ÆGIS: Shielding Vulnerable Smart Contracts Against Attacks

in Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (ASIA CCS ’20), October 5–9, 2020, Taipei, Taiwan (2020)

In recent years, smart contracts have suffered major exploits, cost- ing millions of dollars. Unlike traditional programs, smart contracts are deployed on a blockchain. As such, they cannot be modified ... [more ▼]

In recent years, smart contracts have suffered major exploits, cost- ing millions of dollars. Unlike traditional programs, smart contracts are deployed on a blockchain. As such, they cannot be modified once deployed. Though various tools have been proposed to detect vulnerable smart contracts, the majority fails to protect vulnera- ble contracts that have already been deployed on the blockchain. Only very few solutions have been proposed so far to tackle the issue of post-deployment. However, these solutions suffer from low precision and are not generic enough to prevent any type of attack. In this work, we introduce ÆGIS, a dynamic analysis tool that protects smart contracts from being exploited during runtime. Its capability of detecting new vulnerabilities can easily be extended through so-called attack patterns. These patterns are written in a domain-specific language that is tailored to the execution model of Ethereum smart contracts. The language enables the description of malicious control and data flows. In addition, we propose a novel mechanism to streamline and speed up the process of managing attack patterns. Patterns are voted upon and stored via a smart contract, thus leveraging the benefits of tamper-resistance and transparency provided by the blockchain. We compare ÆGIS to current state-of-the-art tools and demonstrate that our solution achieves higher precision in detecting attacks. Finally, we perform a large-scale analysis on the first 4.5 million blocks of the Ethereum blockchain, thereby confirming the occurrences of well reported and yet unreported attacks in the wild. [less ▲]

Access Control Mechanisms Reconsidered with Blockchain Technologies

Doctoral thesis (2019)

Mint Centrality: A Centrality Measure for the Bitcoin Transaction Graph

Poster (2019, May 17)

In this work, we consider the graph of confirmed transactions in Bitcoin. Understanding this graph is essential to discern the different economic activities conducted by the pseudonymous actors. In ... [more ▼]

In this work, we consider the graph of confirmed transactions in Bitcoin. Understanding this graph is essential to discern the different economic activities conducted by the pseudonymous actors. In addition to traditional graph analysis methods, new metrics need to be engineered specifically for the bitcoin transaction graph. Hence, we propose a new centrality measure named mint centrality. The measure uses the inherent tree structure of transactions in bitcoin and their relation to the corresponding set of coinbase transactions, and can be evaluated with linear complexity. We evaluate the mint centrality on the first 200,000 blocks of the public bitcoin blockchain. [less ▲]

Demo: Blockchain for the Simplification and Automation of KYC Result Sharing

in IEEE International Conference on Blockchain and Cryptocurrency (ICBC 2019) (2019, May 14)

Know Your Customer (KYC) processes performed by banks on their customers are redundant, cumbersome and costly. Therefore, a system is proposed to automate menial tasks and allow sharing of data related to ... [more ▼]

Know Your Customer (KYC) processes performed by banks on their customers are redundant, cumbersome and costly. Therefore, a system is proposed to automate menial tasks and allow sharing of data related to KYC. A blockchain dictates the collaboration between different participants and several services are built around it to support the functionality of the system as a whole. An access control system is used to share data legitimately. [less ▲]

The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts

in USENIX Security Symposium, Santa Clara, 14-16 August 2019 (2019)

Modern blockchains, such as Ethereum, enable the execution of so-called smart contracts - programs that are executed across a decentralised network of nodes. As smart contracts become more popular and ... [more ▼]

Modern blockchains, such as Ethereum, enable the execution of so-called smart contracts - programs that are executed across a decentralised network of nodes. As smart contracts become more popular and carry more value, they become more of an interesting target for attackers. In the past few years, several smart contracts have been exploited by attackers. However, a new trend towards a more proactive approach seems to be on the rise, where attackers do not search for vulnerable contracts anymore. Instead, they try to lure their victims into traps by deploying seemingly vulnerable contracts that contain hidden traps. This new type of contracts is commonly referred to as honeypots. In this paper, we present the first systematic analysis of honeypot smart contracts, by investigating their prevalence, behaviour and impact on the Ethereum blockchain. We develop a taxonomy of honeypot techniques and use this to build HoneyBadger - a tool that employs symbolic execution and well defined heuristics to expose honeypots. We perform a large-scale analysis on more than 2 million smart contracts and show that our tool not only achieves high precision, but is also highly efficient. We identify 690 honeypot smart contracts as well as 240 victims in the wild, with an accumulated profit of more than $90,000 for the honeypot creators. Our manual validation shows that 87% of the reported contracts are indeed honeypots. [less ▲]

Blockchain Orchestration and Experimentation Framework: A Case Study of KYC

in The First IEEE/IFIP International Workshop on Managing and Managed by Blockchain (Man2Block) colocated with IEEE/IFIP NOMS 2018 (2018)

Conducting experiments to evaluate blockchain applications is a challenging task for developers, because there is a range of configuration parameters that control blockchain environments. Many public ... [more ▼]

Conducting experiments to evaluate blockchain applications is a challenging task for developers, because there is a range of configuration parameters that control blockchain environments. Many public testnets (e.g. Rinkeby Ethereum) can be used for testing, however, we cannot adjust their parameters (e.g. Gas limit, Mining difficulty) to further the understanding of the application in question and of the employed blockchain. This paper proposes an easy to use orchestration framework over the Grid'5000 platform. Grid'5000 is a highly reconfigurable and controllable large-scale testbed. We developed a tool that facilitates nodes reservation, deployment and blockchain configuration over the Grid'5000 platform. In addition, our tool can fine-tune blockchain and network parameters before and between experiments. The proposed framework offers insights for private and consortium blockchain developers to identify performance bottlenecks and to assess the behavior of their applications in different circumstances. [less ▲]

ChainGuard - A Firewall for Blockchain Applications using SDN with OpenFlow

in ChainGuard - A Firewall for Blockchain Applications using SDN with OpenFlow (2017)

Recently, blockchains have been gathering a lot of interest. Many applications can benefit from the advantages of blockchains. Nevertheless, applications with more restricted privacy or participation ... [more ▼]

Recently, blockchains have been gathering a lot of interest. Many applications can benefit from the advantages of blockchains. Nevertheless, applications with more restricted privacy or participation requirements cannot rely on public blockchains. First, the whole blockchain can be downloaded at any time, thus making the data available to the public. Second, anyone can deploy a node, join the blockchain network and take part in the consensus building process. Private and consortium blockchains promise to combine the advantages of blockchains with stricter requirements on the participating entities. This is also the reason for the comparably small number of nodes that store and extend those blockchains. However, by targeting specific nodes, an attacker can influence how consensuses are reached and possibly even halt the blockchain operation. To provide additional security to the blockchain nodes, ChainGuard utilizes SDN functionalities to filter network traffic, thus implementing a firewall for blockchain applications. ChainGuard communicates with the blockchain nodes it guards to determine which origin of the traffic is legitimate. Packets from illegitimate sources are intercepted and thus cannot have an effect on the blockchain. As is shown with experiments, ChainGuard provides access control functionality and can effectively mitigate flooding attacks from several sources at once. [less ▲]