Instrumenting Transaction Trace Properties in Smart Contracts: Extending the EVM for Real-Time Security

arXiv - CS - Logic in Computer Science Pub Date : 2024-08-26 DOI:arxiv-2408.14621

Zhiyang Chen, Jan Gorzny, Martin Derka

{"title":"Instrumenting Transaction Trace Properties in Smart Contracts: Extending the EVM for Real-Time Security","authors":"Zhiyang Chen, Jan Gorzny, Martin Derka","doi":"arxiv-2408.14621","DOIUrl":null,"url":null,"abstract":"In the realm of smart contract security, transaction malice detection has\nbeen able to leverage properties of transaction traces to identify hacks with\nhigh accuracy. However, these methods cannot be applied in real-time to revert\nmalicious transactions. Instead, smart contracts are often instrumented with\nsome safety properties to enhance their security. However, these instrumentable\nsafety properties are limited and fail to block certain types of hacks such as\nthose which exploit read-only re-entrancy. This limitation primarily stems from\nthe Ethereum Virtual Machine's (EVM) inability to allow a smart contract to\nread transaction traces in real-time. Additionally, these instrumentable safety\nproperties can be gas-intensive, rendering them impractical for on-the-fly\nvalidation. To address these challenges, we propose modifications to both the\nEVM and Ethereum clients, enabling smart contracts to validate these\ntransaction trace properties in real-time without affecting traditional EVM\nexecution. We also use past-time linear temporal logic (PLTL) to formalize\ntransaction trace properties, showcasing that most existing detection metrics\ncan be expressed using PLTL. We also discuss the potential implications of our\nproposed modifications, emphasizing their capacity to significantly enhance\nsmart contract security.","PeriodicalId":501208,"journal":{"name":"arXiv - CS - Logic in Computer Science","volume":"57 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Logic in Computer Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2408.14621","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

In the realm of smart contract security, transaction malice detection has been able to leverage properties of transaction traces to identify hacks with high accuracy. However, these methods cannot be applied in real-time to revert malicious transactions. Instead, smart contracts are often instrumented with some safety properties to enhance their security. However, these instrumentable safety properties are limited and fail to block certain types of hacks such as those which exploit read-only re-entrancy. This limitation primarily stems from the Ethereum Virtual Machine's (EVM) inability to allow a smart contract to read transaction traces in real-time. Additionally, these instrumentable safety properties can be gas-intensive, rendering them impractical for on-the-fly validation. To address these challenges, we propose modifications to both the EVM and Ethereum clients, enabling smart contracts to validate these transaction trace properties in real-time without affecting traditional EVM execution. We also use past-time linear temporal logic (PLTL) to formalize transaction trace properties, showcasing that most existing detection metrics can be expressed using PLTL. We also discuss the potential implications of our proposed modifications, emphasizing their capacity to significantly enhance smart contract security.

查看原文本刊更多论文

智能合约中的交易跟踪属性工具：为实时安全扩展 EVM

在智能合约安全领域，交易恶意检测已经能够利用交易跟踪的特性来高精度地识别黑客攻击。然而，这些方法无法实时用于还原恶意交易。相反，智能合约通常被赋予一些安全属性，以增强其安全性。然而，这些工具安全属性是有限的，无法阻止某些类型的黑客攻击，例如利用只读重入的黑客攻击。这种限制主要源于以太坊虚拟机（EVM）无法允许智能合约实时读取交易跟踪。此外，这些可检测的安全属性可能是气体密集型的，使其无法进行实时验证。为了应对这些挑战，我们提出了对 EVM 和以太坊客户端的修改建议，使智能合约能够在不影响传统 EVM 执行的情况下实时验证交易跟踪属性。我们还使用过去时线性时间逻辑（PLTL）来形式化交易跟踪属性，展示了大多数现有的检测指标都可以使用 PLTL 来表达。我们还讨论了我们提出的修改的潜在影响，强调了这些修改能够显著提高合同的安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

arXiv - CS - Logic in Computer Science

自引率

0.00%

发文量