smart contract attacks. Specifically, We use an attack detection method based on transaction features to detect attacks using miner nodes and use the attack detection results as a consensus to block the executions of attacks and achieve real-time defense against attacks. Theoretical analysis and simulation results show that our scheme only requires a small increase in storage and computational overhead to achieve effective defense against smart contract attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Brent, L., et al.: Vandal: a scalable security analysis framework for smart contracts. arXiv preprint arXiv:1809.03981 (2018)

  2. Chen, W., Zheng, Z., Cui, J., Ngai, E., Zheng, P., Zhou, Y.: Detecting ponzi schemes on ethereum: towards healthier blockchain technology. In: Proceedings of the 2018 World Wide Web Conference, pp. 1409–1418 (2018)

    Google Scholar 

  3. Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269 (2016)

    Google Scholar 

  4. Nikolić, I., Kolluri, A., Sergey, I., Saxena, P., Hobor, A.: Finding the greedy, prodigal, and suicidal contracts at scale. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 653–663 (2018)

    Google Scholar 

  5. Torres, C.F., Schütte, J., State, R.: Osiris: Hunting for integer bugs in ethereum smart contracts. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 664–676 (2018)

    Google Scholar 

  6. He, J., Balunović, M., Ambroladze, N., Tsankov, P., Vechev, M.: Learning to fuzz from symbolic execution with application to smart contracts. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 531–548 (2019)

    Google Scholar 

  7. Jiang, B., Liu, Y., Chan, W.K.: Contractfuzzer: fuzzing smart contracts for vulnerability detection. In: 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 259–269. IEEE (2018)

    Google Scholar 

  8. Nguyen, T.D., Pham, L.H., Sun, J., Lin, Y., Tran Minh, Q: sfuzz: an efficient adaptive fuzzer for solidity smart contracts. In: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, pp. 778–788 (2020)

    Google Scholar 

  9. Wüstholz, V., Christakis, M.: Harvey: A greybox fuzzer for smart contracts. In: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1398–1409 (2020)

    Google Scholar 

  10. Kalra, S., Goel, S., Dhawan, M., Sharma, S.: Zeus: analyzing safety of smart contracts. In: NDSS, pp. 1–12 (2018)

    Google Scholar 

  11. Permenev, A., Dimitrov, D., Tsankov, P., Drachsler-Cohen, D., Vechev, M.: VerX: safety verification of smart contracts. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1661–1677. IEEE (2020)

    Google Scholar 

  12. So, S., Lee, M., Park, J., Lee, H., Oh, H.: Verismart: a highly precise safety verifier for ethereum smart contracts. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1678–1694. IEEE (2020)

    Google Scholar 

  13. Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., Vechev. M.: Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82 (2018)

    Google Scholar 

  14. Geth. https://geth.ethereum.org/

  15. Chen, T., et al.: Soda: a generic online detection framework for smart contracts. In: NDSS (2020)

    Google Scholar 

  16. Torres, C.F., Baden, M., Norvill, R., Pontiveros, B.B.F., Jonker, H., Mauw. S.: Ægis: shielding vulnerable smart contracts against attacks. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pp. 584–597 (2020)

    Google Scholar 

  17. Grossman, S., et al.: Online detection of effectively callback free objects with applications to smart contracts. In: Proceedings of the ACM on Programming Languages, (POPL), 21–28 (2017)

    Google Scholar 

  18. Rodler, M., Li, W., Karame, G.O., Davi, L., Sereum: Protecting existing smart contracts against re-entrancy attacks. arXiv preprint arXiv:1812.05934 (2018)

  19. Wang, X., He, J., Xie, Z., Zhao, G., Cheung, S.-C.: Contractguard: defend ethereum smart contracts with embedded intrusion detection. IEEE Trans. Serv. Comput. 13(2), 314–328 (2019)

    Google Scholar 

  20. Azzopardi, S., Ellul, J., Pace, G.J.: Monitoring smart contracts: Contractlarva and open challenges beyond. In: International Conference on Runtime Verification, pp. 113–137. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03769-7_8

  21. Li, A., Choi, J.A., Long. F.: Securing smart contract with runtime validation. In: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 438–453 (2020)

    Google Scholar 

  22. Ayoade, G., Bauman, E., Khan, L., Hamlen, K.: Smart contract defense through bytecode rewriting. In: 2019 IEEE International Conference on Blockchain (Blockchain), pp. 384–389. IEEE (2019)

    Google Scholar 

  23. Mythril. https://github.com/ConsenSys/mythril, 2018

  24. Cook, T., Latham, A., Lee, J.H.: DappGuard: active monitoring and defense for solidity smart contracts: active monitoring and defense for solidity smart contracts (2017). Accessed 18 July 2018

    Google Scholar 

  25. Zhou, S., et al.: An ever-evolving game: Evaluation of real-world attacks and defenses in ethereum ecosystem. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 2793–2810 (2020)

    Google Scholar 

  26. Wu, L., et al.: Ethscope: a transaction-centric security analytics framework to detect malicious smart contracts on ethereum. arXiv preprint arXiv:2005.08278 (2020)

Download references

Acknowledgment

This work is supported by the Key Research and Development Program of Shaanxi (No. 2020ZDLGY08-03) and the Fundamental Research Funds for the Central Universities (No. ZDRC2204), Beijing Municipal Natural Science Foundation (M22002, 4212019), National Natural Science Foundation of China (621 72005).

Author information

Authors and Affiliations

  1. State Key Laboratory of Integrated Service Networks (ISN), Xidian University, Xi’an, Shaanxi, 710071, China

    Ruichi Yan, Guohua Tian & Shichong Tan

  2. School of Computer Science and Cybersecurity, Communication University of China, Beijing, 100024, China

    Zhengtao Jiang

Authors
  1. Ruichi Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guohua Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shichong Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhengtao Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shichong Tan .

Editor information

Editors and Affiliations

  1. Kookmin University, Seoul, Korea (Republic of)

    Ilsun You

  2. Sangmyung University, Cheonan-si, Korea (Republic of)

    Hwankuk Kim

  3. Middle East Technical University, Ankara, Türkiye

    Pelin Angin

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yan, R., Tian, G., Tan, S., Jiang, Z. (2023). A Practical Detection and Defense Scheme Against Smart Contract Attacks Based on Transaction Features. In: You, I., Kim, H., Angin, P. (eds) Mobile Internet Security. MobiSec 2022. Communications in Computer and Information Science, vol 1644. Springer, Singapore. https://doi.org/10.1007/978-981-99-4430-9_21

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-4430-9_21

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-4429-3

  • Online ISBN: 978-981-99-4430-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation