Definition and Detection of Defects in NFT Smart Contracts
- URL: http://arxiv.org/abs/2305.15829v2
- Date: Fri, 4 Aug 2023 07:05:24 GMT
- Title: Definition and Detection of Defects in NFT Smart Contracts
- Authors: Shuo Yang, Jiachi Chen, Zibin Zheng
- Abstract summary: Defects in NFT smart contracts could be exploited by attackers to harm the security and reliability of the NFT ecosystem.
In this paper, we introduce 5 defects in NFT smart contracts and propose a tool named NFTGuard to detect these defects.
We find that 1,331 contracts contain at least one of the 5 defects, and the overall precision achieved by our tool is 92.6%.
- Score: 34.359991158202796
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Recently, the birth of non-fungible tokens (NFTs) has attracted great
attention. NFTs are capable of representing users' ownership on the blockchain
and have experienced tremendous market sales due to their popularity.
Unfortunately, the high value of NFTs also makes them a target for attackers.
The defects in NFT smart contracts could be exploited by attackers to harm the
security and reliability of the NFT ecosystem. Despite the significance of this
issue, there is a lack of systematic work that focuses on analyzing NFT smart
contracts, which may raise worries about the security of users' NFTs. To
address this gap, in this paper, we introduce 5 defects in NFT smart contracts.
Each defect is defined and illustrated with a code example highlighting its
features and consequences, paired with possible solutions to fix it.
Furthermore, we propose a tool named NFTGuard to detect our defined defects
based on a symbolic execution framework. Specifically, NFTGuard extracts the
information of the state variables from the contract abstract syntax tree
(AST), which is critical for identifying variable-loading and storing
operations during symbolic execution. Furthermore, NFTGuard recovers
source-code-level features from the bytecode to effectively locate defects and
report them based on predefined detection patterns. We run NFTGuard on 16,527
real-world smart contracts and perform an evaluation based on the manually
labeled results. We find that 1,331 contracts contain at least one of the 5
defects, and the overall precision achieved by our tool is 92.6%.
Related papers
- Effective Targeted Testing of Smart Contracts [0.0]
Since smart contracts are immutable, their bugs cannot be fixed, which may lead to significant monetary losses.
Our framework, Griffin, tackles this deficiency by employing a targeted symbolic execution technique for generating test data.
This paper discusses how smart contracts differ from legacy software in targeted symbolic execution and how these differences can affect the tool structure.
arXiv Detail & Related papers (2024-07-05T04:38:11Z) - LookAhead: Preventing DeFi Attacks via Unveiling Adversarial Contracts [14.203351200435575]
We propose a new direction for detecting DeFi attacks, i.e., detecting adversarial contracts instead of adversarial transactions.
We observe that most adversarial contracts follow a similar pattern, e.g., anonymous fund source, closed-source, frequent token-related function calls.
We build a dataset consists of features extracted from 269 adversarial contracts and 13,000 benign contracts.
arXiv Detail & Related papers (2024-01-14T11:39:33Z) - SoK: On the Security of Non-Fungible Tokens [9.574922406565372]
Non-fungible tokens (NFTs) drive the prosperity of the Web3 ecosystem.
There is a lack of understanding of kinds of NFT security issues.
This paper is the first SoK of NFT security, shedding light their root causes, real-world attacks, and potential ways to address them.
arXiv Detail & Related papers (2023-12-13T09:16:24Z) - G$^2$uardFL: Safeguarding Federated Learning Against Backdoor Attacks
through Attributed Client Graph Clustering [116.4277292854053]
Federated Learning (FL) offers collaborative model training without data sharing.
FL is vulnerable to backdoor attacks, where poisoned model weights lead to compromised system integrity.
We present G$2$uardFL, a protective framework that reinterprets the identification of malicious clients as an attributed graph clustering problem.
arXiv Detail & Related papers (2023-06-08T07:15:04Z) - NFTVis: Visual Analysis of NFT Performance [12.491701063977825]
A non-fungible token (NFT) is a data unit stored on the blockchain.
Current rarity models have flaws and are sometimes not convincing.
It is difficult to take comprehensive consideration and analyze NFT performance efficiently.
arXiv Detail & Related papers (2023-06-05T09:02:48Z) - The #DNN-Verification Problem: Counting Unsafe Inputs for Deep Neural
Networks [94.63547069706459]
#DNN-Verification problem involves counting the number of input configurations of a DNN that result in a violation of a safety property.
We propose a novel approach that returns the exact count of violations.
We present experimental results on a set of safety-critical benchmarks.
arXiv Detail & Related papers (2023-01-17T18:32:01Z) - Smart Contract Vulnerability Detection: From Pure Neural Network to
Interpretable Graph Feature and Expert Pattern Fusion [48.744359070088166]
Conventional smart contract vulnerability detection methods heavily rely on fixed expert rules.
Recent deep learning approaches alleviate this issue but fail to encode useful expert knowledge.
We develop automatic tools to extract expert patterns from the source code.
We then cast the code into a semantic graph to extract deep graph features.
arXiv Detail & Related papers (2021-06-17T07:12:13Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z) - Blockchain Assisted Decentralized Federated Learning (BLADE-FL) with
Lazy Clients [124.48732110742623]
We propose a novel framework by integrating blockchain into Federated Learning (FL)
BLADE-FL has a good performance in terms of privacy preservation, tamper resistance, and effective cooperation of learning.
It gives rise to a new problem of training deficiency, caused by lazy clients who plagiarize others' trained models and add artificial noises to conceal their cheating behaviors.
arXiv Detail & Related papers (2020-12-02T12:18:27Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.