research-article

TokenAware: Accurate and Efficient Bookkeeping Recognition for Token Smart Contracts

Authors:

Wensheng Zhang,

Xiaosong ZhangAuthors Info & Claims

ACM Transactions on Software Engineering and Methodology, Volume 32, Issue 1

Article No.: 26, Pages 1 - 35

https://doi.org/10.1145/3560263

Published: 13 February 2023 Publication History

Abstract

Tokens have become an essential part of blockchain ecosystem, so recognizing token transfer behaviors is crucial for applications depending on blockchain. Unfortunately, existing solutions cannot recognize token transfer behaviors accurately and efficiently because of their incomplete patterns and inefficient designs. This work proposes TokenAware, a novel online system for recognizing token transfer behaviors. To improve accuracy, TokenAware infers token transfer behaviors from modifications of internal bookkeeping of a token smart contract for recording the information of token holders (e.g., their addresses and shares). However, recognizing bookkeeping is challenging, because smart contract bytecode does not contain type information. TokenAware overcomes the challenge by first learning the instruction sequences for locating basic types and then deriving the instruction sequences for locating sophisticated types that are composed of basic types. To improve efficiency, TokenAware introduces four optimizations. We conduct extensive experiments to evaluate TokenAware with real blockchain data. Results show that TokenAware can automatically identify new types of bookkeeping and recognize 107,202 tokens with 98.7% precision. TokenAware with optimizations merely incurs 4% overhead, which is 1/345 of the overhead led by the counterpart with no optimization. Moreover, we develop an application based on TokenAware to demonstrate how it facilitates malicious behavior detection.

References

[1]

0x Protocol. 2022. 0x Documentation. Retrieved from https://docs.0x.org/introduction/welcome.

[2]

Eric Banisadr. 2018. How $800k Evaporated from the PoWH Coin Ponzi Scheme Overnight. Retrieved from https://medium.com/@ebanisadr/how-800k-evaporated-from-the-powh-coin-ponzi-scheme-overnight-1b025c33b530.

[3]

Rhonda Bush and Soohyun Choi. 2019. Forecasting Ethereum STORJ token prices: Comparative analyses of applied bitcoin models. In Proceedings of the International Conference on Data Mining Workshops (ICDMW’19). IEEE, 216–223.

[4]

Chainalysis. 2019. Why you should be watching ERC-20 Tokens. Retrieved from https://blog.chainalysis.com/reports/why-you-should-be-watching-erc-20-tokens.

[5]

Ting Chen, Xiaoqi Li, Ying Wang, Jiachi Chen, Zihao Li, Xiapu Luo, Man Ho Au, and Xiaosong Zhang. 2017. An adaptive gas cost mechanism for Ethereum to defend against under-priced dos attacks. In Proceedings of the International Conference on Information Security Practice and Experience. Springer, 3–24.

[6]

Ting Chen, Zihao Li, Xiapu Luo, Xiaofeng Wang, Ting Wang, Zheyuan He, Kezhao Fang, Yufei Zhang, Hang Zhu, Hongwei Li, et al. 2021. Sigrec: Automatic recovery of function signatures in smart contracts. IEEE Transactions on Software Engineering 48, 8 (2021), 3066–3086.

[7]

Ting Chen, Zihao Li, Yufei Zhang, Xiapu Luo, Ang Chen, Kun Yang, Bin Hu, Tong Zhu, Shifang Deng, Teng Hu, et al. 2019. Dataether: Data exploration framework for Ethereum. In Proceedings of the IEEE 39th International Conference on Distributed Computing Systems (ICDCS’19). IEEE, 1369–1380.

[8]

Ting Chen, Yufei Zhang, Zihao Li, Xiapu Luo, Ting Wang, Rong Cao, Xiuzhuo Xiao, and Xiaosong Zhang. 2019. TokenScope: Automatically detecting inconsistent behaviors of cryptocurrency tokens in Ethereum. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1503–1520.

Digital Library

[9]

Weili Chen, Tuo Zhang, Zhiguang Chen, Zibin Zheng, and Yutong Lu. 2020. Traveling the token world: A graph analysis of Ethereum ERC20 token ecosystem. In Proceedings of the Web Conference. 1411–1421.

Digital Library

[10]

Yuzhou Chen and Hon Keung Tony Ng. 2019. Deep learning Ethereum token price prediction with network motif analysis. In Proceedings of the International Conference on Data Mining Workshops (ICDMW’19). IEEE, 232–237.

[11]

Zhen Cheng, Xinrui Hou, Runhuai Li, Yajin Zhou, Xiapu Luo, Jinku Li, and Kui Ren. 2019. Towards a first step to understand the cryptocurrency stealing attack on Ethereum. In Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID’19). 47–60.

[12]

Monika Di Angelo and Gernot Salzer. 2020. Characteristics of wallet contracts on Ethereum. In Proceedings of the 2nd Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS’20). IEEE, 232–239.

[13]

Monika Di Angelo and Gernot Salzer. 2020. Characterizing types of smart contracts in the Ethereum landscape. In Proceedings of the 4th Workshop on Trusted Smart Contracts, Financial Cryptography.

Digital Library

[14]

Monika Di Angelo and Gernot Salzer. 2020. Tokens, types, and standards: Identification and utilization in Ethereum. In Proceedings of the International Conference Decentralized Applications and Infrastructures (DAPPS’20).

[15]

Monika Di Angelo and Gernot Salzer. 2020. Towards the identification of security tokens on Ethereum. In Proceedings of the 3rd International Workshop on Blockchains and Smart Contracts (BSC’20).

[16]

Simon F. Dyson, William J. Buchanan, and Liam Bell. 2020. Scenario-based creation and digital investigation of Ethereum ERC20 tokens. Forensic Sci. Int.: Dig. Invest. 32 (2020), 200894.

[17]

enkrypt. 2018. EthVM: Open Source Ethereum Blockchain Explorer. Retrieved from https://github.com/enKryptIO/ethvm.

[18]

Ethereum. 2018. ETCExplorer. Retrieved from https://github.com/ethereumclassic/explorer.

[19]

Ethereum. 2020. Solidity documentation. Retrieved from https://solidity.readthedocs.io/en/latest/.

[20]

Ethereum. 2021. Ethereum Development Documentation. Retrieved from https://ethereum.org/en/developers/docs/blocks/#block-time.

[21]

Ethereum. 2022. Ethereum Whitepaper. Retrieved from https://ethereum.org/en/whitepaper/.

[22]

Ethereum. 2022. Types—Solidity 0.8.12 documentation. Retrieved from https://docs.soliditylang.org/en/v0.8.12/types.html#.

[23]

EtherEx. 2018. EthEx: Decentralized exchange built on Ethereum. Retrieved from https://github.com/etherex/etherex.

[24]

Etherscan. 2020. Token tracker—ERC20 tokens. Retrieved from https://etherscan.io/tokens.

[25]

Etherwall. 2018. Etherwall: The first Ethereum desktop wallet. Retrieved from https://www.etherwall.com/.

[26]

Stack Exchange. 2018. Solidity: Using low level call function on an EOA. Retrieved from https://ethereum.stackexchange.com/questions/56743/solidity-using-low-level-call-function-on-an-eoa.

[27]

Python Software Foundation. 2022. Collections—Container datatypes. Retrieved from https://docs.python.org/3/library/collections.html.

[28]

Michael Fröwis, Andreas Fuchs, and Rainer Böhme. 2019. Detecting token systems on Ethereum. In Proceedings of the International Conference on Financial Cryptography and Data Security. Springer, 93–112.

Digital Library

[29]

Google. 2019. Ethereum ETL. Retrieved from https://github.com/blockchain-etl/ethereum-etl.

[30]

Neville Grech, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2019. Gigahorse: Thorough, declarative decompilation of smart contracts. In Proceedings of the IEEE/ACM 41st International Conference on Software Engineering (ICSE’19). IEEE, 1176–1186.

Digital Library

[31]

Ningyu He, Lei Wu, Haoyu Wang, Yao Guo, and Xuxian Jiang. 2020. Characterizing code clones in the Ethereum smart contract ecosystem. In Proceedings of the International Conference on Financial Cryptography and Data Security. Springer, 654–675.

Digital Library

[32]

Daniel Jennings. 2018. What Is Driving Ethereum’s Coin Price Through The Roof? Retrieved from https://seek-ingalpha.com/instablog/22912651-daniel-jennings/5097449-what-is-driving-ethereum-s-coin-price-through-roof.

[33]

Jerry. 2020. Step-by-Step Guide to Tokenizing Real-World Assets. Retrieved from https://theblockbox.io/step-by-step-guide-to-tokenizing-real-world-assets/.

[34]

Ken Kennedy. 1978. Use-definition chains with applications. Comput. Lang. 3, 3 (1978), 163–179.

Digital Library

[35]

Xiaoqi Li, Ting Chen, Xiapu Luo, Tao Zhang, Le Yu, and Zhou Xu. 2020. Stan: Towards describing bytecodes of smart contract. In Proceedings of the 20th IEEE International Conference on Software Quality, Reliability, and Security.

[36]

Zhou Liao, Shuwei Song, Hang Zhu, Xiapu Luo, Zheyuan He, Renkai Jiang, Ting Chen, Jiachi Chen, Tao Zhang, and Xiao-song Zhang. 2022. Large-scale empirical study of inline assembly on 7.6 million Ethereum smart contracts. IEEE Trans. Softw. Eng. In Press.

[37]

Han Liu, Zhiqiang Yang, Yu Jiang, Wenqi Zhao, and Jiaguang Sun. 2019. Enabling clone detection for Ethereum via smart contract birthmarks. In Proceedings of the IEEE/ACM 27th International Conference on Program Comprehension (ICPC’19). IEEE, 105–115.

Digital Library

[38]

Shaurya Malwa. 2022. DeFi Protocol Qubit Finance Exploited for $80M. Retrieved from https://finance.yahoo.com/news/defi-protocol-qubit-finance-exploited-071509620.html.

[39]

Jonathan T. Marks. 2022. Cryptocurrency and money laundering: why understanding fraud is critical. Retrieved from https://www.bakertilly.com/insights/cryptocurrency-and-money-laundering.

[40]

METAMASK. 2018. METAMASK—Brings Ethereum to your browser. Retrieved from https://metamask.io/.

[41]

MyEtherWallet. 2018. MyEtherWallet. Retrieved from https://www.myetherwallet.com/.

[42]

The C++ Resources Network. 2022. Standard Containers. Retrieved from cplusplus.com/reference/stl/.

[43]

Gustavo A. Oliva, Ahmed E. Hassan, and Zhen Ming Jack Jiang. 2020. An exploratory study of smart contracts in the Ethereum blockchain platform. Empir. Softw. Eng. 25, 3 (2020), 1864–1904.

Digital Library

[44]

openANX. 2017. openANX: Decentralised Exchange Token Sale Smart Contract. Retrieved from https://github.com/openanx/OpenANXToken.

[45]

POA. 2018. BlockScout, Blockchain Explorer for inspecting and analyzing EVM Chains. Retrieved from https://github.com/poanetwork/blockscout.

[46]

Witek Radomski, Andrew Cooke, Philippe Castonguay, James Therien, Eric Binet, and Ronan Sandford. 2018. EIP-1155: Multi Token Standard. Retrieved from https://eips.ethereum.org/EIPS/eip-1155.

[47]

Shahar Somin, Goren Gordon, Alex Pentland, Erez Shmueli, and Yaniv Altshuler. 2020. ERC20 transactions over Ethereum blockchain: Network analysis and predictions. Retrieved from https://arXiv:2004.08201.

[48]

Fabian Maximilian Johannes Teichmann and Marie-Christin Falker. 2021. Money laundering via cryptocurrencies–potential solutions from liechtenstein. J. Money Launder. Control 24, 1 (2021), 91–101.

[49]

Friedhelm Victor and Bianca Katharina Lüders. 2019. Measuring Ethereum-based erc20 token networks. In Proceedings of the International Conference on Financial Cryptography and Data Security. Springer, 113–129.

Digital Library

[50]

Fabian Vogelsteller and Vitalik Buterin. 2015. EIP-20: ERC-20 Token Standard. Retrieved from https://eips.ethereum.org/EIPS/eip-20.

[51]

Gavin Wood. 2020. Ethereum: A Secure Decentralized Generalized Transaction Ledger. Retrieved from https://ethereum.github.io/yellowpaper/paper.pdf.

[52]

ZeusTrade. 2018. Topic: there was a coin out of my wallet that I did not even get what it is. Retrieved from https://bitcointalk.org/index.php?topic=5023796.0.

[53]

Peilin Zheng, Zibin Zheng, Jiajing Wu, and Hong-Ning Dai. 2020. Xblock-ETH: Extracting and exploring blockchain data from Ethereum. IEEE Open J. Comput. Soc. 1 (2020), 95–106.

Cited By

Trozze AKleinberg BDavies T(2024)Detecting DeFi securities violations from token smart contract codeFinancial Innovation10.1186/s40854-023-00572-510:1Online publication date: 20-Feb-2024
https://doi.org/10.1186/s40854-023-00572-5
He ZLi ZQiao ALuo XZhang XChen TSong SLiu DNiu W(2024)Nurgle: Exacerbating Resource Consumption in Blockchain State Storage via MPT Manipulation2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00125(2180-2197)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00125
Su JLin XFang ZZhu ZChen JZheng ZLv WWang JBissyandé TKlein JBird CSarro F(2023)DeFiWarder: Protecting DeFi Apps from Token Leaking VulnerabilitiesProceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering10.1109/ASE56229.2023.00110(1664-1675)Online publication date: 11-Nov-2023
https://dl.acm.org/doi/10.1109/ASE56229.2023.00110

Index Terms

TokenAware: Accurate and Efficient Bookkeeping Recognition for Token Smart Contracts
1. Security and privacy
  1. Software and application security
    1. Software security engineering

Recommendations

Making Smart Contracts Smarter
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Cryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has ...
TokenScope: Automatically Detecting Inconsistent Behaviors of Cryptocurrency Tokens in Ethereum
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Motivated by the success of Bitcoin, lots of cryptocurrencies have been created, the majority of which were implemented as smart contracts running on Ethereum and called tokens. To regulate the interaction between these tokens and users as well as third-...
Blockchain and Smart Contracts
ICSIE '19: Proceedings of the 8th International Conference on Software and Information Engineering

This paper presents an introduction to the current state of art of the Blockchain and Smart Contract technologies. Blockchain is a fast-disruptive technology becoming a key instrument in share economy. The Blockchain-based Smart Contract aim to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Software Engineering and Methodology

ACM Transactions on Software Engineering and Methodology Volume 32, Issue 1

January 2023

954 pages

ISSN:1049-331X

EISSN:1557-7392

DOI:10.1145/3572890

Editor:
Mauro Pezzè
USI Università della Svizzera italiana and SIT Schaffhausen Institute of Technology, Switzerland

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 February 2023

Online AM: 29 August 2022

Accepted: 22 July 2022

Revised: 14 July 2022

Received: 15 November 2021

Published in TOSEM Volume 32, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Refereed

Funding Sources

Hong Kong ITF Project
Research and Development Program of Shenzhen
Hong Kong RGC Projects
National Natural Science Foundation of China
National Key R&D Program of China
Natural Science Foundation of Sichuan Province

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
939
Total Downloads

Downloads (Last 12 months)203
Downloads (Last 6 weeks)23

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Trozze AKleinberg BDavies T(2024)Detecting DeFi securities violations from token smart contract codeFinancial Innovation10.1186/s40854-023-00572-510:1Online publication date: 20-Feb-2024
https://doi.org/10.1186/s40854-023-00572-5
He ZLi ZQiao ALuo XZhang XChen TSong SLiu DNiu W(2024)Nurgle: Exacerbating Resource Consumption in Blockchain State Storage via MPT Manipulation2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00125(2180-2197)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00125
Su JLin XFang ZZhu ZChen JZheng ZLv WWang JBissyandé TKlein JBird CSarro F(2023)DeFiWarder: Protecting DeFi Apps from Token Leaking VulnerabilitiesProceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering10.1109/ASE56229.2023.00110(1664-1675)Online publication date: 11-Nov-2023
https://dl.acm.org/doi/10.1109/ASE56229.2023.00110

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Full Text

View this article in Full Text.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View full text|Download PDF

View Issue’s Table of Contents