Beyond the Public Mempool: Catching DeFi Attacks Before They Happen with Real-Time Smart Contract Analysis

PARHIZKARI, Bahareh; IANNILLO, Antonio Ken; FERREIRA TORRES, Christof; Xu, Joseph; Banescu, Sebastian; STATE, Radu

doi:10.1007/978-3-031-94455-0_12

Télécharger

Communication publiée dans un ouvrage (Colloques, congrès, conférences scientifiques et actes)

Beyond the Public Mempool: Catching DeFi Attacks Before They Happen with Real-Time Smart Contract Analysis

PARHIZKARI, Bahareh; IANNILLO, Antonio Ken; FERREIRA TORRES, Christof et al.

2024 • In Beyond the Public Mempool: Catching DeFi Attacks Before They Happen with Real-Time Smart Contract Analysis

Peer reviewed

Permalien
https://hdl.handle.net/10993/62253

DOI
10.1007/978-3-031-94455-0_12

Documents (1)Envoyer vers Détails Statistiques Bibliographie Publications similaires

Documents

Texte intégral

Beyond_the_Public_Mempool_final.pdf

Preprint Auteur (952.61 kB)

Télécharger

Tous les documents dans ORBilu sont protégés par une licence d'utilisation.

Envoyer vers

RIS BibTex APA Chicago Permalink X Linkedin

Détails

Mots-clés :

smart contract, defi, decentralized finance, blockchain

Résumé :

[en] Beyond the Public Mempool: Catching DeFi Attacks Before They Happen with Real-Time Smart Contract Analysis The rise of decentralized finance has brought a vast range of opportunities to the blockchain space and many risks. This paper tackles the challenge of detecting malicious smart contracts on Ethereum designed to exploit vulnerabilities and cause financial losses. We present a novel approach for preemptively identifying malicious smart contracts during their deployment stage. For this purpose, we gathered a dataset comprising 161 malicious smart contracts and 5500 benign smart contracts. By introducing and extracting various features related to the deployer, transaction characteristics, and deployment bytecode and selecting the most impactful features, we developed multiple models using different machine learning (ML) classification algorithms, compared them using the set of most impactful features, and selected the most accurate one as our detection model. We compared the model's performance with a publicly available ML malicious smart contract detection tool to benchmark it. The results demonstrate that our model achieves a superior True Positive Rate while having a lower False Positive Rate. Our model achieved a 79.17% detection rate for malicious smart contracts while maintaining a False Positive rate of less than 1.8%. Our model provides swift detection capabilities by alerting users immediately after a contract's deployment, thus enabling timely response and risk mitigation.

Centre de recherche :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > SEDAN - Service and Data Management in Distributed Systems

Disciplines :

Sciences informatiques

Auteur, co-auteur :

PARHIZKARI, Bahareh ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN

IANNILLO, Antonio Ken ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust > SEDAN > Team Radu STATE

FERREIRA TORRES, Christof ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust > SEDAN > Team Radu STATE

Xu, Joseph; Quantstamp

Banescu, Sebastian; Quantstamp

STATE, Radu ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN

Co-auteurs externes :

yes

Langue du document :

Anglais

Titre :

Beyond the Public Mempool: Catching DeFi Attacks Before They Happen with Real-Time Smart Contract Analysis

Date de publication/diffusion :

2024

Nom de la manifestation :

20th EAI International Conference on Security and Privacy in Communication Networks

Organisateur de la manifestation :

EAI

Lieu de la manifestation :

Dubai, Emirats Arabes Unis

Date de la manifestation :

28-30 October, 2024

Manifestation à portée :

International

Titre de l'ouvrage principal :

Beyond the Public Mempool: Catching DeFi Attacks Before They Happen with Real-Time Smart Contract Analysis

Maison d'édition :

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ((LNICST,volume 629))

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Objectif de développement durable (ODD) :

9. Industrie, innovation et infrastructure

Organisme subsidiant :

Quantstamp

Disponible sur ORBilu :

depuis le 18 octobre 2024

Statistiques

Nombre de vues

225 (dont 49 Unilu)

Nombre de téléchargements

184 (dont 14 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

OpenCitations

citations OpenAlex

Bibliographie

Crypto hackers net nearly $480 million year-to-date. https://beincrypto.com/defi-hacks-net-half-billion-2023. Accessed20 Oct 2023
Defillama. https://defillama.com. Accessed 20 Jan 2024
Documented timeline of defi exploits. https://chainsec.io/defi-hacks. Accessed 20 Jan 2024
Flashbots docs. https://docs.flashbots.net. Accessed 13 Sep 2023
Forta explorer. https://explorer.forta.network. Accessed 20 Jan 2024
Rekt news. https://rekt.news. Accessed 20 Jan 2024
Ajienka, N., Vangorp, P., Capiluppi, A.: An empirical analysis of source code metrics and smart contract resource consumption. J. Softw. Evol. Process 32(10), e2267 (2020)
Brent, L., et al.: Vandal: a scalable security analysis framework for smart contracts. arXiv preprint arXiv:1809.03981 (2018)
Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: Smote: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321–357 (2002)
Chen, T., et al. Soda: a generic online detection framework for smart contracts. In: Proceedings of the Network and Distributed System Security Symposium (NDSS’20) (2020)
Cousaert, S., Xu, J., Matsui, T.: SoK: yield aggregators in DeFi. In: 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), pp. 1–14. IEEE (2022)
Crytic: EVM CFG builder. https://github.com/crytic/evm_cfg_builder. Accessed 13 Sep 2023
DefiYield: Top crypto hacks. https://defiyield.app/rekt-database. Accessed 20 Jan 2024
Torres, C.F., Baden, M., Norvill, R., Jonker, H.: ÆGIS: smart shielding of smart contracts. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 2589–2591 (2019)
Torres, C.F., Iannillo, A.K., Gervais, A., State, R.: The eye of Horus: spotting and analyzing attacks on ethereum smart contracts. In: International Conference on Financial Cryptography and Data Security, pp. 33–52. Springer (2021)
Torres, C.F., Jonker, H., State, R.: Elysium: context-aware bytecode-level patching to automatically heal vulnerable smart contracts. In: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses, pp. 115–128 (2022)
Torres, C.F., Steichen, M., Norvill, R., Pontiveros, B.F., Jonker, H.: ÆGIS: shielding vulnerable smart contracts against attacks. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (ASIA CCS’20), October 5–9, 2020, Taipei, Taiwan (2020)
Forta-Network: How Forta’s predictive ML models detect attacks before exploitation. https://forta.org/blog/how-fortas-predictive-ml-models-detect-_attacks-before-exploitation
Gai, Y., Zhou, L., Qin, K., Song, D., Gervais, A.: Blockchain large language models. arXiv preprint arXiv:2304.12749 (2023)
Grossman, S., et al.: Online detection of effectively callback free objects with applications to smart contracts. Proc. ACM Prog. Lang. 2(POPL), 48 (2017)
Han, H., Wang, W.-Y., Mao, B.-H.: Borderline-smote: a new over-sampling method in imbalanced data sets learning. In: International Conference on Intelligent Computing, pp. 878–887. Springer (2005)
Harvey, C.R., Ramachandran, A., Santoro, J.: DeFi and the Future of Finance. Wiley (2021)
He, H., Bai, Y., Garcia, E.A., Li, S.: ADASYN: adaptive synthetic sampling approach for imbalanced learning. In: 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence), pp. 1322– 1328. IEEE (2008)
Hegedűs, P.: Towards analyzing the complexity landscape of solidity based ethereum smart contracts. In: Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, pp. 35–39 (2018)
Jović, A., Brkić, K., Bogunović, N.: A review of feature selection methods with applications. In: 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1200–1205. IEEE (2015)
Liu, X.-Y., Wu, J., Zhou, Z.-H.: Exploratory undersampling for class-imbalance learning. IEEE Trans. Syst. Man Cybern. Part B Cybern. 39(2), 539–550 (2008)
Lundberg, S.M., Lee, S.-I.: A unified approach to interpreting model predictions. Adv. Neural Inf. Process. Syst. 30 (2017)
Lyu, X., et al.: An empirical study on ethereum private transactions and the security implications. arXiv preprint arXiv:2208.02858 (2022)
Nguyen, T.D., Pham, L.H., Sun, J.: sGuard: towards fixing vulnerable smart contracts automatically. arXiv preprint arXiv:2101.01917 (2021)
Parhizkari, B., Iannillo, A.K., Torres, C.F., Banescu, S., Xu, J., State, R.: Timely identification of victim addresses in DeFi attacks. In: International Workshop on Cryptocurrencies and Blockchain Technology (CBT). Springer (2023)
Pawar, M.K., Patil, P., Sharma, M., Chalageri, M.: Secure and scalable decentralized supply chain management using ethereum and IPFS platform. In: 2021 International Conference on Intelligent Technologies (CONIT), pp. 1–5. IEEE (2021)
Perez, D., Livshits, B.: Smart contract vulnerabilities: vulnerable does not imply exploited. In: 30th USENIX Security Symposium (USENIX Security 21), Vancouver, B.C. USENIX Association (2021)
Poursafaei, F., Hamad, G.B., Zilic, Z.: Detecting malicious ethereum entities via application of machine learning classification. In: 2020 2nd Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS), pp. 120–127. IEEE (2020)
Qin, K., Chaliasos, S., Zhou, L., Livshits, B., Song, D., Gervais, A.: The blockchain imitation game. In: 32nd USENIX Security Symposium (USENIX Security 23), pp. 3961–3978, Anaheim, CA. USENIX Association (2023)
Rahman, A., Shi, V., Ding, M., Choi, E.: Systematization of knowledge: synthetic assets, derivatives, and on-chain portfolio management. arXiv preprint arXiv:2209.09958 (2022)
Rigaud, L.: Detecting illicit ethereum accounts based on their transaction history. In: The International Conference on Deep Learning, Big Data and Blockchain (DBB 2022), vol. 541, p. 97. Springer (2022)
Rodler, M., Li, W., Karame, G., Davi, L.: Sereum: protecting existing smart contracts against re-entrancy attacks. In: Proceedings of the Network and Distributed System Security Symposium (NDSS’19) (2019)
Rodler, M., Li, W., Karame, G., Davi, L.: EVMPatch: timely and automated patching of ethereum smart contracts. In: 30th USENIX Security Symposium (USENIX Security ’21), Vancouver, B.C. USENIX Association (2021)
Scikit-learn: Scikit-learn: feature selection. https://scikitlearn.org/stable/modules/feature_selection.html. Accessed20 Jan 2024
Su, L., et al.: Evil under the sun: understanding and discovering attacks on ethereum decentralized applications. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 1307–1324 (2021)
Warren, W., Bandeali, A.: 0x: an open protocol for decentralized exchange on the ethereum blockchain, pp. 04–18 (2017). https://github.com/0xProject/whitepaper
Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151(2014), 1–32 (2014)
Wu, L., et al.: Ethscope: a transaction-centric security analytics framework to detect malicious smart contracts on ethereum. arXiv preprint arXiv:2005.08278 (2020)
Xu, J., Vadgama, N.: From banks to defi: the evolution of the lending market. In: Enabling the Internet of Value: How Blockchain Connects Global Businesses, pp. 53–66 (2022)
Yu, X.L., Al-Bataineh, O., Lo, D., Roychoudhury, A.: ACM TOSEM. Smart contract repair 29(4), 1–32 (2020)
Zhang, M., Zhang, X., Zhang, Y., Lin, Z.: TXSPECTOR: uncovering attacks in ethereum from transactions. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 2775–2792. USENIX Association (2020)
Zhang, Y., Ma, S., Li, J., Li, K., Nepal, S., Gu, D.: Smartshield: automatic smart contract protection made easy. In: 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 23–34. IEEE (2020)
Zhang, Z., Lin, Z., Morales, M., Zhang, X., Zhang, Z.: Your exploit is mine: instantly synthesizing counterattack smart contract. In: 32nd USENIX Security Symposium (USENIX Security 23), pp. 1757–1774, Anaheim, CA. USENIX Association (2023)
Zheng, P., Zheng, Z., Jiajing, W., Dai, H.-N.: XBlock-ETH: extracting and exploring blockchain data from ethereum. IEEE Open J. Comput. Soc. 1, 95–106 (2020)
Zheng, Z., Xie, S., Dai, H., Chen, X., Wang, H.: An overview of blockchain technology: Architecture, consensus, and future trends. In: 2017 IEEE International Congress on Big Data (BigData Congress), pp. 557–564. IEEE (2017)
Zhou, L., et al.: SoK: decentralized finance (DeFi) attacks. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 2444–2461. IEEE (2023)
Zhou, S., Yang, Z., Xiang, J., Cao, Y., Yang, Z., Zhang, Y.: An ever-evolving game: evaluation of real-world attacks and defenses in ethereum ecosystem. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 2793–2810. USENIX Association (2020)