research-article

Time-travel Investigation: Toward Building a Scalable Attack Detection Framework on Ethereum

Authors:

Kui RenAuthors Info & Claims

ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 31, Issue 3

Article No.: 54, Pages 1 - 33

https://doi.org/10.1145/3505263

Published: 09 April 2022 Publication History

Abstract

Ethereum has been attracting lots of attacks, hence there is a pressing need to perform timely investigation and detect more attack instances. However, existing systems suffer from the scalability issue due to the following reasons. First, the tight coupling between malicious contract detection and blockchain data importing makes them infeasible to repeatedly detect different attacks. Second, the coarse-grained archive data makes them inefficient to replay transactions. Third, the separation between malicious contract detection and runtime state recovery consumes lots of storage.

In this article, we propose a scalable attack detection framework named EthScope, which overcomes the scalability issue by neatly re-organizing the Ethereum state and efficiently locating suspicious transactions. It leverages the fine-grained state to support the replay of arbitrary transactions and proposes a well-designed schema to optimize the storage consumption. The performance evaluation shows that EthScope can solve the scalability issue, i.e., efficiently performing a large-scale analysis on billions of transactions, and a speedup of around \(\text{2,300}\times\) when replaying transactions. It also has lower storage consumption compared with existing systems. Further analysis shows that EthScope can help analysts understand attack behaviors and detect more attack instances.

References

[1]

2018. We Got Spanked: What We Know So Far, https://medium.com/spankchain/we-got-spanked-what-we-know-so-far-d5ed3a0f38fe.

[2]

2014. Ethereum Official Website. Retrieved from https://www.ethereum.org/.

[3]

2014. Ethereum White Paper. Retrieved from https://github.com/ethereum/wiki/wiki/White-Paper.

[4]

2014. Go Ethereum. Retrieved from https://geth.ethereum.org.

[5]

2015. Code address and self address in contract type of Go-Ethereum. Retrieved from https://github.com/ethereum/go-ethereum/blob/master/core/vm/contract.go.

[6]

2015. ERC20 Token Standard. Retrieved from https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md.

[7]

2015. Open Source Search & Analytics—ElasticSearch. Retrieved from https://www.elastic.co.

[8]

2015. Query DSL. Retrieved from https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html.

[9]

2016. eip-150. Retrieved from https://github.com/ethereum/EIPs/blob/master/EIPS/eip-150.md.

[10]

2017. Duktape JavaScript engine bindings for Go. Retrieved from https://github.com/olebedev/go-duktape. (2017).

[11]

2017. Kyber Network. Retrieved from https://blog.kyber.network/.

[12]

2017. USDC. Retrieved from https://www.circle.com/en/usdc.

[13]

2017. USDT. Retrieved from https://tether.to.

[14]

2018. 4byte tracer. Retrieved from https://github.com/ethereum/go-ethereum/blob/master/eth/tracers/internal/tracers/4byte_tracer.js.

[15]

2018. debug_traceTransaction. Retrieved from https://github.com/ethereum/go-ethereum/wiki/Management-APIs#debug_tracetransaction.

[16]

2018. eip-1014. Retrieved from https://github.com/ethereum/EIPs/blob/master/EIPS/eip-1014.md.

[17]

2018. JS tracer. Retrieved from https://github.com/ethereum/go-ethereum/wiki/Management-APIs#debug_tracetransaction.

[18]

2018. Mythril. Retrieved from https://github.com/ConsenSys/mythril.

[19]

2018. New batchOverflow Bug in Multiple ERC20 Smart Contracts (CVE-2018–10299). Retrieved from https://blog.peckshield.com/2018/04/22/batchOverflow/.

[20]

2018. New ceoAnyone Bug Identified in Multiple Crypto Game Smart Contracts (CVE-2018–11329). Retrieved from https://medium.com/@peckshield/new-ceoanyone-bug-identified-in-multiple-crypto-/game-smart-contracts-cve-2018-11329-898cdceac7e0.

[21]

2018. New proxyOverflow Bug in Multiple ERC20 Smart Contracts (CVE-2018–10376). Retrieved from https://blog.peckshield.com/2018/04/25/proxyOverflow/.

[22]

2018. Welcome to the Ethereum Function Signature Database. Retrieved from https://www.4byte.directory/.

[23]

2019. Ethereum Archive Data. Retrieved from https://infura.io/docs/ethereum/add-ons/archiveData.

[24]

2019. Ethereum Yellow Paper. Retrieved from https://ethereum.github.io/yellowpaper/paper.pdf.

[25]

2019. Geth v1.9.0 Foundation Blog. Retrieved from https://blog.ethereum.org/2019/07/10/geth-v1-9-0/.

[26]

2019. How to PWN FoMo3D, a beginners guide. Retrieved from https://www.reddit.com/r/ethereum/comments/916xni/how_to_pwn_fomo3d_a_beginners_guide/.

[27]

2020. Curve. Retrieved from https://curve.fi.

[28]

2020. Etherscan. Retrieved from https://etherscan.io.

[29]

2020. An ever-evolving game: Evaluation of real-world attacks and defenses in ethereum ecosystem. In Proceedings of the 29th USENIX Security Symposium (USENIX Security’20). USENIX Association. Retrieved from https://www.usenix.org/conference/usenixsecurity20/presentation/zhou-shunfan.

[30]

2020. Harvest. Retrieved from https://harvest.finance.

[31]

2020. Harvest hack. Retrieved from https://www.coindesk.com/harvest-finance-24m-attack-triggers-570m-bank-run-in-latest-defi-exploit.

[32]

2020. Paxos Standard. Retrieved from https://www.paxos.com/pax/.

[33]

2020. Understanding the Lend.Me Attack. Retrieved from https://hackernoon.com/how-did-lendfme-lose-dollar25-million-to-a-reentrancy-/attack-an-analysis-091iy32s7.

[34]

2020. Understanding the Uniswap Attack. Retrieved from https://blog.openzeppelin.com/exploiting-uniswap-from-reentrancy-to-actual-profit/.

[35]

2021. Merkle tree. Retrieved from https://en.wikipedia.org/wiki/Merkle_tree.

[36]

Evgeny Medvedev and Allen Day. 2018. Ethereum in BigQuery: a Public Dataset for smart contract analytics. Retrieved from https://cloud.google.com/blog/products/data-analytics/ethereum-bigquery-public-dataset-smart-contract-analytics.

[37]

Lexi Brent, Anton Jurisevic, Michael Kong, Eric Liu, François Gauthier, Vincent Gramoli, Ralph Holz, and Bernhard Scholz. 2018. Vandal: A scalable security analysis framework for smart contracts. Retrieved from http://arxiv.org/abs/1809.03981.

[38]

Ting Chen, Rong Cao, Ting Li, Xiapu Luo, Guofei Gu, Yufei Zhang, Zhou Liao, Hang Zhu, Gang Chen, Zheyuan He, Yuxing Tang, Xiaodong Lin, and Xiaosong Zhang. 2020. SODA: A generic online detection framework for smart contracts. In Proceedings of the 27th Network and Distributed System Security Symposium.

[39]

Ting Chen, Xiaoqi Li, Ying Wang, Jiachi Chen, Zihao Li, Xiapu Luo, Man Ho Au, and Xiaosong Zhang. 2017. An adaptive gas cost mechanism for ethereum to defend against under-priced dos attacks. In Proceedings of the International Conference on Information Security Practice and Experience. Springer, 3–24.

[40]

Ting Chen, Zihao Li, Yufei Zhang, Xiapu Luo, Ang Chen, Kun Yang, Bin Hu, Tong Zhu, Shifang Deng, Teng Hu, Jiachi Chen, and Xiaosong Zhang. 2019. DataEther: Data exploration framework for ethereum. In Proceedings of the IEEE International Conference on Distributed Computing Systems.

[41]

Ting Chen, Yuxiao Zhu, Zihao Li, Jiachi Chen, Xiaoqi Li, Xiapu Luo, Xiaodong Lin, and Xiaosong Zhang. 2018. Understanding ethereum via graph analysis. In Proceedings of the IEEE International Conference on Computer Communications.

Digital Library

[42]

Weili Chen, Zibin Zheng, Jiahui Cui, Edith Ngai, Peilin Zheng, and Yuren Zhou. 2018. Detecting Ponzi schemes on ethereum: Towards healthier blockchain technology. In Proceedings of the World Wide Web Conference.

Digital Library

[43]

Christof Ferreira Torres, Mathis Baden, Robert Norvill, and Hugo Jonker. 2019. ÆGIS: Smart shielding of smart contracts. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 2589–2591.

[44]

Shelly Grossman, Ittai Abraham, Guy Golan-Gueta, Yan Michalevsky, Noam Rinetzky, Mooly Sagiv, and Yoni Zohar. 2017. Online detection of effectively callback free objects with applications to smart contracts. Proc. ACM Program. Lang. 2 (2017), 1–28.

Digital Library

[45]

Jingxuan He, Mislav Balunović, Nodar Ambroladze, Petar Tsankov, and Martin Vechev. 2019. Learning to fuzz from symbolic execution with application to smart contracts. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 531–548.

Digital Library

[46]

Bo Jiang, Ye Liu, and W. K. Chan. 2018. ContractFuzzer: Fuzzing smart contracts for vulnerability detection. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering.

Digital Library

[47]

Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. 2018. Zeus: Analyzing safety of smart contracts. In Proceedings of the 25th Annual Network and Distributed System Security Symposium.

[48]

Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making smart contracts smarter. In Proceedings of the 23rd ACM Conference on Computer and Communications Security.

Digital Library

[49]

Nvica Nikolic, Aashish Kolluri, Ilya Sergey, Prateek Saxena, and Aquinas Hobor. 2018. Finding the greedy, prodigal, and suicidal contracts at scale. In Proceedings of the 34th Annual Computer Security Applications Conference.

Digital Library

[50]

Daniel Pérez and Benjamin Livshits. 2019. Smart contract vulnerabilities: Does anyone care? Retrieved from http://arxiv.org/abs/1902.06710.

[51]

Anton Permenev, Dimitar Dimitrov, Petar Tsankov, Dana Drachsler-Cohen, and Martin Vechev. 2020. VerX: Safety verification of smart contracts. In Proceedings of the 41st IEEE Symposium on Security and Privacy.

[52]

Michael Rodler, Wenting Li, Ghassan O. Karame, and Lucas Davi. 2019. Sereum: Protecting existing smart contracts against re-entrancy attacks. In Proceedings of the Network and Distributed Systems Security Symposium.

[53]

David Siegel. 2016. Understanding The DAO Attack. Retrieved from https://www.coindesk.com/understanding-dao-hack-journalists.

[54]

Sunbeom So, Myungho Lee, Jisu Park, Heejo Lee, and Hakjoo Oh. 2020. VeriSmart: A highly precise safety verifier for ethereum smart contracts. In Proceedings of the 41st IEEE Symposium on Security and Privacy.

[55]

Christof Ferreira Torres, Julian Schutte, and Radu State. 2018. Osiris: Hunting for integer bugs in ethereum smart contracts. In Proceedings of the 34th Annual Computer Security Applications Conference.

Digital Library

[56]

Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Bunzli, and Martin Vechev. 2018. Securify: Practical security analysis of smart contracts. In Proceedings of the 25th ACM Conference on Computer and Communications Security.

Digital Library

[57]

Siwei Wu, Dabao Wang, Jianting He, Yajin Zhou, Lei Wu, Xingliang Yuan, Qinming He, and Kui Ren. 2021. DeFiRanger: Detecting price manipulation attacks on DeFi applications. Retrieved from https://arXiv:2104.15068.

[58]

Mengya Zhang, Xiaokuan Zhang Zhang, Yinqian Zhang, and Zhiqiang Lin. 2020. TXSPECTOR: Uncovering attacks in ethereum from transactions. In Proceedings of the 29th USENIX Security Symposium (USENIX Security’20). USENIX Association. Retrieved from https://www.usenix.org/conference/usenixsecurity20/presentation/zhang-mengya.

Cited By

Mao HZhao WGuo M(2024)Advanced detection of malicious transactions in ethereum unraveling complex asset transfer patternsThird International Conference on Electronic Information Engineering and Data Processing (EIEDP 2024)10.1117/12.3033033(182)Online publication date: 5-Jul-2024
https://doi.org/10.1117/12.3033033
Fang KWang TTong LFang XPan YWang WLi J(2024)Non-Intrusive Security Assessment Methods for Future Autonomous Transportation IoVIEEE Transactions on Automation Science and Engineering10.1109/TASE.2023.331622421:3(2387-2399)Online publication date: Jul-2024
https://doi.org/10.1109/TASE.2023.3316224
Zhao WMi WZhang X(2024)The Security Paradox of Smart Contracts: Blind Spots and Prospects of Current Detection Strategies2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD)10.1109/CSCWD61410.2024.10580546(1546-1551)Online publication date: 8-May-2024
https://doi.org/10.1109/CSCWD61410.2024.10580546
Show More Cited By

Index Terms

Time-travel Investigation: Toward Building a Scalable Attack Detection Framework on Ethereum
1. Security and privacy
  1. Systems security
    1. Distributed systems security

Recommendations

The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts
Financial Cryptography and Data Security
Abstract
In recent years, Ethereum gained tremendously in popularity, growing from a daily transaction average of 10K in January 2016 to an average of 500K in January 2020. Similarly, smart contracts began to carry more value, making them appealing targets ...
Generative Adversarial Networks for Cyber Threat Hunting in Ethereum Blockchain
Ethereum blockchain has shown great potential in providing the next generation of the decentralized platform beyond crypto payments. Recently, it has attracted researchers and industry players to experiment with developing various Web3 applications for ...
Game Theoretic Modelling of a Ransom and Extortion Attack on Ethereum Validators
ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security

Consensus algorithms facilitate agreement on and resolution of blockchain functions, such as smart contracts and transactions. Ethereum uses a Proof-of-Stake (PoS) consensus mechanism, which depends on financial incentives to ensure that validators ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Software Engineering and Methodology

ACM Transactions on Software Engineering and Methodology Volume 31, Issue 3

July 2022

912 pages

ISSN:1049-331X

EISSN:1557-7392

DOI:10.1145/3514181

Editor:
Mauro Pezzè
USI Università della Svizzera italiana and SIT Schaffhausen Institute of Technology, Switzerland

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 April 2022

Accepted: 01 December 2021

Revised: 01 September 2021

Received: 01 May 2021

Published in TOSEM Volume 31, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Refereed

Funding Sources

National Natural Science Foundation of China
Leading Innovative and Entrepreneur Team Introduction Program of Zhejiang
Fundamental Research Funds for the Central Universities
Research Grants Council of Hong Kong
Research Grants Council of the Hong Kong Special Administrative Region

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
767
Total Downloads

Downloads (Last 12 months)189
Downloads (Last 6 weeks)4

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Mao HZhao WGuo M(2024)Advanced detection of malicious transactions in ethereum unraveling complex asset transfer patternsThird International Conference on Electronic Information Engineering and Data Processing (EIEDP 2024)10.1117/12.3033033(182)Online publication date: 5-Jul-2024
https://doi.org/10.1117/12.3033033
Fang KWang TTong LFang XPan YWang WLi J(2024)Non-Intrusive Security Assessment Methods for Future Autonomous Transportation IoVIEEE Transactions on Automation Science and Engineering10.1109/TASE.2023.331622421:3(2387-2399)Online publication date: Jul-2024
https://doi.org/10.1109/TASE.2023.3316224
Zhao WMi WZhang X(2024)The Security Paradox of Smart Contracts: Blind Spots and Prospects of Current Detection Strategies2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD)10.1109/CSCWD61410.2024.10580546(1546-1551)Online publication date: 8-May-2024
https://doi.org/10.1109/CSCWD61410.2024.10580546
Lu LWen ZYuan YHe QChen JLiu Z(2024)ANNProof: Building a verifiable and efficient outsourced approximate nearest neighbor search system on blockchainFuture Generation Computer Systems10.1016/j.future.2024.03.002156(206-220)Online publication date: Jul-2024
https://doi.org/10.1016/j.future.2024.03.002
Li PWang GXing XZhu JGu WZhai G(2024)Detecting abnormal behaviors in smart contracts using opcode sequencesComputer Communications10.1016/j.comcom.2024.03.016220(12-22)Online publication date: Apr-2024
https://doi.org/10.1016/j.comcom.2024.03.016
Qian PHe JLu LWu SLu ZWu LZhou YHe Q(2023)Demystifying Random Number in Ethereum Smart Contract: Taxonomy, Vulnerability Identification, and Attack DetectionIEEE Transactions on Software Engineering10.1109/TSE.2023.327141749:7(3793-3810)Online publication date: 1-Jul-2023
https://dl.acm.org/doi/10.1109/TSE.2023.3271417
Duan LSun YNi WDing WLiu JWang W(2023)Attacks Against Cross-Chain Systems and Defense Approaches: A Contemporary SurveyIEEE/CAA Journal of Automatica Sinica10.1109/JAS.2023.12364210:8(1647-1667)Online publication date: Aug-2023
https://doi.org/10.1109/JAS.2023.123642
Tan CYu RXiong SZhou ZLiu SWu S(2023)Making contract users safer: Towards building a Safe Browsing platform on EthereumISA Transactions10.1016/j.isatra.2023.04.021141(121-131)Online publication date: Oct-2023
https://doi.org/10.1016/j.isatra.2023.04.021
Gu WWang GLi PLi XZhai GLi XChen M(2023)Detecting Unknown Vulnerabilities in Smart Contracts with Multi-Label Classification Model Using CNN-BiLSTMUbiquitous Security10.1007/978-981-99-0272-9_4(52-63)Online publication date: 16-Feb-2023
https://doi.org/10.1007/978-981-99-0272-9_4
Lu LWen ZYuan YDai BQian PLin CHe QLiu ZChen JRanjan R(2022)iQuery: A Trustworthy and Scalable Blockchain Analytics PlatformIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.322890820:6(4578-4592)Online publication date: 13-Dec-2022
https://dl.acm.org/doi/10.1109/TDSC.2022.3228908

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Full Text

View this article in Full Text.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View full text|Download PDF

View Issue’s Table of Contents