EAOS: Exposing attacks in smart contracts through analyzing opcode sequences with operands

Abstract

Today, Ethereum is the world’s largest open-source platform. However, because smart contracts hold a large amount of money and cannot be changed once on the chain, they have become the target of attackers. Users will undoubtedly suffer significant financial losses. To counter these attacks, various methods have been proposed to scan smart contracts for vulnerabilities before deploying them on the blockchain, but few of them determine smart contracts to be vulnerable by examining transactions. In this paper, we propose a framework called EAOS to detect attacks through analyzing the opcode sequences executed by EVM. We first obtain the opcode sequences with operands of smart contracts during EVM execution by replaying the historical transactions of Ethereum, and then extract the feature opcodes from the opcode sequences to generate the feature opcode sequences. Next, we provide some very useful APIs to make it easier for users to get the data related to the opcode sequences. Based on the APIs, users can develop various algorithms to detect attacks. Finally, to verify the effectiveness of EAOS, five algorithms are developed to analyze the replayed transaction opcode sequences. The extensive experimental results demonstrate the effectiveness and efficiency of EAOS and our detection algorithms.