ABSTRACT
Ponzi schemes, a form of scam, have been discovered in Ethereum smart contracts in recent years, causing massive financial losses. Rule-based detection approaches rely on pre-defined rules with limited capabilities and domain knowledge dependency. Additionally, using static information like opcodes and transactions for machine learning models fails to effectively characterize the Ponzi contracts, resulting in poor reliability and interpretability.
In this paper, we propose PonziGuard, an efficient Ponzi scheme detection approach based on contract runtime behavior. Inspired by the observation that a contract's runtime behavior is more effective in disguising Ponzi contracts from the innocent contracts, PonziGuard establishes a comprehensive graph representation called contract runtime behavior graph (CRBG), to accurately depict the behavior of Ponzi contracts. Furthermore, it formulates the detection process as a graph classification task, enhancing its overall effectiveness. We conducted comparative experiments on a ground-truth dataset and applied PonziGuard to Ethereum Mainnet. The results show that PonziGuard outperforms the current state-of-the-art approaches and is also effective in open environments. Using PonziGuard, we have identified 805 Ponzi contracts on Ethereum Mainnet, which have resulted in an estimated economic loss of 281,700 Ether or approximately $500 million USD.
- Alchemy. 2022. ethereum-statistics. Retrieved November 17, 2022 from https://www.alchemy.com/overviews/ethereum-statisticsGoogle Scholar
- Marc Artzrouni. 2009. The mathematics of Ponzi schemes. Mathematical Social Sciences 58 (2009).Google Scholar
- Massimo Bartoletti, Salvatore Carta, Tiziana Cimoli, and Roberto Saia. 2020. Dissecting Ponzi schemes on Ethereum: Identification, analysis, and impact. Future Generation Computer Systems 102 (2020).Google Scholar
- Giorgos Bouritsas, Fabrizio Frasca, Stefanos Zafeiriou, and Michael M Bronstein. 2022. Improving graph neural network expressivity via subgraph isomorphism counting. IEEE Transactions on Pattern Analysis and Machine Intelligence 45 (2022).Google Scholar
- Chainalysis. 2022. The Chainalysis 2022 Crypto Crime Report. Retrieved March 20, 2023 from https://go.chainalysis.com/2022-Crypto-Crime-Report.htmlGoogle Scholar
- Weimin Chen, Xinran Li, Yuting Sui, Ningyu He, Haoyu Wang, Lei Wu, and Xiapu Luo. 2021. SADPonzi: Detecting and Characterizing Ponzi Schemes in Ethereum Smart Contracts. In Proceedings of International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS).Google ScholarDigital Library
- Weili Chen, Zibin Zheng, Jiahui Cui, Edith C. H. Ngai, Peilin Zheng, and Yuren Zhou. 2018. Detecting Ponzi Schemes on Ethereum: Towards Healthier Blockchain Technology. In Proceedings of International World Wide Web Conferences (WWW).Google ScholarDigital Library
- ConsenSys. 2023. Mythril. Retrieved April 22, 2023 from https://github.com/ConsenSys/mythril/Google Scholar
- Dimitris Drakopoulos. 2021. Crypto Boom Poses New Challenges to Financial Stability. Retrieved July 3, 2023 from https://www.imf.org/en/Blogs/Articles/2021/10/01/blog-gfsr-ch2-crypto-boom-poses-new-challenges-to-financial-stabilityGoogle Scholar
- ethereum. 2023. solc-bin. Retrieved September 19, 2022 from https://github.com/ethereum/solc-binGoogle Scholar
- ethereum foundation. 2023. Official Go implementation of the Ethereum protocol. Retrieved October 20, 2022 from https://geth.ethereum.org/Google Scholar
- Etherscan. 2023. Etherscan.io. Retrieved March 20, 2023 from https://etherscan.io/Google Scholar
- Shuhui Fan, Shaojing Fu, Haoran Xu, and Xiaochun Cheng. 2021. Al-SPSD: Anti-leakage smart Ponzi schemes detection in blockchain. Information Processing and Management 58 (2021).Google Scholar
- Shuhui Fan, Shaojing Fu, Haoran Xu, and Chengzhang Zhu. 2020. Expose Your Mask: Smart Ponzi Schemes Detection on Blockchain. In Proceedings of IEEE International Joint Conference on Neural Networks (IJCNN).Google ScholarCross Ref
- Shuhui Fan, Haoran Xu, Shaojing Fu, and Ming Xu. 2020. Smart Ponzi Scheme Detection using Federated Learning. In Proceedings of IEEE International Conference on High Performance Computing and Communications (HPCC).Google ScholarCross Ref
- Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: a static analysis framework for smart contracts. In IEEE/ACM International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).Google ScholarDigital Library
- Justin E. Forrester and Barton P. Miller. 2000. An Empirical Study of the Robustness of Windows NT Applications Using Random Testing. In Proceedings of the 4th Conference on USENIX Windows Systems Symposium - Volume 4.Google ScholarDigital Library
- Jingxuan He, Mislav Balunovic, Nodar Ambroladze, Petar Tsankov, and Martin T. Vechev. 2019. Learning to Fuzz from Symbolic Execution with Application to Smart Contracts. In Proceedings of Conference on Computer and Communications Security (CCS).Google Scholar
- Sergei Ivanov and Liudmila Prokhorenkova. 2021. Boost then Convolve: Gradient Boosting Meets Graph Neural Networks. In International Conference on Learning Representations (ICLR).Google Scholar
- Bo Jiang, Ye Liu, and W. K. Chan. 2018. ContractFuzzer: fuzzing smart contracts for vulnerability detection. In Proceedings of International Conference on Automated Software Engineering (ASE).Google Scholar
- Eunjin Jung, Marion Le Tilly, Ashish Gehani, and Yunjie Ge. 2019. Data Mining-Based Ethereum Fraud Detection. In Proceedings of IEEE International Conference on Blockchain (Blockchain).Google ScholarCross Ref
- Kenun99. 2022. SadPonzi. Retrieved October 25, 2022 from https://github.com/Kenun99/SADPonziGoogle Scholar
- Quoc Le and Tomas Mikolov. 2014. Distributed representations of sentences and documents. In International conference on machine learning.Google Scholar
- Richard Lehman. 2021. Ponzi schemes dropped in 2020. Retrieved July 3, 2023 from https://www.ponzitracker.com/home/ponzi-schemes-dropped-in-2020-but-this-may-not-be-a-silver-liningGoogle Scholar
- Yincheng Lou, Yanmei Zhang, and Shiping Chen. 2020. Ponzi Contracts Detection Based on Improved Convolutional Neural Network. In Proceedings of International Conference on Services Computing (SCC).Google ScholarCross Ref
- Tai D. Nguyen, Long H. Pham, Jun Sun, Yun Lin, and Quang Tran Minh. 2020. sFuzz: an efficient adaptive fuzzer for solidity smart contracts. In Proceedings of International Conference on Software Engineering (ICSE).Google ScholarDigital Library
- polarwolf. 2021. Ponzi scheme contracts on Ethereum. Retrieved January 10, 2023 from https://www.kaggle.com/datasets/polarwolf/ponzi-scheme-contracts-on-ethereum?resource=downloadGoogle Scholar
- Remix Project. 2023. Remix. Retrieved June 12, 2023 from https://remix-project.org/Google Scholar
- pytorch. 2023. Pytorch. Retrieved June 12, 2023 from https://pytorch.org/Google Scholar
- Michael Rodler, Wenting Li, Ghassan O. Karame, and Lucas Davi. 2019. Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks. In Proceedings of Network and Distributed System Security Symposium (NDSS).Google ScholarCross Ref
- Nivesh Rustgi. 2020. Ethereum's Top Gas Guzzlers are Ponzi Schemes. Retrieved March 26, 2023 from https://cryptobriefing.com/ethereums-top-gas-guzzlers-ponzi-schemes/Google Scholar
- Clara Schneidewind, Ilya Grishchenko, Markus Scherer, and Matteo Maffei. 2020. ethor: Practical and provably sound static analysis of ethereum smart contracts. In Proceedings of ACM SIGSAC Conference on Computer and Communications Security (SIGSAC).Google ScholarDigital Library
- Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. 2010. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). In Proceedings of IEEE Symposium on Security and Privacy (S&P).Google ScholarDigital Library
- U.S. SEC. 2019. U.S. Securities and Exchange Commission (SEC) Website. Retrieved February 7, 2023 from https://www.sec.gov/spotlight/enf-actions-ponzi.shtmlGoogle Scholar
- Weisong Sun, Guangyao Xu, Zijiang Yang, and Zhenyu Chen. 2020. Early Detection of Smart Ponzi Scheme Contracts Based on Behavior Forest Similarity. In Proceedings of International Conference on Software Quality, Reliability and Security (QRS).Google ScholarCross Ref
- Nick Szabo. 1994. Smart Contracts: Building Blocks for Digital Markets.Google Scholar
- Shantanu Thakoor, Corentin Tallec, Mohammad Gheshlaghi Azar, Mehdi Azabou, Eva L. Dyer, Rémi Munos, Petar Velickovic, and Michal Valko. 2022. Large-Scale Representation Learning on Graphs via Bootstrapping. In The Tenth International Conference on Learning Representations (ICLR).Google Scholar
- Christof Ferreira Torres, Antonio Ken Iannillo, Arthur Gervais, and Radu State. 2021. ConFuzzius: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts. In Proceedings of European Symposium on Security and Privacy (EuroS&P).Google ScholarCross Ref
- Christof Ferreira Torres, Julian Schütte, and Radu State. 2018. Osiris: Hunting for Integer Bugs in Ethereum Smart Contracts. In Proceedings of Annual Computer Security Applications Conference (ACSAC).Google ScholarDigital Library
- Lanning Wei, Huan Zhao, Zhiqiang He, and Quanming Yao. 2023. Neural Architecture Search for GNN-Based Graph Classification. ACM Trans. Inf. Syst. (2023).Google Scholar
- Gavin Wood. 2022. Ethereum: A secure decentralised generalised transaction ledger Berlin version. Retrieved January 26, 2023 from https://ethereum.github.io/yellowpaper/paper.pdfGoogle Scholar
- Zonghan Wu, Shirui Pan, Fengwen Chen, Guodong Long, Chengqi Zhang, and S Yu Philip. 2020. A comprehensive survey on graph neural networks. IEEE transactions on neural networks and learning systems 32 (2020).Google ScholarCross Ref
- Valentin Wüstholz and Maria Christakis. 2020. Harvey: a greybox fuzzer for smart contracts. In Proceedings of ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE).Google ScholarDigital Library
- Jiaxuan You, Rex Ying, and Jure Leskovec. 2019. Position-aware graph neural networks. In International conference on machine learning (ICML). 7134--7143.Google Scholar
- Shanqing Yu, Jie Jin, Yunyi Xie, Jie Shen, and Qi Xuan. 2021. Ponzi Scheme Detection in Ethereum Transaction Network. In Blockchain and Trustworthy Systems (BlockSys). Google ScholarCross Ref
- Muhan Zhang, Pan Li, Yinglong Xia, Kai Wang, and Long Jin. 2021. Labeling trick: A theory of using graph neural networks for multi-node representation learning. Advances in Neural Information Processing Systems 34 (2021).Google Scholar
- Qingzhao Zhang, Yizhuo Wang, Juanru Li, and Siqi Ma. 2020. EthPloit: From Fuzzing to Efficient Exploit Generation against Smart Contracts. In Proceedings of IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER).Google ScholarCross Ref
Index Terms
- PonziGuard: Detecting Ponzi Schemes on Ethereum with Contract Runtime Behavior Graph (CRBG)
Recommendations
SADPonzi: Detecting and Characterizing Ponzi Schemes in Ethereum Smart Contracts
POMACSPonzi schemes are financial scams that lure users under the promise of high profits. With the prosperity of Bitcoin and blockchain technologies, there has been growing anecdotal evidence that this classic fraud has emerged in the blockchain ecosystem. ...
Detecting Ponzi Schemes on Ethereum: Towards Healthier Blockchain Technology
WWW '18: Proceedings of the 2018 World Wide Web ConferenceBlockchain technology becomes increasingly popular. It also attracts scams, for example, Ponzi scheme, a classic fraud, has been found making a notable amount of money on Blockchain, which has a very negative impact. To help dealing with this issue, ...
SADPonzi: Detecting and Characterizing Ponzi Schemes in Ethereum Smart Contracts
SIGMETRICS '21Ponzi schemes are financial scams that lure users under the promise of high profits. With the prosperity of Bitcoin and blockchain technologies, there has been growing anecdotal evidence that this classic fraud has emerged in the blockchain ecosystem. ...
Comments