Related papers: From Programming Bugs to Multimillion-Dollar Scams: An Analysis of Trapdoor Tokens on Decentralized Exchanges

From Programming Bugs to Multimillion-Dollar Scams: An Analysis of Trapdoor Tokens on Decentralized Exchanges

URL: http://arxiv.org/abs/2309.04700v3
Date: Thu, 21 Sep 2023 13:30:24 GMT
Title: From Programming Bugs to Multimillion-Dollar Scams: An Analysis of Trapdoor Tokens on Decentralized Exchanges
Authors: Phuong Duy Huynh, Thisal De Silva, Son Hoang Dau, Xiaodong Li, Iqbal Gondal, Emanuele Viterbo,
Abstract summary: A Trapdoor token allows users to buy but prevent them from selling. In a nutshell, by embedding logical bugs and/or owner-only features to the smart contract codes, a Trapdoor token allows users to buy but prevent them from selling. We develop the first systematic classification of Trapdoor tokens and a comprehensive list of their programming techniques.
Score: 12.488993570076923
License: http://creativecommons.org/licenses/by/4.0/
Abstract: We investigate in this work a recently emerging type of scam token called Trapdoor, which has caused the investors hundreds of millions of dollars in the period of 2020-2023. In a nutshell, by embedding logical bugs and/or owner-only features to the smart contract codes, a Trapdoor token allows users to buy but prevent them from selling. We develop the first systematic classification of Trapdoor tokens and a comprehensive list of their programming techniques, accompanied by a detailed analysis on representative scam contracts. We also construct the very first dataset of 1859 manually verified Trapdoor tokens on Uniswap and build effective opcode-based detection tools using popular machine learning classifiers such as Random Forest, XGBoost, and LightGBM, which achieve at least 0.98% accuracies, precisions, recalls, and F1-scores.

Related papers

Privacy Risks of Speculative Decoding in Large Language Models [2.869014888726965]
Speculative decoding in large language models (LLMs) accelerates token generation by speculatively predicting multiple tokens cheaply and verifying them in parallel. We observe that input-dependent patterns of correct and incorrect predictions can be leaked out to an adversary monitoring token generation times and packet sizes. We show that a malicious adversary can fingerprint queries and learn private user inputs with more than $90%$ accuracy across three different speculative decoding techniques.
arXiv Detail & Related papers (2024-11-01T23:14:30Z)
T2IShield: Defending Against Backdoors on Text-to-Image Diffusion Models [70.03122709795122]
We propose a comprehensive defense method named T2IShield to detect, localize, and mitigate backdoor attacks. We find the "Assimilation Phenomenon" on the cross-attention maps caused by the backdoor trigger. For backdoor sample detection, T2IShield achieves a detection F1 score of 88.9$%$ with low computational cost.
arXiv Detail & Related papers (2024-07-05T01:53:21Z)
Not All Prompts Are Secure: A Switchable Backdoor Attack Against Pre-trained Vision Transformers [51.0477382050976]
An extra prompt token, called the switch token in this work, can turn the backdoor mode on, converting a benign model into a backdoored one. To attack a pre-trained model, our proposed attack, named SWARM, learns a trigger and prompt tokens including a switch token. Experiments on diverse visual recognition tasks confirm the success of our switchable backdoor attack, achieving 95%+ attack success rate.
arXiv Detail & Related papers (2024-05-17T08:19:48Z)
Uncover the Premeditated Attacks: Detecting Exploitable Reentrancy Vulnerabilities by Identifying Attacker Contracts [27.242299425486273]
Reentrancy, a notorious vulnerability in smart contracts, has led to millions of dollars in financial loss. Current smart contract vulnerability detection tools suffer from a high false positive rate in identifying contracts with reentrancy vulnerabilities. We propose BlockWatchdog, a tool that focuses on detecting reentrancy vulnerabilities by identifying attacker contracts.
arXiv Detail & Related papers (2024-03-28T03:07:23Z)
Zero-Shot Detection of Machine-Generated Codes [83.0342513054389]
This work proposes a training-free approach for the detection of LLMs-generated codes. We find that existing training-based or zero-shot text detectors are ineffective in detecting code. Our method exhibits robustness against revision attacks and generalizes well to Java codes.
arXiv Detail & Related papers (2023-10-08T10:08:21Z)
Effective Illicit Account Detection on Large Cryptocurrency MultiGraphs [16.25273745598176]
Rise in cryptocurrency-related illicit activities has led to significant losses for users. Current detection methods mainly depend on feature engineering or are inadequate to leverage the complex information within cryptocurrency transaction networks. We present DIAM, an effective method for detecting illicit accounts in cryptocurrency transaction networks modeled by directed multi-graphs with attributed edges.
arXiv Detail & Related papers (2023-09-04T09:01:56Z)
Blockchain Large Language Models [65.7726590159576]
This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions. The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System.
arXiv Detail & Related papers (2023-04-25T11:56:18Z)
Token Spammers, Rug Pulls, and SniperBots: An Analysis of the Ecosystem of Tokens in Ethereum and in the Binance Smart Chain (BNB) [50.888293380932616]
We study the ecosystem of the tokens and liquidity pools. We find that about 60% of tokens are active for less than one day. We estimate that 1-day rug pulls generated $240 million in profits.
arXiv Detail & Related papers (2022-06-16T14:20:19Z)
Do not rug on me: Zero-dimensional Scam Detection [0.0]
This paper increases the data set by 20K tokens and proposes a new methodology to label tokens as scams. We propose various machine-learning-based algorithms with new relevant features related to the token propagation and smart contracts to detect potential rug pulls before they occur.
arXiv Detail & Related papers (2022-01-16T16:22:43Z)
Detecting DeFi Securities Violations from Token Smart Contract Code [0.4263043028086136]
Decentralized Finance (DeFi) is a system of financial products and services built and delivered through smart contracts on various blockchains. This study aims to uncover whether we can identify DeFi projects potentially engaging in securities violations based on their tokens' smart contract code.
arXiv Detail & Related papers (2021-12-06T01:44:08Z)
ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable. We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts. We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.