TxSpector: Uncovering Attacks in Ethereum from ......International Conference on Software Engineering (ICSE), 2019. Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma, Zeus:

Computer Security Laboratory

THE OHIO STATE UNIVERSITY

TxSpector: Uncovering Attacks inEthereum from Transactions

Mengya Zhang, Xiaokuan Zhang, Yinqian Zhang, Zhiqiang Lin

USENIX Security 2020

Introduction TxSpector Evaluation Related Work Summary References

Motivations (1/3) - Deployed Smart Contracts are Immutable

deploy

Smart ContractSmart Contract

Ethereum

Immutable

1 / 20


Motivations (2/3) - Attacks can Cause Huge Financial Losses

deploy call

Transaction

AttackerSmart ContractSmart Contract

Ethereum● sender

● receiver

● value

● …

2 / 20


Motivations (3/3) - Few Works focus on Transactions

Smart Contracts1 Oyente [LCO+16]

2 Zeus [KGDS18]

3 Securify [TDDC+18]

4 Vandal [BJK+18]

5 Gigahorse [GBSS19]

6 Maian [NKS+18]

7 Slither [FGG19]

8 Mythril [Con]

9 EthBMC [FAH20]

Transactions1 Sereum [RLKD19]

2 ECFChecker [GAGG+17]

3 / 20


Goals (1/3) - Identify Real World Attacks

Transaction Our Tool

input

4 / 20


Goals (2/3) - Generic and Logic-driven Framework

Transaction Our Tool

input

Transaction

Transaction

5 / 20


Goals (3/3) - Forensic Analysis of the Attacks

Transaction Our Tool Report

input output

Transaction

Transaction

6 / 20


Overview of TxSpector

TraceDatabase

Execution Flow Graph Generator

Execution Flow Graphs

Logic RelationBuilder

Logic Relation

Database

Attack Detector

AttackReport

Detection Rules(Re-entrancy, Suicidal, ……)

Trace Extractor

7 / 20


Detailed Design -Trace Extractor

Trace Extractor

TraceDatabase




Logic Relation

Database

Attack Detector

AttackReport


Challenges

I Extract dependencies.

Solutions

I Record bytecode-level traces.

8 / 20


Detailed Design -Trace Extractor

Trace Extractor

TraceDatabase




Logic Relation

Database

Attack Detector

AttackReport


Challenges


Solutions

I Record bytecode-level traces.

8 / 20


Detailed Design - Execution Flow Graph Generator

Trace Extractor

TraceDatabase




Logic Relation

Database

Attack Detector

AttackReport


Challenges


Solutions

I Construct the Execution Flow Graph.

9 / 20


Detailed Design - Logic Relation Builder

Trace Extractor

TraceDatabase




Logic Relation

Database

Attack Detector

AttackReport


Challenges

I Encode dependencies.

Solutions

I Extract logic relations.

10 / 20


Detailed Design - Attack Detector

Trace Extractor

TraceDatabase




Logic Relation

Database

Attack Detector

AttackReport


Challenges

I Huge transaction volumes.

Solutions

I Construct once, detect multiple times.

11 / 20


Experiment Setup

Dataset

January 2019 – February 2019

9,661,593 transactions

Reentrancy; Unchecked Call; Suicidal

12 / 20


Reentrancy Attacks - An Example

1 function withdrawBalance(uint amount) public {

2 if (user[msg.sender] >= amount) {

3 msg.sender.call.value(amount)();

4 user[msg.sender] -= amount;

5 }

6 }

Victim A

Call B

Attacker B Victim A

Call A

Return

…

Return

…

…

…

transfer

transfer

13 / 20



inconsistent state1 read-if dependency.

2 read-write dependency.

Victim A

Call B

Attacker B Victim A

Call A

Return Return

…

if(user[msg.sender] >= amount)

read v; if(v)

transfer

transfer

…

13 / 20



inconsistent state1 read-if dependency.

2 read-write dependency.

Victim A

Call B

Attacker B Victim A

Call A

Return Return

…

if(user[msg.sender] >= amount)

read v; if(v)

transfer

transfer

user[msg.sender] -= amount;

…

13 / 20


Experiment Results - Reentrancy Attacks

Vulnerability System # Total# Timeout

or Error# Remaining # Flagged

Reentrancy

TxSpector 9,661,593 336,909 (3.5%) 9,321,684 3,357Sereum 9,661,593 N/A N/A 10,278Securify 105,535 7,541 97,994 1196Vandal 105,535 1,431 104,104 85,721Gigahorse 105,535 N/A N/A 3,310

14 / 20


Experiment Results - Compare with Other Tools

Vulnerability System # Total# Timeout

or Error# Remaining # Flagged

Reentrancy

TxSpector 9,661,593 336,909 (3.5%) 9,321,684 3,357Sereum 9,661,593 N/A N/A 10,278Securify 105,535 7,541 97,994 1196Vandal 105,535 1,431 104,104 85,721Gigahorse 105,535 N/A N/A 3,310

15 / 20


Forensic Analysis - NIS

0 15 30 45 60 75 90105

120135

150165

180195

210225

240255

270285

300

0

5

10

15

3,245

82

5

02

7

01

0 0 0 01

0 0 0 0

13

0 0

The number of inconsistent state (NIS)

16 / 20


Forensic Analysis - Top 5 Victim Smart Contracts

Address NIS Count0xdf18880a02c7f3eb4f40fdf515fce31c1cb7ef66 4,8030x1806b3527c18fb532c46405f6f014c1f381b499a 3,8150xd7a14019aeeba25e676a1b596bb19b6f37db74d2 2,8390x533bafa16aa76218ec4a365ad71bf8816cf21bbb 6750x431d77f50803d31b090e86740b1d5848af54fad0 582

17 / 20


Forensic Analysis - Case Study: The DAO Smart Contract

0100

200300

400500

600700

800900

10001100

12001300

14001500

16001700

18001900

2000

0

20

40

60

80

678

6

23

93 2 5

76

3

788

1 1 0 0 0 0 1

474

1

37

NIS in reentrancy transactions on DAO

2016.04 2017.01 2018.01 2019.02Date

1

2

3

log

10(T

xC

ou

nt)

2016.06 2016.08Date

1

2

3

log

10(T

xC

ou

nt)

Distribution of reentrancy attacks on DAO.

18 / 20


Related Work

Systems Tx Order Dependence

StateDependence

Mishandled Exception

Re-entrancy

Restricted Transfe

r

Failed Send

Unsecured Balance

Misuse-of-o

rigin

Integer Overflow

Suicidal

Denial-of-Service

Oyente [LCO+16] N N N N

Zeus [KGDS18] N N N N N N N

Securify [TDDC+18] N N N N

Vandal [BJK+18] N N N N N

Gigahorse [GBSS19] N N N

Maian [NKS+18] N N

Slither [FGG19] N N N N N N N

Mythril [Con] N N N N N N N N

EthBMC [FAH20] N N

Sereum [RLKD19] F

ECFChecker [GAGG+17] F

TxSpector F F F F F F F F

Table: N: vulnerabilities in smart contracts; F: attacks in transactions.19 / 20


Summary

TraceDatabase




Logic Relation

Database

Attack Detector

AttackReport


Trace Extractor

TxSpectorI Generic, logic-driven, transactions

Applications

I Forensic analysis

Source code is available at: https://github.com/OSUSecLab/TxSpector Email: (zhang.9407, zhang.5840, zhang.834, lin.3021)@osu.edu

20 / 20

https://github.com/OSUSecLab/TxSpector


References I

Lexi Brent, Anton Jurisevic, Michael Kong, Eric Liu, Francois Gauthier, Vincent Gramoli, Ralph Holz, and Bernhard Scholz, Vandal: A

scalable security analysis framework for smart contracts, arXiv preprint arXiv:1809.03981 (2018).

ConsenSys, Mythril classic, https://github.com/ConsenSys/mythril-classic.

Joel Frank, Cornelius Aschermann, and Thorsten Holz, ETHBMC: A bounded model checker for smart contracts, 29th USENIX Security

Symposium (USENIX Security 20), USENIX Association, 2020.

Josselin Feist, Gustavo Grieco, and Alex Groce, Slither: a static analysis framework for smart contracts, 2019 IEEE/ACM 2nd International

Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), IEEE, 2019.

Shelly Grossman, Ittai Abraham, Guy Golan-Gueta, Yan Michalevsky, Noam Rinetzky, Mooly Sagiv, and Yoni Zohar, Online detection of

effectively callback free objects with applications to smart contracts, Proceedings of the ACM on Programming Languages (2017).

Neville Grech, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis, Gigahorse: Thorough, declarative decompilation of smart contracts,

International Conference on Software Engineering (ICSE), 2019.

Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma, Zeus: Analyzing safety of smart contracts, Proceedings of the 25th Annual

Network and Distributed System Security Symposium, 2018.

Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor, Making smart contracts smarter, Proceedings of the 2016 ACM

SIGSAC conference on computer and communications security, ACM, 2016.

20 / 20

https://github.com/ConsenSys/mythril-classic


References II

Ivica Nikolic, Aashish Kolluri, Ilya Sergey, Prateek Saxena, and Aquinas Hobor, Finding the greedy, prodigal, and suicidal contracts at scale,

Proceedings of the 34th Annual Computer Security Applications Conference, ACM, 2018.

Michael Rodler, Wenting Li, Ghassan Karame, and Lucas Davi, Sereum: Protecting existing smart contracts against re-entrancy attacks,

Proceedings of the 26th Network and Distributed System Security Symposium, 2019.

Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Buenzli, and Martin Vechev, Securify: Practical security analysis

of smart contracts, Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2018.

20 / 20

Documents

TxSpector: Uncovering Attacks in Ethereum from ......International Conference on Software Engineering (ICSE), 2019. Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma, Zeus: