SmartState: Detecting State-Reverting Vulnerabilities in Smart Contracts via Fine-Grained State-Dependency Analysis
arxiv(2024)
摘要
Smart contracts written in Solidity are widely used in different blockchain
platforms such as Ethereum, TRON and BNB Chain. One of the unique designs in
Solidity smart contracts is its state-reverting mechanism for error handling
and access control. Unfortunately, a number of recent security incidents showed
that adversaries also utilize this mechanism to manipulate critical states of
smart contracts, and hence, bring security consequences such as illegal
profit-gain and Deny-of-Service (DoS). In this paper, we call such
vulnerabilities as the State-reverting Vulnerability (SRV). Automatically
identifying SRVs poses unique challenges, as it requires an in-depth analysis
and understanding of the state-dependency relations in smart contracts.
This paper presents SmartState, a new framework for detecting state-reverting
vulnerability in Solidity smart contracts via fine-grained state-dependency
analysis. SmartState integrates a set of novel mechanisms to ensure its
effectiveness. Particularly, Smart-State extracts state dependencies from both
contract bytecode and historical transactions. Both of them are critical for
inferring dependencies related to SRVs. Further, SmartState models the generic
patterns of SRVs (i.e., profit-gain and DoS) as SRV indicators, and hence
effectively identify SRVs based on the constructed state-dependency graph. To
evaluate SmartState, we manually annotated a ground-truth dataset which
contains 91 SRVs in the real world. Evaluation results showed that SmartState
achieves a precision of 87.23
successfully identifies 406 new SRVs from 47,351 real-world smart contracts. 11
of these SRVs are from popular smart contracts with high transaction amounts
(i.e., top 2000). In total, our reported SRVs affect a total amount of digital
assets worth 428,600 USD.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要