Post on 20-Aug-2021
Computer Security Laboratory
THE OHIO STATE UNIVERSITY
TxSpector: Uncovering Attacks inEthereum from Transactions
Mengya Zhang, Xiaokuan Zhang, Yinqian Zhang, Zhiqiang Lin
USENIX Security 2020
Introduction TxSpector Evaluation Related Work Summary References
Motivations (1/3) - Deployed Smart Contracts are Immutable
deploy
Smart ContractSmart Contract
Ethereum
Immutable
1 / 20
Introduction TxSpector Evaluation Related Work Summary References
Motivations (2/3) - Attacks can Cause Huge Financial Losses
deploy call
Transaction
AttackerSmart ContractSmart Contract
Ethereum● sender
● receiver
● value
● …
2 / 20
Introduction TxSpector Evaluation Related Work Summary References
Motivations (3/3) - Few Works focus on Transactions
Smart Contracts1 Oyente [LCO+16]
2 Zeus [KGDS18]
3 Securify [TDDC+18]
4 Vandal [BJK+18]
5 Gigahorse [GBSS19]
6 Maian [NKS+18]
7 Slither [FGG19]
8 Mythril [Con]
9 EthBMC [FAH20]
Transactions1 Sereum [RLKD19]
2 ECFChecker [GAGG+17]
3 / 20
Introduction TxSpector Evaluation Related Work Summary References
Goals (1/3) - Identify Real World Attacks
Transaction Our Tool
input
4 / 20
Introduction TxSpector Evaluation Related Work Summary References
Goals (2/3) - Generic and Logic-driven Framework
Transaction Our Tool
input
Transaction
Transaction
5 / 20
Introduction TxSpector Evaluation Related Work Summary References
Goals (3/3) - Forensic Analysis of the Attacks
Transaction Our Tool Report
input output
Transaction
Transaction
6 / 20
Introduction TxSpector Evaluation Related Work Summary References
Overview of TxSpector
TraceDatabase
Execution Flow Graph Generator
Execution Flow Graphs
Logic RelationBuilder
Logic Relation
Database
Attack Detector
AttackReport
Detection Rules(Re-entrancy, Suicidal, ……)
Trace Extractor
7 / 20
Introduction TxSpector Evaluation Related Work Summary References
Detailed Design -Trace Extractor
Trace Extractor
TraceDatabase
Execution Flow Graph Generator
Execution Flow Graphs
Logic RelationBuilder
Logic Relation
Database
Attack Detector
AttackReport
Detection Rules(Re-entrancy, Suicidal, ……)
Challenges
I Extract dependencies.
Solutions
I Record bytecode-level traces.
8 / 20
Introduction TxSpector Evaluation Related Work Summary References
Detailed Design -Trace Extractor
Trace Extractor
TraceDatabase
Execution Flow Graph Generator
Execution Flow Graphs
Logic RelationBuilder
Logic Relation
Database
Attack Detector
AttackReport
Detection Rules(Re-entrancy, Suicidal, ……)
Challenges
I Extract dependencies.
Solutions
I Record bytecode-level traces.
8 / 20
Introduction TxSpector Evaluation Related Work Summary References
Detailed Design - Execution Flow Graph Generator
Trace Extractor
TraceDatabase
Execution Flow Graph Generator
Execution Flow Graphs
Logic RelationBuilder
Logic Relation
Database
Attack Detector
AttackReport
Detection Rules(Re-entrancy, Suicidal, ……)
Challenges
I Extract dependencies.
Solutions
I Construct the Execution Flow Graph.
9 / 20
Introduction TxSpector Evaluation Related Work Summary References
Detailed Design - Logic Relation Builder
Trace Extractor
TraceDatabase
Execution Flow Graph Generator
Execution Flow Graphs
Logic RelationBuilder
Logic Relation
Database
Attack Detector
AttackReport
Detection Rules(Re-entrancy, Suicidal, ……)
Challenges
I Encode dependencies.
Solutions
I Extract logic relations.
10 / 20
Introduction TxSpector Evaluation Related Work Summary References
Detailed Design - Attack Detector
Trace Extractor
TraceDatabase
Execution Flow Graph Generator
Execution Flow Graphs
Logic RelationBuilder
Logic Relation
Database
Attack Detector
AttackReport
Detection Rules(Re-entrancy, Suicidal, ……)
Challenges
I Huge transaction volumes.
Solutions
I Construct once, detect multiple times.
11 / 20
Introduction TxSpector Evaluation Related Work Summary References
Experiment Setup
Dataset
January 2019 – February 2019
9,661,593 transactions
Reentrancy; Unchecked Call; Suicidal
12 / 20
Introduction TxSpector Evaluation Related Work Summary References
Reentrancy Attacks - An Example
1 function withdrawBalance(uint amount) public {
2 if (user[msg.sender] >= amount) {
3 msg.sender.call.value(amount)();
4 user[msg.sender] -= amount;
5 }
6 }
Victim A
Call B
Attacker B Victim A
Call A
Return
…
Return
…
…
…
transfer
transfer
13 / 20
Introduction TxSpector Evaluation Related Work Summary References
Reentrancy Attacks - An Example
inconsistent state1 read-if dependency.
2 read-write dependency.
Victim A
Call B
Attacker B Victim A
Call A
Return Return
…
if(user[msg.sender] >= amount)
read v; if(v)
transfer
transfer
…
13 / 20
Introduction TxSpector Evaluation Related Work Summary References
Reentrancy Attacks - An Example
inconsistent state1 read-if dependency.
2 read-write dependency.
Victim A
Call B
Attacker B Victim A
Call A
Return Return
…
if(user[msg.sender] >= amount)
read v; if(v)
transfer
transfer
user[msg.sender] -= amount;
…
13 / 20
Introduction TxSpector Evaluation Related Work Summary References
Experiment Results - Reentrancy Attacks
Vulnerability System # Total# Timeout
or Error# Remaining # Flagged
Reentrancy
TxSpector 9,661,593 336,909 (3.5%) 9,321,684 3,357Sereum 9,661,593 N/A N/A 10,278Securify 105,535 7,541 97,994 1196Vandal 105,535 1,431 104,104 85,721Gigahorse 105,535 N/A N/A 3,310
14 / 20
Introduction TxSpector Evaluation Related Work Summary References
Experiment Results - Compare with Other Tools
Vulnerability System # Total# Timeout
or Error# Remaining # Flagged
Reentrancy
TxSpector 9,661,593 336,909 (3.5%) 9,321,684 3,357Sereum 9,661,593 N/A N/A 10,278Securify 105,535 7,541 97,994 1196Vandal 105,535 1,431 104,104 85,721Gigahorse 105,535 N/A N/A 3,310
15 / 20
Introduction TxSpector Evaluation Related Work Summary References
Forensic Analysis - NIS
0 15 30 45 60 75 90105
120135
150165
180195
210225
240255
270285
300
0
5
10
15
3,245
82
5
02
7
01
0 0 0 01
0 0 0 0
13
0 0
The number of inconsistent state (NIS)
16 / 20
Introduction TxSpector Evaluation Related Work Summary References
Forensic Analysis - Top 5 Victim Smart Contracts
Address NIS Count0xdf18880a02c7f3eb4f40fdf515fce31c1cb7ef66 4,8030x1806b3527c18fb532c46405f6f014c1f381b499a 3,8150xd7a14019aeeba25e676a1b596bb19b6f37db74d2 2,8390x533bafa16aa76218ec4a365ad71bf8816cf21bbb 6750x431d77f50803d31b090e86740b1d5848af54fad0 582
17 / 20
Introduction TxSpector Evaluation Related Work Summary References
Forensic Analysis - Case Study: The DAO Smart Contract
0100
200300
400500
600700
800900
10001100
12001300
14001500
16001700
18001900
2000
0
20
40
60
80
678
6
23
93 2 5
76
3
788
1 1 0 0 0 0 1
474
1
37
NIS in reentrancy transactions on DAO
2016.04 2017.01 2018.01 2019.02Date
1
2
3
log
10(T
xC
ou
nt)
2016.06 2016.08Date
1
2
3
log
10(T
xC
ou
nt)
Distribution of reentrancy attacks on DAO.
18 / 20
Introduction TxSpector Evaluation Related Work Summary References
Related Work
Systems Tx Order Dependence
StateDependence
Mishandled Exception
Re-entrancy
Restricted Transfe
r
Failed Send
Unsecured Balance
Misuse-of-o
rigin
Integer Overflow
Suicidal
Denial-of-Service
Oyente [LCO+16] N N N N
Zeus [KGDS18] N N N N N N N
Securify [TDDC+18] N N N N
Vandal [BJK+18] N N N N N
Gigahorse [GBSS19] N N N
Maian [NKS+18] N N
Slither [FGG19] N N N N N N N
Mythril [Con] N N N N N N N N
EthBMC [FAH20] N N
Sereum [RLKD19] F
ECFChecker [GAGG+17] F
TxSpector F F F F F F F F
Table: N: vulnerabilities in smart contracts; F: attacks in transactions.19 / 20
Introduction TxSpector Evaluation Related Work Summary References
Summary
TraceDatabase
Execution Flow Graph Generator
Execution Flow Graphs
Logic RelationBuilder
Logic Relation
Database
Attack Detector
AttackReport
Detection Rules(Re-entrancy, Suicidal, ……)
Trace Extractor
TxSpectorI Generic, logic-driven, transactions
Applications
I Forensic analysis
Source code is available at: https://github.com/OSUSecLab/TxSpector Email: (zhang.9407, zhang.5840, zhang.834, lin.3021)@osu.edu
20 / 20
Introduction TxSpector Evaluation Related Work Summary References
References I
Lexi Brent, Anton Jurisevic, Michael Kong, Eric Liu, Francois Gauthier, Vincent Gramoli, Ralph Holz, and Bernhard Scholz, Vandal: A
scalable security analysis framework for smart contracts, arXiv preprint arXiv:1809.03981 (2018).
ConsenSys, Mythril classic, https://github.com/ConsenSys/mythril-classic.
Joel Frank, Cornelius Aschermann, and Thorsten Holz, ETHBMC: A bounded model checker for smart contracts, 29th USENIX Security
Symposium (USENIX Security 20), USENIX Association, 2020.
Josselin Feist, Gustavo Grieco, and Alex Groce, Slither: a static analysis framework for smart contracts, 2019 IEEE/ACM 2nd International
Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), IEEE, 2019.
Shelly Grossman, Ittai Abraham, Guy Golan-Gueta, Yan Michalevsky, Noam Rinetzky, Mooly Sagiv, and Yoni Zohar, Online detection of
effectively callback free objects with applications to smart contracts, Proceedings of the ACM on Programming Languages (2017).
Neville Grech, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis, Gigahorse: Thorough, declarative decompilation of smart contracts,
International Conference on Software Engineering (ICSE), 2019.
Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma, Zeus: Analyzing safety of smart contracts, Proceedings of the 25th Annual
Network and Distributed System Security Symposium, 2018.
Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor, Making smart contracts smarter, Proceedings of the 2016 ACM
SIGSAC conference on computer and communications security, ACM, 2016.
20 / 20
Introduction TxSpector Evaluation Related Work Summary References
References II
Ivica Nikolic, Aashish Kolluri, Ilya Sergey, Prateek Saxena, and Aquinas Hobor, Finding the greedy, prodigal, and suicidal contracts at scale,
Proceedings of the 34th Annual Computer Security Applications Conference, ACM, 2018.
Michael Rodler, Wenting Li, Ghassan Karame, and Lucas Davi, Sereum: Protecting existing smart contracts against re-entrancy attacks,
Proceedings of the 26th Network and Distributed System Security Symposium, 2019.
Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Buenzli, and Martin Vechev, Securify: Practical security analysis
of smart contracts, Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2018.
20 / 20