Beyond the Public Mempool: Catching DeFi Attacks Before They Happen with Real-Time Smart Contract Analysis

PARHIZKARI, Bahareh; IANNILLO, Antonio Ken; FERREIRA TORRES, Christof; Xu, Joseph; Banescu, Sebastian; STATE, Radu

doi:10.1007/978-3-031-94455-0_12

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Beyond the Public Mempool: Catching DeFi Attacks Before They Happen with Real-Time Smart Contract Analysis

PARHIZKARI, Bahareh; IANNILLO, Antonio Ken; FERREIRA TORRES, Christof et al.

2024 • In Beyond the Public Mempool: Catching DeFi Attacks Before They Happen with Real-Time Smart Contract Analysis

Peer reviewed

Permalink
https://hdl.handle.net/10993/62253

DOI
10.1007/978-3-031-94455-0_12

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

Beyond_the_Public_Mempool_final.pdf

Author preprint (952.61 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

smart contract, defi, decentralized finance, blockchain

Abstract :

[en] Beyond the Public Mempool: Catching DeFi Attacks Before They Happen with Real-Time Smart Contract Analysis The rise of decentralized finance has brought a vast range of opportunities to the blockchain space and many risks. This paper tackles the challenge of detecting malicious smart contracts on Ethereum designed to exploit vulnerabilities and cause financial losses. We present a novel approach for preemptively identifying malicious smart contracts during their deployment stage. For this purpose, we gathered a dataset comprising 161 malicious smart contracts and 5500 benign smart contracts. By introducing and extracting various features related to the deployer, transaction characteristics, and deployment bytecode and selecting the most impactful features, we developed multiple models using different machine learning (ML) classification algorithms, compared them using the set of most impactful features, and selected the most accurate one as our detection model. We compared the model's performance with a publicly available ML malicious smart contract detection tool to benchmark it. The results demonstrate that our model achieves a superior True Positive Rate while having a lower False Positive Rate. Our model achieved a 79.17% detection rate for malicious smart contracts while maintaining a False Positive rate of less than 1.8%. Our model provides swift detection capabilities by alerting users immediately after a contract's deployment, thus enabling timely response and risk mitigation.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > SEDAN - Service and Data Management in Distributed Systems

Disciplines :

Computer science

Author, co-author :

PARHIZKARI, Bahareh ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN

IANNILLO, Antonio Ken ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust > SEDAN > Team Radu STATE

FERREIRA TORRES, Christof ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust > SEDAN > Team Radu STATE

Xu, Joseph; Quantstamp

Banescu, Sebastian; Quantstamp

STATE, Radu ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN

External co-authors :

yes

Language :

English

Title :

Beyond the Public Mempool: Catching DeFi Attacks Before They Happen with Real-Time Smart Contract Analysis

Publication date :

2024

Event name :

20th EAI International Conference on Security and Privacy in Communication Networks

Event organizer :

EAI

Event place :

Dubai, United Arab Emirates

Event date :

28-30 October, 2024

Audience :

International

Main work title :

Beyond the Public Mempool: Catching DeFi Attacks Before They Happen with Real-Time Smart Contract Analysis

Publisher :

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ((LNICST,volume 629))

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Development Goals :

9. Industry, innovation and infrastructure

Funders :

Quantstamp

Available on ORBilu :

since 18 October 2024

Statistics

Number of views

256 (49 by Unilu)

Number of downloads

251 (16 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

Bibliography

Crypto hackers net nearly $480 million year-to-date. https://beincrypto.com/defi-hacks-net-half-billion-2023. Accessed20 Oct 2023
Defillama. https://defillama.com. Accessed 20 Jan 2024
Documented timeline of defi exploits. https://chainsec.io/defi-hacks. Accessed 20 Jan 2024
Flashbots docs. https://docs.flashbots.net. Accessed 13 Sep 2023
Forta explorer. https://explorer.forta.network. Accessed 20 Jan 2024
Rekt news. https://rekt.news. Accessed 20 Jan 2024
Ajienka, N., Vangorp, P., Capiluppi, A.: An empirical analysis of source code metrics and smart contract resource consumption. J. Softw. Evol. Process 32(10), e2267 (2020)
Brent, L., et al.: Vandal: a scalable security analysis framework for smart contracts. arXiv preprint arXiv:1809.03981 (2018)
Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: Smote: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321–357 (2002)
Chen, T., et al. Soda: a generic online detection framework for smart contracts. In: Proceedings of the Network and Distributed System Security Symposium (NDSS’20) (2020)
Cousaert, S., Xu, J., Matsui, T.: SoK: yield aggregators in DeFi. In: 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), pp. 1–14. IEEE (2022)
Crytic: EVM CFG builder. https://github.com/crytic/evm_cfg_builder. Accessed 13 Sep 2023
DefiYield: Top crypto hacks. https://defiyield.app/rekt-database. Accessed 20 Jan 2024
Torres, C.F., Baden, M., Norvill, R., Jonker, H.: ÆGIS: smart shielding of smart contracts. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 2589–2591 (2019)
Torres, C.F., Iannillo, A.K., Gervais, A., State, R.: The eye of Horus: spotting and analyzing attacks on ethereum smart contracts. In: International Conference on Financial Cryptography and Data Security, pp. 33–52. Springer (2021)
Torres, C.F., Jonker, H., State, R.: Elysium: context-aware bytecode-level patching to automatically heal vulnerable smart contracts. In: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses, pp. 115–128 (2022)
Torres, C.F., Steichen, M., Norvill, R., Pontiveros, B.F., Jonker, H.: ÆGIS: shielding vulnerable smart contracts against attacks. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (ASIA CCS’20), October 5–9, 2020, Taipei, Taiwan (2020)
Forta-Network: How Forta’s predictive ML models detect attacks before exploitation. https://forta.org/blog/how-fortas-predictive-ml-models-detect-_attacks-before-exploitation
Gai, Y., Zhou, L., Qin, K., Song, D., Gervais, A.: Blockchain large language models. arXiv preprint arXiv:2304.12749 (2023)
Grossman, S., et al.: Online detection of effectively callback free objects with applications to smart contracts. Proc. ACM Prog. Lang. 2(POPL), 48 (2017)
Han, H., Wang, W.-Y., Mao, B.-H.: Borderline-smote: a new over-sampling method in imbalanced data sets learning. In: International Conference on Intelligent Computing, pp. 878–887. Springer (2005)
Harvey, C.R., Ramachandran, A., Santoro, J.: DeFi and the Future of Finance. Wiley (2021)
He, H., Bai, Y., Garcia, E.A., Li, S.: ADASYN: adaptive synthetic sampling approach for imbalanced learning. In: 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence), pp. 1322– 1328. IEEE (2008)
Hegedűs, P.: Towards analyzing the complexity landscape of solidity based ethereum smart contracts. In: Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, pp. 35–39 (2018)
Jović, A., Brkić, K., Bogunović, N.: A review of feature selection methods with applications. In: 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1200–1205. IEEE (2015)
Liu, X.-Y., Wu, J., Zhou, Z.-H.: Exploratory undersampling for class-imbalance learning. IEEE Trans. Syst. Man Cybern. Part B Cybern. 39(2), 539–550 (2008)
Lundberg, S.M., Lee, S.-I.: A unified approach to interpreting model predictions. Adv. Neural Inf. Process. Syst. 30 (2017)
Lyu, X., et al.: An empirical study on ethereum private transactions and the security implications. arXiv preprint arXiv:2208.02858 (2022)
Nguyen, T.D., Pham, L.H., Sun, J.: sGuard: towards fixing vulnerable smart contracts automatically. arXiv preprint arXiv:2101.01917 (2021)
Parhizkari, B., Iannillo, A.K., Torres, C.F., Banescu, S., Xu, J., State, R.: Timely identification of victim addresses in DeFi attacks. In: International Workshop on Cryptocurrencies and Blockchain Technology (CBT). Springer (2023)
Pawar, M.K., Patil, P., Sharma, M., Chalageri, M.: Secure and scalable decentralized supply chain management using ethereum and IPFS platform. In: 2021 International Conference on Intelligent Technologies (CONIT), pp. 1–5. IEEE (2021)
Perez, D., Livshits, B.: Smart contract vulnerabilities: vulnerable does not imply exploited. In: 30th USENIX Security Symposium (USENIX Security 21), Vancouver, B.C. USENIX Association (2021)
Poursafaei, F., Hamad, G.B., Zilic, Z.: Detecting malicious ethereum entities via application of machine learning classification. In: 2020 2nd Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS), pp. 120–127. IEEE (2020)
Qin, K., Chaliasos, S., Zhou, L., Livshits, B., Song, D., Gervais, A.: The blockchain imitation game. In: 32nd USENIX Security Symposium (USENIX Security 23), pp. 3961–3978, Anaheim, CA. USENIX Association (2023)
Rahman, A., Shi, V., Ding, M., Choi, E.: Systematization of knowledge: synthetic assets, derivatives, and on-chain portfolio management. arXiv preprint arXiv:2209.09958 (2022)
Rigaud, L.: Detecting illicit ethereum accounts based on their transaction history. In: The International Conference on Deep Learning, Big Data and Blockchain (DBB 2022), vol. 541, p. 97. Springer (2022)
Rodler, M., Li, W., Karame, G., Davi, L.: Sereum: protecting existing smart contracts against re-entrancy attacks. In: Proceedings of the Network and Distributed System Security Symposium (NDSS’19) (2019)
Rodler, M., Li, W., Karame, G., Davi, L.: EVMPatch: timely and automated patching of ethereum smart contracts. In: 30th USENIX Security Symposium (USENIX Security ’21), Vancouver, B.C. USENIX Association (2021)
Scikit-learn: Scikit-learn: feature selection. https://scikitlearn.org/stable/modules/feature_selection.html. Accessed20 Jan 2024
Su, L., et al.: Evil under the sun: understanding and discovering attacks on ethereum decentralized applications. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 1307–1324 (2021)
Warren, W., Bandeali, A.: 0x: an open protocol for decentralized exchange on the ethereum blockchain, pp. 04–18 (2017). https://github.com/0xProject/whitepaper
Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151(2014), 1–32 (2014)
Wu, L., et al.: Ethscope: a transaction-centric security analytics framework to detect malicious smart contracts on ethereum. arXiv preprint arXiv:2005.08278 (2020)
Xu, J., Vadgama, N.: From banks to defi: the evolution of the lending market. In: Enabling the Internet of Value: How Blockchain Connects Global Businesses, pp. 53–66 (2022)
Yu, X.L., Al-Bataineh, O., Lo, D., Roychoudhury, A.: ACM TOSEM. Smart contract repair 29(4), 1–32 (2020)
Zhang, M., Zhang, X., Zhang, Y., Lin, Z.: TXSPECTOR: uncovering attacks in ethereum from transactions. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 2775–2792. USENIX Association (2020)
Zhang, Y., Ma, S., Li, J., Li, K., Nepal, S., Gu, D.: Smartshield: automatic smart contract protection made easy. In: 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 23–34. IEEE (2020)
Zhang, Z., Lin, Z., Morales, M., Zhang, X., Zhang, Z.: Your exploit is mine: instantly synthesizing counterattack smart contract. In: 32nd USENIX Security Symposium (USENIX Security 23), pp. 1757–1774, Anaheim, CA. USENIX Association (2023)
Zheng, P., Zheng, Z., Jiajing, W., Dai, H.-N.: XBlock-ETH: extracting and exploring blockchain data from ethereum. IEEE Open J. Comput. Soc. 1, 95–106 (2020)
Zheng, Z., Xie, S., Dai, H., Chen, X., Wang, H.: An overview of blockchain technology: Architecture, consensus, and future trends. In: 2017 IEEE International Congress on Big Data (BigData Congress), pp. 557–564. IEEE (2017)
Zhou, L., et al.: SoK: decentralized finance (DeFi) attacks. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 2444–2461. IEEE (2023)
Zhou, S., Yang, Z., Xiang, J., Cao, Y., Yang, Z., Zhang, Y.: An ever-evolving game: evaluation of real-world attacks and defenses in ethereum ecosystem. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 2793–2810. USENIX Association (2020)