A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Filters
BLOCKEYE: Hunting For DeFi Attacks on Blockchain
[article]
2021
arXiv
pre-print
Preserved Fulltext
., lending, borrowing, collateralizing, exchanging etc.) via smart contracts at a relatively low cost of trust. ...
In this paper, we proposed BLOCKEYE, a real-time attack detection system for DeFi projects on the Ethereum blockchain. ...
Moreover, the payment at line 12 is dependent on the oracle due to a data flow from line 9 to 12. That said, EMN has an oracle-dependent state update in its smart contracts. ...
arXiv:2103.02873v1
fatcat:74q6yo5q7fb4bpyatjhq6mdfny
AntFuzzer: A Grey-Box Fuzzing Framework for EOSIO Smart Contracts
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
We have implemented 6 detection plugins on AntFuzzer to detect major vulnerabilities of EOSIO smart contracts. ...
In the past few years, several attacks against the vulnerabilities of EOSIO smart contracts have caused severe financial losses to this prevalent blockchain platform. ...
Each detection plugin defines attack scenarios for triggering a specific type of vulnerability and test oracles for detecting it. ...
arXiv:2211.02652v1
fatcat:btl4ob65fjg2zirci4vbl5gbpa
ContractFuzzer: fuzzing smart contracts for vulnerability detection
2018
Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering - ASE 2018
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:
2018 pre-print arXiv:1807.03932v1 fatcat:xcuqyzwwlfbhpoqaqbhlxlodhiOther Versions
ContractFuzzer generates fuzzing inputs based on the ABI specifications of smart contracts, defines test oracles to detect security vulnerabilities, instruments the EVM to log smart contracts runtime behaviors ...
In particular, our fuzzing tool successfully detects the vulnerability of the DAO contract that leads to USD 60 million loss and the vulnerabilities of Parity Wallet that have led to the loss of 30 million ...
DEFINING TESTING ORACLES FOR VULNERABILITIES OF SMART CONTRACTS In this section, we will define test oracles for detecting each type of vulnerabilities in smart contracts.
1) Test Oracle for Gasless ...
doi:10.1145/3238147.3238177
dblp:conf/kbse/0001LC18
fatcat:ii7efxdnozdrdl2uhyfpvpff6e
EOSFuzzer: Fuzzing EOSIO Smart Contracts for Vulnerability Detection
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
In particular, EOSFuzzer proposed effective attacking scenarios and test oracles for EOSIO smart contract fuzzing. ...
It is scalable in terms of transaction speeds and has a growing ecosystem supporting smart contracts and decentralized applications. ...
The test oracle to detect the fake EOS transfer vulnerability under the designed attacking scenarios is:
CanReceiveEOS & TransferCalled The CanReceiveEOS test oracle is to check whether the smart contract ...
arXiv:2007.14903v3
fatcat:6naghoujsbf4xjqrpl75krm62e
Oracle-Supported Dynamic Exploit Generation for Smart Contracts
[article]
2019
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Being a dynamic technique, it guarantees that each discovered vulnerability is a violation of the test oracle and is able to generate the attack script to exploit this vulnerability. ...
In this paper, we introduce ContraMaster: an oracle-supported dynamic exploit generation framework for smart contracts. ...
Semantic Test Oracle The fundamental difficulty in detecting smart contract vulnerabilities is the lack of a general-purpose test oracle. ...
arXiv:1909.06605v2
fatcat:d2agsfeikbdhnatw45p2lasqsm
Safeguarding DeFi Smart Contracts against Oracle Deviations
[article]
2024
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2024; you can also visit the original URL.
The file type is application/pdf.
Furthermore, guard statements may be generated for smart contracts that may use the oracle values, thus effectively preventing oracle manipulation attacks. ...
This paper presents OVer, a framework designed to automatically analyze the behavior of decentralized finance (DeFi) protocols when subjected to a "skewed" oracle input. ...
While previous research has primarily concentrated on the design of robust oracles and the detection of price manipulation attacks, our work proposes promising analysis tools for smart contracts to help ...
arXiv:2401.06044v1
fatcat:gh73s7gddjg7dlbjkdx4lyvl7m
Front-Running Attack Benchmark Construction and Vulnerability Detection Technique Evaluation
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2023; you can also visit the original URL.
The file type is application/pdf.
Other Versions
This motivates us to build a benchmark consisting of 513 real-world attacks with vulnerable code labeled in 235 distinct smart contracts. ...
The evaluation of seven state-of-the-art vulnerability detection techniques on the benchmark reveals their inadequacy in detecting front-running vulnerabilities, with a low recall of at most 6.04%. ...
Among them, we focus on those techniques capable of detecting front-running vulnerabilities in smart contracts. ...
arXiv:2212.12110v2
fatcat:sh2wqnusfbcvnlhjc54ydghnpe
Attacking GlobalPlatform SCP02-compliant Smart Cards Using a Padding Oracle Attack
2018
Transactions on Cryptographic Hardware and Embedded Systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
We describe in this paper how to perform a padding oracle attack against the GlobalPlatform SCP02 protocol. ...
We provide results of our experiments done with 10 smart cards from six different card manufacturers, and show that, in our experimental setting, the attack is fully practical. ...
Figure 3 : 3 D R (continuous blue line) and D W (dashed red line) corresponding to Card B with different values m.
Figure 4 : 4 Padding oracle attack targeting an UICC. ...
doi:10.13154/tches.v2018.i2.149-170
dblp:journals/tches/AvoineF18
fatcat:alymnwxugrevrakcpk6tq2nldq
Metamorphic Testing for Smart Contract Vulnerabilities Detection
[article]
2023
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2023; you can also visit the original URL.
The file type is application/pdf.
Based on the anomalies we observed in vulnerable smart contracts, we define five metamorphic relations to detect abnormal gas consumption and account interaction inconsistency of the target smart contract ...
In this article, we apply the metamorphic testing technique to detect smart contract vulnerabilities. ...
Then, the fallback function (lines 12-15 in Fig 3) of Attacker will be invoked automatically, and line 14 in Fig 3 will execute lines 7-8 of Fig 2 again and thus make recursive calls. ...
arXiv:2303.03179v1
fatcat:yzq4wxwzt5bbxfr66rebcer7xq
Empirical Review of Smart Contract and DeFi Security: Vulnerability Detection and Automated Repair
[article]
2023
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2023; you can also visit the original URL.
The file type is application/pdf.
Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:
2023 pre-print arXiv:2309.02391v1 fatcat:hx4xlvei3ncqjjcomd7tjywl4y
Then, we present an empirical study of 42 state-of-the-art techniques that can detect smart contract and DeFi vulnerabilities. ...
Unfortunately, smart contracts hold a massive amount of value, making them an attractive target for attacks. ...
Another line of work focuses on identifying and patching vulnerabilities in smart contracts and DeFi protocols. ...
arXiv:2309.02391v2
fatcat:ojfnihqcpzdppji6yozy7dg6tq
A Survey of DeFi Security: Challenges and Opportunities
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Then we classify and analyze real-world DeFi attacks based on the principles that correlate to the vulnerabilities. ...
In addition, we collect optimization strategies from the data, network, consensus, smart contract, and application layers. And then, we describe the weaknesses and technical approaches they address. ...
This research is partially supported by Early Career Research Starting Fund of Hainan University under Grant RZ2200001265. ...
arXiv:2206.11821v3
fatcat:ipd657432bdqpoo2sruftw3ta4
Your Smart Contracts Are Not Secure
2021
Proceedings of the 3rd Workshop on Cyber-Security Arms Race
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
This research work focuses on two smart contract vulnerabilities: transaction-ordering dependency and oracle manipulation. ...
Combined, these two vulnerabilities have been exploited to extract hundreds of millions of dollars from smart contracts in the past year (2020)(2021). ...
Beyond Flash Loans As the Ethereum network grows and smart contracts become ever more reliant on oracles for different kinds of information, new oracle manipulation attacks will undoubtedly emerge in the ...
doi:10.1145/3474374.3486916
fatcat:c5npmi5rj5h3pfxk5gmnekce44
FlashSyn: Flash Loan Attack Synthesis via Counter Example Driven Approximation
[article]
2024
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2024; you can also visit the original URL.
The file type is application/pdf.
Other Versions
FlashSyn automatically synthesizes an adversarial attack for 16 of the 18 benchmarks. ...
We then construct an optimization query using the approximated functions of the DeFi protocol to find an adversarial attack constituted of a sequence of functions invocations with optimal parameters that ...
This attack is a typical case of oracle manipulation. ...
arXiv:2206.10708v3
fatcat:jy4icmbmd5b3fm75fwrkuvwdjq
Detection of Vulnerabilities in Smart Contracts Specifications in Ethereum Platforms
2020
Symposium on Languages, Applications and Technologies
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
In this paper, we propose a tool for the detection of vulnerabilities in high-level languages based on automatized static analysis. ...
Ethereum is the principal ecosystem based on blockchain that provides a suitable environment for coding and executing smart contracts, which have been receiving great attention due to the commercial apps ...
smart contracts. ...
doi:10.4230/oasics.slate.2020.2
dblp:conf/slate/ArganarazBPH20
fatcat:j654ooajcnh5tlbrqg3jgcitde
Smart Contract Vulnerability Detection Based on Symbolic Execution Technology
[chapter]
2022
Communications in Computer and Information Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Therefore the security of smart contracts is imminent. This project has designed and implemented a vulnerability detection system of Ethereum smart contract. ...
It has a high accuracy of detection result, and gives support for export vulnerability report. ...
This work is supported by CNKLSTISS and the National Natural Science Foundation of China (Grant No. 61802025). ...
doi:10.1007/978-981-16-9229-1_12
fatcat:bvzyj4kvpnc3jclf5npgnv5wqm
« Previous
Showing results 1 — 15 out of 2,607 results