skip to main content
10.1145/3395363.3404365acmconferencesArticle/Chapter ViewAbstractPublication PagesisstaConference Proceedingsconference-collections
short-paper

EShield: protect smart contracts against reverse engineering

Published: 18 July 2020 Publication History

Abstract

Smart contracts are the back-end programs of blockchain-based applications and the execution results are deterministic and publicly visible. Developers are unwilling to release source code of some smart contracts to generate randomness or for security reasons, however, attackers still can use reverse engineering tools to decompile and analyze the code. In this paper, we propose EShield, an automated security enhancement tool for protecting smart contracts against reverse engineering. EShield replaces original instructions of operating jump addresses with anti-patterns to interfere with control flow recovery from bytecode. We have implemented four methods in EShield and conducted an experiment on over 20k smart contracts. The evaluation results show that all the protected smart contracts are resistant to three different reverse engineering tools with little extra gas cost.

References

[1]
Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli. 2017. A survey of attacks on ethereum smart contracts (sok). In International Conference on Principles of Security and Trust. Springer, 164-186.
[2]
Lexi Brent, Anton Jurisevic, Michael Kong, Eric Liu, Francois Gauthier, Vincent Gramoli, Ralph Holz, and Bernhard Scholz. 2018. Vandal: A scalable security analysis framework for smart contracts. arXiv preprint arXiv: 1809. 03981 ( 2018 ).
[3]
Xu Chen, Jon Andersen, Z Morley Mao, Michael Bailey, and Jose Nazario. 2008. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN). IEEE, 177-186.
[4]
Michael N Gagnon, Stephen Taylor, and Anup K Ghosh. 2007. Software protection through anti-debugging. IEEE Security & Privacy 5, 3 ( 2007 ), 82-84.
[5]
Jianbo Gao, Han Liu, Yue Li, Chao Liu, Zhiqiang Yang, Qingshan Li, Zhi Guan, and Zhong Chen. 2019. Towards automated testing of blockchain-based decentralized applications. In Proceedings of the 27th International Conference on Program Comprehension. IEEE Press, 294-299.
[6]
Neville Grech, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2019. Gigahorse: thorough, declarative decompilation of smart contracts. In Proceedings of the 41st International Conference on Software Engineering. IEEE Press, 1176-1186.
[7]
Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2018. Madmax: Surviving out-of-gas conditions in ethereum smart contracts. Proceedings of the ACM on Programming Languages 2, OOPSLA ( 2018 ), 116.
[8]
Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, and Eric Bodden. 2016. Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques. In NDSS.
[9]
Matt Suiche. 2017. Porosity: A decompiler for blockchain-based smart contracts bytecode. DEF con 25 ( 2017 ), 11.
[10]
Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Buenzli, and Martin Vechev. 2018. Securify: Practical security analysis of smart contracts. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 67-82.
[11]
Gavin Wood et al. 2014. Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper 151, 2014 ( 2014 ), 1-32.
[12]
Lei Xue, Xiapu Luo, Le Yu, Shuai Wang, and Dinghao Wu. 2017. Adaptive unpacking of Android apps. In 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE). IEEE, 358-369.
[13]
Yi Zhou, Deepak Kumar, Surya Bakshi, Joshua Mason, Andrew Miller, and Michael Bailey. 2018. Erays: reverse engineering ethereum's opaque smart contracts. In 27th {USENIX} Security Symposium ({USENIX} Security 18). 1371-1385.

Cited By

View all
  • (2023) BiAn: Smart Contract Source Code Obfuscation IEEE Transactions on Software Engineering10.1109/TSE.2023.329860949:9(4456-4476)Online publication date: 1-Sep-2023
  • (2023)Smartmark: Software Watermarking Scheme for Smart Contracts2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00035(283-294)Online publication date: May-2023
  • (2022)Blockchain verification and validation: Techniques, challenges, and research directionsComputer Science Review10.1016/j.cosrev.2022.10049245(100492)Online publication date: Aug-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ISSTA 2020: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis
July 2020
591 pages
ISBN:9781450380089
DOI:10.1145/3395363
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 July 2020

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Blockchain
  2. Ethereum
  3. Program Analysis
  4. Reverse Engineering
  5. Smart Contract

Qualifiers

  • Short-paper

Funding Sources

  • National Natural Science Foundation of China

Conference

ISSTA '20
Sponsor:

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)45
  • Downloads (Last 6 weeks)3
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023) BiAn: Smart Contract Source Code Obfuscation IEEE Transactions on Software Engineering10.1109/TSE.2023.329860949:9(4456-4476)Online publication date: 1-Sep-2023
  • (2023)Smartmark: Software Watermarking Scheme for Smart Contracts2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00035(283-294)Online publication date: May-2023
  • (2022)Blockchain verification and validation: Techniques, challenges, and research directionsComputer Science Review10.1016/j.cosrev.2022.10049245(100492)Online publication date: Aug-2022
  • (2020)Source Code Obfuscation for Smart Contracts2020 27th Asia-Pacific Software Engineering Conference (APSEC)10.1109/APSEC51365.2020.00069(513-514)Online publication date: Dec-2020

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media