{"title":"智能合约中的交易跟踪属性工具:为实时安全扩展 EVM","authors":"Zhiyang Chen, Jan Gorzny, Martin Derka","doi":"arxiv-2408.14621","DOIUrl":null,"url":null,"abstract":"In the realm of smart contract security, transaction malice detection has\nbeen able to leverage properties of transaction traces to identify hacks with\nhigh accuracy. However, these methods cannot be applied in real-time to revert\nmalicious transactions. Instead, smart contracts are often instrumented with\nsome safety properties to enhance their security. However, these instrumentable\nsafety properties are limited and fail to block certain types of hacks such as\nthose which exploit read-only re-entrancy. This limitation primarily stems from\nthe Ethereum Virtual Machine's (EVM) inability to allow a smart contract to\nread transaction traces in real-time. Additionally, these instrumentable safety\nproperties can be gas-intensive, rendering them impractical for on-the-fly\nvalidation. To address these challenges, we propose modifications to both the\nEVM and Ethereum clients, enabling smart contracts to validate these\ntransaction trace properties in real-time without affecting traditional EVM\nexecution. We also use past-time linear temporal logic (PLTL) to formalize\ntransaction trace properties, showcasing that most existing detection metrics\ncan be expressed using PLTL. We also discuss the potential implications of our\nproposed modifications, emphasizing their capacity to significantly enhance\nsmart contract security.","PeriodicalId":501208,"journal":{"name":"arXiv - CS - Logic in Computer Science","volume":"57 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Instrumenting Transaction Trace Properties in Smart Contracts: Extending the EVM for Real-Time Security\",\"authors\":\"Zhiyang Chen, Jan Gorzny, Martin Derka\",\"doi\":\"arxiv-2408.14621\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the realm of smart contract security, transaction malice detection has\\nbeen able to leverage properties of transaction traces to identify hacks with\\nhigh accuracy. However, these methods cannot be applied in real-time to revert\\nmalicious transactions. Instead, smart contracts are often instrumented with\\nsome safety properties to enhance their security. However, these instrumentable\\nsafety properties are limited and fail to block certain types of hacks such as\\nthose which exploit read-only re-entrancy. This limitation primarily stems from\\nthe Ethereum Virtual Machine's (EVM) inability to allow a smart contract to\\nread transaction traces in real-time. Additionally, these instrumentable safety\\nproperties can be gas-intensive, rendering them impractical for on-the-fly\\nvalidation. To address these challenges, we propose modifications to both the\\nEVM and Ethereum clients, enabling smart contracts to validate these\\ntransaction trace properties in real-time without affecting traditional EVM\\nexecution. We also use past-time linear temporal logic (PLTL) to formalize\\ntransaction trace properties, showcasing that most existing detection metrics\\ncan be expressed using PLTL. We also discuss the potential implications of our\\nproposed modifications, emphasizing their capacity to significantly enhance\\nsmart contract security.\",\"PeriodicalId\":501208,\"journal\":{\"name\":\"arXiv - CS - Logic in Computer Science\",\"volume\":\"57 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-08-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - CS - Logic in Computer Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2408.14621\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Logic in Computer Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2408.14621","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Instrumenting Transaction Trace Properties in Smart Contracts: Extending the EVM for Real-Time Security
In the realm of smart contract security, transaction malice detection has
been able to leverage properties of transaction traces to identify hacks with
high accuracy. However, these methods cannot be applied in real-time to revert
malicious transactions. Instead, smart contracts are often instrumented with
some safety properties to enhance their security. However, these instrumentable
safety properties are limited and fail to block certain types of hacks such as
those which exploit read-only re-entrancy. This limitation primarily stems from
the Ethereum Virtual Machine's (EVM) inability to allow a smart contract to
read transaction traces in real-time. Additionally, these instrumentable safety
properties can be gas-intensive, rendering them impractical for on-the-fly
validation. To address these challenges, we propose modifications to both the
EVM and Ethereum clients, enabling smart contracts to validate these
transaction trace properties in real-time without affecting traditional EVM
execution. We also use past-time linear temporal logic (PLTL) to formalize
transaction trace properties, showcasing that most existing detection metrics
can be expressed using PLTL. We also discuss the potential implications of our
proposed modifications, emphasizing their capacity to significantly enhance
smart contract security.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
