Chinese Journal of Network and Information Security ›› 2020, Vol. 6 ›› Issue (2): 35-55.doi: 10.11959/j.issn.2096-109x.2020025
Special Issue: 区块链
• Special Column:Blockchain Technology • Previous Articles Next Articles
Gansen ZHAO1,2,3,Zhijian XIE1,2,3,Xinming WANG1,2,3,4,5(),Jiahao HE1,2,3,Chengzhi ZHANG5(),Chengchuang LIN1,2,3,ZHOU Ziheng1,3,6,Bingchuan CHEN3,7,RONG Chunming8
Revised:
2020-03-25
Online:
2020-04-15
Published:
2020-04-23
Supported by:
CLC Number:
Gansen ZHAO,Zhijian XIE,Xinming WANG,Jiahao HE,Chengzhi ZHANG,Chengchuang LIN,ZHOU Ziheng,Bingchuan CHEN,RONG Chunming. ContractGuard:defend Ethereum smart contract with embedded intrusion detection[J]. Chinese Journal of Network and Information Security, 2020, 6(2): 35-55.
"
漏洞 | 是否存在异常控制流 |
1) 可重入漏洞 | 是,此路径重新进入调用的函数中,然后发起外部调用 |
2) 危险的Deleagate call | 是,此路径通过delegate call调用未知的库代码 |
3) 算术上溢/下溢 | 是,在拓展后的控制流图中,用于检查上下溢的分支会返回true |
4) 默认类型 | 是,这条路径调用了本应该为 internal 属性的函数 |
5) 随机种子 | 否 |
6) 对外部调用的检查 | 是,在拓展后的控制流图中,用于检测call()和send()返回结果的值为false |
7) 打包交易顺序 | 否 |
8) Tx.Origin | 是,此路径由合约用户在攻击者合约中发起交易,然后触发Tx.Origin进行权限更改 |
9) 拒绝服务 | 是,此路径使智能合约失效 |
10) 短地址攻击 | 否 |
11) 逻辑错误 | 不一定存在,取决于安全路径与不安全路径是否进行了重合 |
"
项目 | 漏洞以及其攻击向量 | 代码大小/Byte | 部署额外开销 | 运行额外开销 | 平均召回率 | 平均误报次数 | |||
平均开销 | 平均开销 | ||||||||
DAO | 可重入漏洞[ | 1 774 | 11.95% | 35 751.43 | 20.51% | 43 845.47 | 100% | 4.48 | |
MultiSig | 危险的Delegatecall[ | 764 | 29.58% | 22 679.66 | 28.27% | 29 085.6 | 100% | 2.0 | |
KoETH | 对外部调用的检查[ | 3 617 | 31.18% | 37 359.64 | 23.82% | 44 067.72 | 100% | 13.57 | |
BecToken | 算术上溢[ | 5 963 | 9.52% | 39 846.26 | 15.75% | 68 371.95 | 100% | 8.2 | |
OwlWallet | Tx.Origin[ | 561 | 27.27% | 25 032.01 | 26.50% | 31 456.74 | 100% | 3.0 | |
MerdeToken | 算术下溢[ | 1 013 | 21.03% | 35 990.97 | 18.74% | 42 397.30 | 100% | 4.0 |
"
项目 | 代码大小/Byte | Truffle框架下的测试用例 | 人工植入漏洞的总数 | 主要植入的漏洞 | 部署额外开销 | 运行额外开销 | 平均召回率 | 平均错误警报 |
Cryptokitties[ | 30 966 | 516 | 64(14,7,3,40) | 5(2,1,0,2) | 14.28% | 9.03% | 60% | 1.5 |
StatusNetwork[ | 38 631 | 261 | 83(28,9,6,40) | 2(0,1,1,0) | 19.02% | 15.79% | 100% | 3.0 |
VotingDApp[ | 2 326 | 14 | 15(6,2,0,7) | 2(2,0,0,0) | 12.33% | 10.84% | 100% | 1.0 |
pool-shark[ | 5 895 | 69 | 33(8,6,1,18) | 3(2,1,0,0) | 10.23% | 31.52% | 100% | 5.9 |
[1] | NAKAMOTO S . Bitcoin:a peer-to-peer electronic cash system[EB]. |
[2] | BUTERIN V . A next-generation smart contract and decentralized application platform[J]. |
[3] | ATZEI N , BARTOLETTI M , CIMOLI T . A survey of attacks on Ethereum smart contracts (SoK)[C]// International Conference on Principles of Security and Trust. 2017: 164-186. |
[4] | KRUPP J , ROSSOW C . Teether:gnawing at Ethereum to automatically exploit smart contracts[C]// 27th USENIX Security Symposium (USENIX Security 18). 2018: 1317-1333. |
[5] | CHEN T , LI X , LUO X , ZHANG X . Under-optimized smart contracts devour your money[C]// Software Analysis,Evolution and Reengineering (SANER). 2017: 442-446. |
[6] | KALRA S , GOEL S , DHAWAN M ,et al. ZEUS:analyzing safety of smart contracts[C]// NDSS. 2018. |
[7] | BRENT L . Vandal:a scalable security analysis framework for smart contracts[J]. arXiv preprint arXiv:1809.03981, 2018 |
[8] | ZAKRZEWSKI J , . Towards verification of Ethereum smart contracts:a formalization of core of solidity[C]// Working Confer-ence on Verified Software:Theories,Tools,and Experiments. 2018: 229-247. |
[9] | NIKOLI? I , KOLLURI A , SERGEY I ,et al. Finding the greedy,prodigal,and suicidal contracts at scale[C]// The 34th Annual Computer Security Applications Conference. 2018: 653-663. |
[10] | GRECH N , KONG M , JURISEVIC A ,et al. MadMax:surviving out-of-gas conditions in Ethereum smart contracts[J]. Proceedings of the ACM on Programming Languages, 2018,2: 1-27. |
[11] | JIANG B , LIU Y , CHAN W K . Contract fuzzer:fuzzing smart contracts for vulnerability detection[C]// 33rd ACM/IEEE International Conference on Automated Soft-ware Engineering. 2018: 259-269 |
[12] | LIAO H J , LIN C H R , LIN Y C ,et al. Intrusion detection system:a comprehensive review[J]. Journal of Network and Computer Applications, 2013(36): 16-24. |
[13] | Understanding the DAO attack[EB]. |
[14] | Parity multisig hacked again[EB]. |
[15] | ZHANG T , ZHUANG X , PANDE S ,et al. Anomalous path detection with hardware support[C]// The 2005 International Conference on Compilers,Architectures and Synthesis for Embedded Systems. 2005: 43-54. |
[16] | FENG H H , KOLESNIKOV O M , FOGLA P ,et al. Anomaly detection using call stack information[C]// 2003 Symposium on Security and Privacy. 2003: 62-75. |
[17] | GARFINKEL T , ROSENBLUM M . A virtual machine introspection based architecture for intrusion detection[C]// NDSS. 2003: 191-206. |
[18] | WOOD G . Ethereum yellow paper[EB]. |
[19] | GIFFIN J T , JHA S , MILLER B P . Efficient context-sensitive intrusion detection[C]// NDSS. 2004. |
[20] | XU H , DU W , CHAPIN S J . Context sensitive anomaly monitoring of process control flow to detect mimicry attacks and impossible paths[C]// International Workshop on Recent Advances in Intrusion Detection. 2004: 21-38. |
[21] | BALL T , LARUS J R . Efficient path profiling[C]// 29th Annual ACM/IEEE International Symposium on Microarchitecture, 1996: 46-57. |
[22] | BELAZZOUGUID , BOTELHO F C , DIETZFELBINGER M . Hash,displace,and compress[C]// European Symposium on Algorithms. 2009: 682-693. |
[23] | LUU L , CHU D H , OLICKEL H ,et al. Making smart contracts smarter[C]// 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016: 254-269. |
[24] | GROSSMAN S , . Online detection of effectively callback free objects with applications to smart contracts[C]// ACM on Programming Languages, 2017(2):48. |
[25] | GRISHCHENKO I , MAFFEI M , SCHNEIDEWIND C . a semantic framework for the security analysis of Ethereum smart contracts[C]// International Conference on Principles of Security and Trust, 2018: 243-269. |
[26] | LARUS J R , . Whole program paths[C]// ACM SIGPLAN 1999 Conference on Programming Language Design and Implementation (PLDI). 1999,34: 259-269. |
[27] | MELSKI D , REPS T . Interprocedural path profiling[C]// International Conference on Compiler Construction. 1999: 47-62. |
[28] | D’ELIA D C , DEMETRESCU C . Ball-larus path profiling across multiple loop iterations[J]. ACM Sigplan Notices, 2013,48: 373-390. |
[29] | SUMNER W N , ZHENG Y , WEERATUNGE D ,et al. Precise calling context encoding[J]. IEEE Transactions on Software Engineering, 2012,38(5): 1160-1177. |
[30] | AMMONS G , LARUS J R . Improving dataflow analysis with path profiles[J]. ACM SIGPLAN Notices, 1998,33: 72-84. |
[31] | ERNST M D , COCKRELL J , GRISWOLD W G ,et al. Dynamically discovering likely program invariants to support program evolution[J]. IEEE Transactions on Software Engineering, 2001,27(2): 99-123. |
[32] | KUMAR V , SANGWAN O P . Signature based intrusion detection system using SNORT[J]. International Journal of Computer Applications & Information Technology, 2012,1(3): 35-41. |
[33] | CUI W , PEINADO M , WANG H J ,et al. Shieldgen:automatic data patch generation for unknown vulnerabilities with informed probing[C]// 2007 IEEE Symposium on Security and Privacy (SP’07). 2007: 252-266. |
[34] | DANNEN C . Introducing Ethereum and solidity[M]. Berlin: SpringerPress, 2017. |
[35] | ZHUANG X , SERRANO M J , CAIN H W ,et al. Accurate,efficient,and adaptive calling context profiling[J]. ACM Sigplan Notices, 2006(41): 263-271. |
[36] | LI X , JIANG P , CHEN T ,et al. A survey on the security of blockchain systems[C]// Future Generation Computer Systems. 2017. |
[37] | MANNING D A . Solidity security:comprehensive list of known attack vectors and common antipatterns[J]. |
[38] | DERIVATIVES D N | T . A survey of solidity security vulnerability[EB]. |
[39] | BEC spiked 4000% on first trading day,another pump-and-dump scheme[EB]. |
[40] | WANG X , CHEUNG S C , CHAN W K ,et al. Taming coincidental correctness:coverage refinement with context patterns[C]// ICSE. 2009: 45-55. |
[41] | Truffle Suite.Sweet Contracts[EB]. |
[42] | BALL T , LARUS J R . Optimally profiling and tracing programs[J]. ACM Transactions on Programming Languages and Systems (TOPLAS), 1994,16(4): 1319-1360. |
[43] | TJHAI G C , PAPADAKI M , FURNELL S M ,et al. Clarke,investigating the problem of IDS false alarms:an experimental study using snort[C]// IFIP International Information Security Conference. 2008: 253-267. |
[44] | Understanding the DAO attack[EB]. |
[45] | An in-depth look at the parity multisig bug[EB]. |
[46] | Post-mortem[EB]. |
[47] | Detecting integer arithmetic bugs in Ethereum smart contracts[EB]. |
[48] | Smart contract wallets created in frontier are vulnerable to phishing attacks[EB]. |
[49] | MerdeToken[EB]. |
[50] | CryptoKitty[EB]. |
[51] | StatusNetwork[EB]. |
[52] | DecentralizedVoting[EB]. |
[53] | PoolShark[EB]. |
[54] | Etherscan[EB]. |
[55] | SafeMath OpenZeppelin[EB]. |
[1] | Zhao CAI, Tao JING, Shuang REN. Survey on Ethereum phishing detection technology [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 21-32. |
[2] | Heli WANG, Qiao YAN. Selfish mining detection scheme based on the characters of transactions [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 104-114. |
[3] | Beiyuan YU, Shanyao REN, Jianwei LIU. Overview of blockchain assets theft attacks and defense technology [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 1-17. |
[4] | Fei TANG, Ning GAN, Xianggui YANG, Jinyang WANG. Anti malicious KGC certificateless signature scheme based on blockchain and domestic cryptographic SM9 [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 9-19. |
[5] | Dan LIN, Kaixin LIN, Jiajing WU, Zibin ZHENG. Bytecode-based approach for Ethereum smart contract classification [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 111-120. |
[6] | Liquan CHEN, Xiao LI, Zheyi YANG, Sijie QIAN. Blockchain-based high transparent PKI authentication protocol [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 1-11. |
[7] | Wenbo ZHANG, Simin CHEN, Lifei WEI, Wei SONG, Dongmei HUANG. State-of-the-art survey of smart contract verification based on formal methods [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 12-28. |
[8] | Feng LIU, Jie YANG, Jiayin QI. Survey on blockchain privacy protection techniques in cryptography [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 29-44. |
[9] | Xiaoling SONG, Yong LIU, Jingnan DONG, Yongfei HUANG. Application and prospect of blockchain in Metaverse [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 45-65. |
[10] | Lin JIN, Youliang TIAN. Multi-authority attribute hidden for electronic medical record sharing scheme based on blockchain [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 66-76. |
[11] | Pengkun JIANG, Wenyin ZHANG, Jiuru WANG, Shanyun HUANG, Wanshui SONG. Blockchain covert communication scheme based on the cover of normal transactions [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 77-86. |
[12] | Jianlin NIU, Zhiyu REN, Xuehui DU. Cross-domain authentication scheme based on consortium blockchain [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 123-133. |
[13] | Baoqin ZHAI, Jian WANG, Lei HAN, Jiqiang LIU, Jiahao HE, Tianhao LIU. Hierarchical proxy consensus optimization for IoV based on blockchain and trust value [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 142-153. |
[14] | Haoran SHI, Lixin JI, Shuxin LIU, Gengrun WANG. Abnormal link detection algorithm based on semi-local structure [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 63-72. |
[15] | Jiaren YU, Youliang TIAN, Hui LIN. Design of miner type identification mechanism based on reputation management model [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 128-138. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|