Abstract
As a main component of blockchain technology, smart contracts support multiple functions and hold large amounts of assets, which makes them a target for attackers. Statistics show that attacks on smart contracts account for three-quarters of all attacks on the blockchain applications, causing huge economic losses to users of smart contracts. The existing research mainly focuses on vulnerability detection of contracts that cannot achieve real-time protection of deployed contracts. In this paper, we propose a practical detection and defense scheme against smart contract attacks. Specifically, We use an attack detection method based on transaction features to detect attacks using miner nodes and use the attack detection results as a consensus to block the executions of attacks and achieve real-time defense against attacks. Theoretical analysis and simulation results show that our scheme only requires a small increase in storage and computational overhead to achieve effective defense against smart contract attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Brent, L., et al.: Vandal: a scalable security analysis framework for smart contracts. arXiv preprint arXiv:1809.03981 (2018)
Chen, W., Zheng, Z., Cui, J., Ngai, E., Zheng, P., Zhou, Y.: Detecting ponzi schemes on ethereum: towards healthier blockchain technology. In: Proceedings of the 2018 World Wide Web Conference, pp. 1409–1418 (2018)
Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269 (2016)
Nikolić, I., Kolluri, A., Sergey, I., Saxena, P., Hobor, A.: Finding the greedy, prodigal, and suicidal contracts at scale. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 653–663 (2018)
Torres, C.F., Schütte, J., State, R.: Osiris: Hunting for integer bugs in ethereum smart contracts. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 664–676 (2018)
He, J., Balunović, M., Ambroladze, N., Tsankov, P., Vechev, M.: Learning to fuzz from symbolic execution with application to smart contracts. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 531–548 (2019)
Jiang, B., Liu, Y., Chan, W.K.: Contractfuzzer: fuzzing smart contracts for vulnerability detection. In: 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 259–269. IEEE (2018)
Nguyen, T.D., Pham, L.H., Sun, J., Lin, Y., Tran Minh, Q: sfuzz: an efficient adaptive fuzzer for solidity smart contracts. In: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, pp. 778–788 (2020)
Wüstholz, V., Christakis, M.: Harvey: A greybox fuzzer for smart contracts. In: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1398–1409 (2020)
Kalra, S., Goel, S., Dhawan, M., Sharma, S.: Zeus: analyzing safety of smart contracts. In: NDSS, pp. 1–12 (2018)
Permenev, A., Dimitrov, D., Tsankov, P., Drachsler-Cohen, D., Vechev, M.: VerX: safety verification of smart contracts. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1661–1677. IEEE (2020)
So, S., Lee, M., Park, J., Lee, H., Oh, H.: Verismart: a highly precise safety verifier for ethereum smart contracts. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1678–1694. IEEE (2020)
Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., Vechev. M.: Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82 (2018)
Chen, T., et al.: Soda: a generic online detection framework for smart contracts. In: NDSS (2020)
Torres, C.F., Baden, M., Norvill, R., Pontiveros, B.B.F., Jonker, H., Mauw. S.: Ægis: shielding vulnerable smart contracts against attacks. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pp. 584–597 (2020)
Grossman, S., et al.: Online detection of effectively callback free objects with applications to smart contracts. In: Proceedings of the ACM on Programming Languages, (POPL), 21–28 (2017)
Rodler, M., Li, W., Karame, G.O., Davi, L., Sereum: Protecting existing smart contracts against re-entrancy attacks. arXiv preprint arXiv:1812.05934 (2018)
Wang, X., He, J., Xie, Z., Zhao, G., Cheung, S.-C.: Contractguard: defend ethereum smart contracts with embedded intrusion detection. IEEE Trans. Serv. Comput. 13(2), 314–328 (2019)
Azzopardi, S., Ellul, J., Pace, G.J.: Monitoring smart contracts: Contractlarva and open challenges beyond. In: International Conference on Runtime Verification, pp. 113–137. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03769-7_8
Li, A., Choi, J.A., Long. F.: Securing smart contract with runtime validation. In: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 438–453 (2020)
Ayoade, G., Bauman, E., Khan, L., Hamlen, K.: Smart contract defense through bytecode rewriting. In: 2019 IEEE International Conference on Blockchain (Blockchain), pp. 384–389. IEEE (2019)
Mythril. https://github.com/ConsenSys/mythril, 2018
Cook, T., Latham, A., Lee, J.H.: DappGuard: active monitoring and defense for solidity smart contracts: active monitoring and defense for solidity smart contracts (2017). Accessed 18 July 2018
Zhou, S., et al.: An ever-evolving game: Evaluation of real-world attacks and defenses in ethereum ecosystem. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 2793–2810 (2020)
Wu, L., et al.: Ethscope: a transaction-centric security analytics framework to detect malicious smart contracts on ethereum. arXiv preprint arXiv:2005.08278 (2020)
Acknowledgment
This work is supported by the Key Research and Development Program of Shaanxi (No. 2020ZDLGY08-03) and the Fundamental Research Funds for the Central Universities (No. ZDRC2204), Beijing Municipal Natural Science Foundation (M22002, 4212019), National Natural Science Foundation of China (621 72005).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Yan, R., Tian, G., Tan, S., Jiang, Z. (2023). A Practical Detection and Defense Scheme Against Smart Contract Attacks Based on Transaction Features. In: You, I., Kim, H., Angin, P. (eds) Mobile Internet Security. MobiSec 2022. Communications in Computer and Information Science, vol 1644. Springer, Singapore. https://doi.org/10.1007/978-981-99-4430-9_21
Download citation
DOI: https://doi.org/10.1007/978-981-99-4430-9_21
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-4429-3
Online ISBN: 978-981-99-4430-9
eBook Packages: Computer ScienceComputer Science (R0)