Timely Identification of Victim Addresses in DeFi Attacks

[en] Over the past years, Decentralized Finance (DeFi) protocols have suffered from several attacks. As a result, multiple solutions have been proposed to prevent such attacks. Most solutions rely on identifying malicious transactions before they are included in blocks. However, with the emergence of private pools, attackers can now conceal their exploit transactions from attack detection. This poses a significant challenge for existing security tools, which primarily rely on monitoring transactions in public mempools. To effectively address this challenge, it is crucial to develop proactive methods that predict malicious behavior before the actual attack transactions occur. In this work, we introduce a novel methodology to infer potential victims by analyzing the deployment bytecode of malicious smart contracts. Our idea leverages the fact that attackers typically split their attacks into two stages, a deployment stage, and an attack stage. This provides a small window to analyze the attacker's deployment code and identify victims in a timely manner before the actual attack occurs. By analyzing a set of past DeFi attacks, this work demonstrates that the victim of an attack transaction can be identified with an accuracy of almost 70%.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > SEDAN - Service and Data Management in Distributed Systems

Disciplines :

Computer science

Author, co-author :

PARHIZKARI, Bahareh ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN

IANNILLO, Antonio Ken ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN

FERREIRA TORRES, Christof ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust > SEDAN > Team Radu STATE ; ETH Zurich

Banescu, Sebastian; Quantstamp, Inc

Xu, Joseph; Quantstamp, Inc

STATE, Radu ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN

External co-authors :

yes

Language :

English

Title :

Timely Identification of Victim Addresses in DeFi Attacks

Publication date :

September 2023

Event name :

International Workshop on Cryptocurrencies and Blockchain Technology (CBT)

Event date :

2023

Main work title :

Timely Identification of Victim Addresses in DeFi Attacks

Publisher :

Springer

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Development Goals :

9. Industry, innovation and infrastructure

Available on ORBilu :

since 23 December 2023

Statistics

Number of views

229 (41 by Unilu)

Number of downloads

248 (13 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenAlex citations

Bibliography

$197 million stolen: Euler finance flash loan attack explained. https://blog. chainalysis.com/reports/euler-finance-flash-loan-attack, Accessed 26 Jun 2023
Arbitrum: Scaling Ethereum. https://arbitrum.io Accessed 29Jun 2023
BNB Smart Chain: A Parallel BNB Chain to Enable Smart Contracts. https://www.bnbchain.org/en/smartChain Accessed 29 Jun 2023
DefiLlama. https://defillama.com Accessed 29 Jun 2023
Fuse Exploit Post Mortem. https://medium.com/@JackLongarzo/fuse-exploit-post-mortem-76ce18d8974 Accessed30 Jun 2023
Polygon: Blockchains for mass adoption. https://polygon.technology Accessed 29 Jun 2023
Rubic dex aggregator hack leads to $1.4m of user funds stole. https://www.binance. com/en/feed/post/134920 Accessed 16Aug 2023
Top crypto hacks-rekt database. https://defiyield.app/rekt-database Accessed 29 Jun 2023
Brent, L., et al.: Vandal: A scalable security analysis framework for smart contracts. arXiv preprint arXiv:1809.03981 (2018)
Capponi, A., Jia, R., Wang, Y.: The evolution of blockchain: from lit to dark. arXiv preprint arXiv:2202.05779 (2022)
Chen, T., et al.: Soda: A generic online detection framework for smart contracts. In: Proceedings of the Network and Distributed System Security Symposium (NDSS’20) (2020)
Ferreira Torres, C., Baden, M., Norvill, R., Fiz Pontiveros, B.B., Jonker, H., Mauw, S.: Ægis: Shielding vulnerable smart contracts against attacks. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pp. 584–597 (2020)
Ferreira Torres, C., Baden, M., Norvill, R., Jonker, H.: ÆGIS: Smart Shielding of Smart Contracts. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 2589–2591 (2019)
Ferreira Torres, C., Iannillo, A.K., Gervais, A., State, R.: The eye of horus: Spotting and analyzing attacks on ethereum smart contracts. In: Financial Cryptography and Data Security: 25th International Conference, FC 2021, Virtual Event, March 1–5, 2021, Revised Selected Papers, Part I 25. pp. 33–52. Springer (2021)
Flashbots: Flashbots docs. https://docs.flashbots.net/flashbots-auction/overview Accessed 29 Jun 2023
Flashbots: Flashbots docs. https://docs.edennetwork.io Accessed 26 Jun 2023
Forta-Network: How forta’s predictive ml models detect attacks before exploitation. https://forta.org/blog/how-fortas-predictive-ml-models-detect-attacks-before-exploitation Accessed 13 Jun 2023
Gai, Y., Zhou, L., Qin, K., Song, D., Gervais, A.: Blockchain large language models. arXiv preprint arXiv:2304.12749 (2023)
Grossman, S., et al.: Online detection of effectively callback free objects with applications to smart contracts. In: Proceedings of the ACM on Programming Languages 2(POPL), 48 (2017)
Immunefi: Immunefi crypto losses report. https://immunefi.com/reports Accessed 26 Jun 2023
Lyu, X., Zhang, M., Zhang, X., Niu, J., Zhang, Y., Lin, Z.: An empirical study on ethereum private transactions and the security implications. arXiv preprint arXiv:2208.02858 (2022)
Mazorra, B., Reynolds, M., Daza, V.: Price of mev: towards a game theoretical approach to mev. In: Proceedings of the 2022 ACM CCS Workshop on Decentralized Finance and Security, pp. 15–22 (2022)
Perez, D., Livshits, B.: Smart contract vulnerabilities: Vulnerable does not imply exploited. In: 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, Vancouver, B.C. (Aug 2021)
Piet, J., Fairoze, J., Weaver, N.: Extracting godl [sic] from the salt mines: Ethereum miners extracting value. CoRR abs/2203.15930 (2022)
Qin, K., Chaliasos, S., Zhou, L., Livshits, B., Song, D., Gervais, A.: The blockchain imitation game. arXiv preprint arXiv:2303.17877 (2023)
Qin, K., et al.: Towards automated security analysis of smart contracts based on execution property graph. CoRR abs/2305.14046 (2023)
Qin, K., Zhou, L., Gervais, A.: Quantifying blockchain extractable value: How dark is the forest? In: 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22–26, 2022, pp. 198–214. IEEE (2022)
Rodler, M., Li, W., Karame, G., Davi, L.: Sereum: Protecting existing smart contracts against re-entrancy attacks. In: Proceedings of the Network and Distributed System Security Symposium (NDSS’19) (2019)
Wang, B., et al.: Blockeye: Hunting for defi attacks on blockchain. In: 2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), pp. 17–20. IEEE (2021)
Wang, B., Yuan, X., Duan, L., Ma, H., Su, C., Wang, W.: Defiscanner: spotting defi attacks exploiting logic vulnerabilities on blockchain. IEEE Transactions on Computational Social Systems (2022)
Weintraub, B., Torres, C.F., Nita-Rotaru, C., State, R.: A flash(bot) in the pan: measuring maximal extractable value in private pools. In: Barakat, C., Pelsser, C., Benson, T.A., Choffnes, D.R. (eds.) Proceedings of the 22nd ACM Internet Measurement Conference, IMC 2022, Nice, France, October 25–27, 2022, pp. 458– 471. ACM (2022)
Werner, S., Perez, D., Gudgeon, L., Klages-Mundt, A., Harz, D., Knottenbelt, W.: Sok: decentralized finance (defi). In: Proceedings of the 4th ACM Conference on Advances in Financial Technologies, pp. 30–46 (2022)
Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum project yellow paper 151(2014), 1–32 (2014)
Wu, L., et al.: Ethscope: A transaction-centric security analytics framework to detect malicious smart contracts on ethereum. arXiv preprint arXiv:2005.08278 (2020)
Zhang, M., Zhang, X., Zhang, Y., Lin, Z.: Txspector: Uncovering attacks in ethereum from transactions. In: USENIX Security Symposium (2020)
Zheng, P., Zheng, Z., Wu, J., Dai, H.: Xblock-eth: Extracting and exploring blockchain data from ethereum. IEEE Open J. Comput. Soc. 1, 95–106 (2020)
Zheng, Z., et al.: An overview on smart contracts: challenges, advances and platforms. Futur. Gener. Comput. Syst. 105, 475–491 (2020)
Zhou, L., et al.: Sok: Decentralized finance (defi) attacks. Cryptology ePrint Archive (2022)
Zhou, S., Yang, Z., Xiang, J., Cao, Y., Yang, Z., Zhang, Y.: An ever-evolving game: Evaluation of real-world attacks and defenses in ethereum ecosystem. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 2793–2810. USENIX Association (Aug 2020)