Guardians of the Ledger: Protecting Decentralized Exchanges From State Derailment Defects

IF 5.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Reliability Pub Date : 2024-12-18 DOI:10.1109/TR.2024.3509414

Zongwei Li;Wenkai Li;Xiaoqi Li;Yuqing Zhang

{"title":"Guardians of the Ledger: Protecting Decentralized Exchanges From State Derailment Defects","authors":"Zongwei Li;Wenkai Li;Xiaoqi Li;Yuqing Zhang","doi":"10.1109/TR.2024.3509414","DOIUrl":null,"url":null,"abstract":"The decentralized exchange (DEX) leverages smart contracts to trade digital assets for users on the blockchain. Developers usually develop several smart contracts into one project, implementing complex logic functions and multiple transaction operations. However, the interaction among these contracts poses challenges for developers analyzing the state logic. Due to the complex state logic in DEX projects, many critical state derailment defects have emerged in recent years. In this article, we conduct the first systematic study of state derailment defects in DEX. We define five categories of state derailment defects and provide detailed analyses of them. Furthermore, we propose a novel deep learning-based framework S<sc>tateGuard</small> for detecting state derailment defects in DEX smart contracts. It leverages a smart contract deconstructor to deconstruct the contract into an abstract syntax tree (AST), from which five categories of dependency features are extracted. Next, it implements a graph optimizer to process the structured data. At last, the optimized data is analyzed by graph convolutional networks to identify potential state derailment defects. We evaluated S<sc>tateGuard</small> through a dataset of 46 DEX projects containing 5671 smart contracts, and it achieved 94.25% F1-score. In addition, in a comparison experiment with state-of-the-art, S<sc>tateGuard</small> leads the F1-score by 6.29%. To further verify its practicality, we used S<sc>tateGuard</small> to audit real-world contracts and successfully authenticated multiple novel common vulnerabilities and exposures.","PeriodicalId":56305,"journal":{"name":"IEEE Transactions on Reliability","volume":"74 3","pages":"3629-3641"},"PeriodicalIF":5.7000,"publicationDate":"2024-12-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Reliability","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10806737/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

The decentralized exchange (DEX) leverages smart contracts to trade digital assets for users on the blockchain. Developers usually develop several smart contracts into one project, implementing complex logic functions and multiple transaction operations. However, the interaction among these contracts poses challenges for developers analyzing the state logic. Due to the complex state logic in DEX projects, many critical state derailment defects have emerged in recent years. In this article, we conduct the first systematic study of state derailment defects in DEX. We define five categories of state derailment defects and provide detailed analyses of them. Furthermore, we propose a novel deep learning-based framework StateGuard for detecting state derailment defects in DEX smart contracts. It leverages a smart contract deconstructor to deconstruct the contract into an abstract syntax tree (AST), from which five categories of dependency features are extracted. Next, it implements a graph optimizer to process the structured data. At last, the optimized data is analyzed by graph convolutional networks to identify potential state derailment defects. We evaluated StateGuard through a dataset of 46 DEX projects containing 5671 smart contracts, and it achieved 94.25% F1-score. In addition, in a comparison experiment with state-of-the-art, StateGuard leads the F1-score by 6.29%. To further verify its practicality, we used StateGuard to audit real-world contracts and successfully authenticated multiple novel common vulnerabilities and exposures.

查看原文本刊更多论文

分类账的守护者：保护分散的交易所免受国家脱轨缺陷的影响

去中心化交易所（DEX）利用智能合约为区块链上的用户交易数字资产。开发人员通常在一个项目中开发多个智能合约，实现复杂的逻辑功能和多个交易操作。然而，这些契约之间的交互给分析状态逻辑的开发人员带来了挑战。由于DEX项目中复杂的状态逻辑，近年来出现了许多严重的状态脱轨缺陷。在本文中，我们首次系统地研究了DEX中的状态脱轨缺陷。我们定义了五类状态脱轨缺陷，并对它们进行了详细的分析。此外，我们提出了一种新的基于深度学习的框架StateGuard，用于检测DEX智能合约中的状态脱轨缺陷。它利用智能合约解构器将合约解构为抽象语法树（AST），从中提取出五类依赖特性。接下来，它实现了一个图形优化器来处理结构化数据。最后，利用图卷积网络对优化后的数据进行分析，识别出潜在的状态脱轨缺陷。我们通过包含5671个智能合约的46个DEX项目数据集对StateGuard进行了评估，其f1得分达到了94.25%。此外，在与最先进的比较实验中，statguard领先f1得分6.29%。为了进一步验证其实用性，我们使用StateGuard审计真实世界的合约，并成功验证了多个新的常见漏洞和暴露。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Reliability 工程技术-工程：电子与电气

CiteScore

12.20

自引率

8.50%

发文量

153

审稿时长

7.5 months

期刊介绍： IEEE Transactions on Reliability is a refereed journal for the reliability and allied disciplines including, but not limited to, maintainability, physics of failure, life testing, prognostics, design and manufacture for reliability, reliability for systems of systems, network availability, mission success, warranty, safety, and various measures of effectiveness. Topics eligible for publication range from hardware to software, from materials to systems, from consumer and industrial devices to manufacturing plants, from individual items to networks, from techniques for making things better to ways of predicting and measuring behavior in the field. As an engineering subject that supports new and existing technologies, we constantly expand into new areas of the assurance sciences.