BLOCKEYE: Hunting For DeFi Attacks on Blockchain
- URL: http://arxiv.org/abs/2103.02873v1
- Date: Thu, 4 Mar 2021 07:41:12 GMT
- Title: BLOCKEYE: Hunting For DeFi Attacks on Blockchain
- Authors: Bin Wang, Han Liu, Chao Liu, Zhiqiang Yang, Qian Ren, Huixuan Zheng,
Hong Lei
- Abstract summary: Decentralized finance, i.e., DeFi, has become the most popular type of application on many public blockchains.
We propose a real-time attack detection system for DeFi projects on the blockchain.
- Score: 14.036894994367598
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Decentralized finance, i.e., DeFi, has become the most popular type of
application on many public blockchains (e.g., Ethereum) in recent years.
Compared to the traditional finance, DeFi allows customers to flexibly
participate in diverse blockchain financial services (e.g., lending, borrowing,
collateralizing, exchanging etc.) via smart contracts at a relatively low cost
of trust. However, the open nature of DeFi inevitably introduces a large attack
surface, which is a severe threat to the security of participants funds. In
this paper, we proposed BLOCKEYE, a real-time attack detection system for DeFi
projects on the Ethereum blockchain. Key capabilities provided by BLOCKEYE are
twofold: (1) Potentially vulnerable DeFi projects are identified based on an
automatic security analysis process, which performs symbolic reasoning on the
data flow of important service states, e.g., asset price, and checks whether
they can be externally manipulated. (2) Then, a transaction monitor is
installed offchain for a vulnerable DeFi project. Transactions sent not only to
that project but other associated projects as well are collected for further
security analysis. A potential attack is flagged if a violation is detected on
a critical invariant configured in BLOCKEYE, e.g., Benefit is achieved within a
very short time and way much bigger than the cost. We applied BLOCKEYE in
several popular DeFi projects and managed to discover potential security
attacks that are unreported before. A video of BLOCKEYE is available at
https://youtu.be/7DjsWBLdlQU.
Related papers
- IT Strategic alignment in the decentralized finance (DeFi): CBDC and digital currencies [49.1574468325115]
Decentralized finance (DeFi) is a disruptive-based financial infrastructure.
This paper seeks to answer two main questions 1) What are the common IT elements in the DeFi?
And 2) How the elements to the IT strategic alignment in DeFi?
arXiv Detail & Related papers (2024-05-17T10:19:20Z) - Enhancing Trust and Privacy in Distributed Networks: A Comprehensive Survey on Blockchain-based Federated Learning [51.13534069758711]
Decentralized approaches like blockchain offer a compelling solution by implementing a consensus mechanism among multiple entities.
Federated Learning (FL) enables participants to collaboratively train models while safeguarding data privacy.
This paper investigates the synergy between blockchain's security features and FL's privacy-preserving model training capabilities.
arXiv Detail & Related papers (2024-03-28T07:08:26Z) - Generative AI-enabled Blockchain Networks: Fundamentals, Applications,
and Case Study [73.87110604150315]
Generative Artificial Intelligence (GAI) has emerged as a promising solution to address challenges of blockchain technology.
In this paper, we first introduce GAI techniques, outline their applications, and discuss existing solutions for integrating GAI into blockchains.
arXiv Detail & Related papers (2024-01-28T10:46:17Z) - Architectural Design for Secure Smart Contract Development [0.0]
Several attacks on blockchain infrastructures have resulted in hundreds of millions of dollars lost and sensitive information compromised.
I identify common software vulnerabilities and attacks on blockchain infrastructures.
I propose a model for ensuring a stronger security standard for future systems leveraging smart contracts.
arXiv Detail & Related papers (2024-01-03T18:59:17Z) - Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examination and Codification of Vulnerabilities in Prominent Blockchains [0.0]
In this paper, we propose the most complete list of smart contract vulnerabilities with a detailed explanation of each one of them.
In addition, we propose a new codification system that facilitates the communication of those vulnerabilities between developers and researchers.
arXiv Detail & Related papers (2023-12-01T11:01:06Z) - PTTS: Zero-Knowledge Proof-based Private Token Transfer System on Ethereum Blockchain and its Network Flow Based Balance Range Privacy Attack Analysis [0.0]
We propose a Private Token Transfer System (PTTS) for the public blockchain.
For the proposed framework, zero-knowledge based protocol has been designed using Zokrates and integrated into our private token smart contract.
In the second part of the paper, we provide security and privacy analysis including the replay attack and the balance range privacy attack.
arXiv Detail & Related papers (2023-08-29T09:13:31Z) - Leveraging Machine Learning for Multichain DeFi Fraud Detection [5.213509776274283]
We present a framework for extracting features from different chains, including the largest one, and it is evaluated over an extensive dataset.
Different Machine Learning methods were employed, such as XGBoost and a Neural Network for identifying fraud accounts detection interacting with DeFi.
We demonstrate that the introduction of novel DeFi-related features, significantly improves the evaluation results.
arXiv Detail & Related papers (2023-05-17T15:48:21Z) - Blockchain Large Language Models [65.7726590159576]
This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions.
The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System.
arXiv Detail & Related papers (2023-04-25T11:56:18Z) - FIRST: FrontrunnIng Resilient Smart ConTracts [3.5061201620029876]
In some cases, the inherently transparent and unregulated nature of cryptocurrencies leads to verifiable attacks on users of these applications.
One such attack is frontrunning, where a malicious entity leverages the knowledge of currently unprocessed financial transactions.
We propose FIRST, a framework that prevents frontrunning attacks and is built using cryptographic protocols.
arXiv Detail & Related papers (2022-04-02T23:30:13Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z) - Quantum Multi-Solution Bernoulli Search with Applications to Bitcoin's
Post-Quantum Security [67.06003361150228]
A proof of work (PoW) is an important cryptographic construct enabling a party to convince others that they invested some effort in solving a computational task.
In this work, we examine the hardness of finding such chain of PoWs against quantum strategies.
We prove that the chain of PoWs problem reduces to a problem we call multi-solution Bernoulli search, for which we establish its quantum query complexity.
arXiv Detail & Related papers (2020-12-30T18:03:56Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.