SafePay on Ethereum: A Framework For Detecting Unfair Payments in Smart Contracts

2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS) Pub Date : 2020-11-01 DOI:10.1109/ICDCS47774.2020.00116

Yue Li, Han Liu, Zhiqiang Yang, Qian Ren, Lei Wang, Bangdao Chen

{"title":"SafePay on Ethereum: A Framework For Detecting Unfair Payments in Smart Contracts","authors":"Yue Li, Han Liu, Zhiqiang Yang, Qian Ren, Lei Wang, Bangdao Chen","doi":"10.1109/ICDCS47774.2020.00116","DOIUrl":null,"url":null,"abstract":"Smart contracts on the Ethereum blockchain are notoriously known as vulnerable to external attacks. Many of their issues led to a considerably large financial loss as they resulted from broken payments by digital assets, e.g., cryptocurrency. Existing research focused on specific patterns to find such problems, e.g., reentrancy bug, nondeterministic recipient etc., yet may lead to false alarms or miss important issues. To mitigate these limitations, we designed the SafePay analysis framework to find unfair payments in Ethereum smart contracts. Compared to existing analyzers, SafePay can detect potential blockchain transactions with feasible exploits thus effectively avoid false reports. Specifically, the detection is driven by a systematic search for violations on fair value exchange (FVE), i.e., a new security invariant introduced in SafePay to indicate that each party “fairly” pays to others. The preliminary evaluation validated the efficacy of SafePay by reporting previously unknown issues and decreasing the number of false alarms.","PeriodicalId":158630,"journal":{"name":"2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDCS47774.2020.00116","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Smart contracts on the Ethereum blockchain are notoriously known as vulnerable to external attacks. Many of their issues led to a considerably large financial loss as they resulted from broken payments by digital assets, e.g., cryptocurrency. Existing research focused on specific patterns to find such problems, e.g., reentrancy bug, nondeterministic recipient etc., yet may lead to false alarms or miss important issues. To mitigate these limitations, we designed the SafePay analysis framework to find unfair payments in Ethereum smart contracts. Compared to existing analyzers, SafePay can detect potential blockchain transactions with feasible exploits thus effectively avoid false reports. Specifically, the detection is driven by a systematic search for violations on fair value exchange (FVE), i.e., a new security invariant introduced in SafePay to indicate that each party “fairly” pays to others. The preliminary evaluation validated the efficacy of SafePay by reporting previously unknown issues and decreasing the number of false alarms.

查看原文本刊更多论文

以太坊上的安全支付:一个检测智能合约中不公平支付的框架

众所周知，以太坊区块链上的智能合约容易受到外部攻击。他们的许多问题导致了相当大的经济损失，因为它们是由数字资产(例如加密货币)的中断支付造成的。现有的研究侧重于特定的模式来发现此类问题，例如，可重入错误，不确定的收件人等，但可能导致误报或遗漏重要问题。为了减轻这些限制，我们设计了SafePay分析框架，以发现以太坊智能合约中的不公平支付。与现有的分析工具相比，SafePay可以检测出具有可行漏洞的潜在区块链交易，从而有效避免虚假报告。具体来说，检测是由对公平价值交换(FVE)违规行为的系统搜索驱动的，即在SafePay中引入的一个新的安全不变量，表明每一方“公平”地向他人支付。初步评估通过报告先前未知的问题和减少假警报的数量，验证了SafePay的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS)

自引率

0.00%

发文量