CRPWarner: Warning the Risk of Contract-related Rug Pull in DeFi Smart
Contracts
- URL: http://arxiv.org/abs/2403.01425v1
- Date: Sun, 3 Mar 2024 07:48:38 GMT
- Title: CRPWarner: Warning the Risk of Contract-related Rug Pull in DeFi Smart
Contracts
- Authors: Zewei Lin, Jiachi Chen, Zibin Zheng, Jiajing Wu, Weizhe Zhang,
Yongjuan Wang
- Abstract summary: Rug Pull is one of the most notorious examples of the Rug Pull" scam.
Rug Pull events have already caused significant financial losses.
Based on the analysis of rug pull events, we propose CRPWarner to identify malicious functions in smart contracts.
- Score: 30.68899693638844
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: In recent years, Decentralized Finance (DeFi) grows rapidly due to the
development of blockchain technology and smart contracts. As of March 2023, the
estimated global cryptocurrency market cap has reached approximately $949
billion. However, security incidents continue to plague the DeFi ecosystem, and
one of the most notorious examples is the ``Rug Pull" scam. This type of
cryptocurrency scam occurs when the developer of a particular token project
intentionally abandons the project and disappears with investors' funds.
Despite it only emerging in recent years, Rug Pull events have already caused
significant financial losses. In this work, we manually collected and analyzed
103 real-world rug pull events, categorizing them based on their scam methods.
Two primary categories were identified: Contract-related Rug Pull (through
malicious functions in smart contracts) and Transaction-related Rug Pull
(through cryptocurrency trading without utilizing malicious functions). Based
on the analysis of rug pull events, we propose CRPWarner (short for
Contract-related Rug Pull Risk Warner) to identify malicious functions in smart
contracts and issue warnings regarding potential rug pulls. We evaluated
CRPWarner on 69 open-source smart contracts related to rug pull events and
achieved a 91.8% precision, 85.9% recall and 88.7% F1-score. Additionally, when
evaluating CRPWarner on 13,484 real token contracts on Ethereum, it
successfully detected 4168 smart contracts with malicious functions, including
zero-day examples. The precision of large-scale experiment reach 84.9%.
Related papers
- Demystifying and Detecting Cryptographic Defects in Ethereum Smart Contracts [14.203991954526789]
We conducted the first study aimed at demystifying and detecting cryptographic defects in smart contracts.
We proposed CrySol, a fuzzing-based tool to automate the detection of cryptographic defects in smart contracts.
We collected a large-scale dataset containing 25,745 real-world crypto-related smart contracts and evaluated CrySol's effectiveness on it.
arXiv Detail & Related papers (2024-08-09T08:40:08Z) - End-user Comprehension of Transfer Risks in Smart Contracts [16.333145153972566]
We focus on five transfer risks with severe impact on transfer outcomes and user objectives.
We conducted a user study investigating end-user comprehension of smart contract transfer risks with 110 participants and USDT/MetaMask.
We performed manual and automated source code analysis of the next top (78) ERC-20 smart contracts (after USDT) to identify the prevalence of these risks.
arXiv Detail & Related papers (2024-07-16T07:18:45Z) - MuFuzz: Sequence-Aware Mutation and Seed Mask Guidance for Blockchain Smart Contract Fuzzing [19.606053533275958]
We develop a sequence-aware mutation and seed mask guidance strategy for smart contract fuzzing.
We implement our designs into a new smart contract fuzzer named MuFuzz, and extensively evaluate it on three benchmarks.
Overall, MuFuzz achieves higher branch coverage than state-of-the-art fuzzers (up to 25%) and detects 30% more bugs than existing bug detectors.
arXiv Detail & Related papers (2023-12-07T18:32:19Z) - Token Spammers, Rug Pulls, and SniperBots: An Analysis of the Ecosystem of Tokens in Ethereum and in the Binance Smart Chain (BNB) [50.888293380932616]
We study the ecosystem of the tokens and liquidity pools.
We find that about 60% of tokens are active for less than one day.
We estimate that 1-day rug pulls generated $240 million in profits.
arXiv Detail & Related papers (2022-06-16T14:20:19Z) - Do not rug on me: Zero-dimensional Scam Detection [0.0]
This paper increases the data set by 20K tokens and proposes a new methodology to label tokens as scams.
We propose various machine-learning-based algorithms with new relevant features related to the token propagation and smart contracts to detect potential rug pulls before they occur.
arXiv Detail & Related papers (2022-01-16T16:22:43Z) - Detecting DeFi Securities Violations from Token Smart Contract Code [0.4263043028086136]
Decentralized Finance (DeFi) is a system of financial products and services built and delivered through smart contracts on various blockchains.
This study aims to uncover whether we can identify DeFi projects potentially engaging in securities violations based on their tokens' smart contract code.
arXiv Detail & Related papers (2021-12-06T01:44:08Z) - Smart Contract Vulnerability Detection: From Pure Neural Network to
Interpretable Graph Feature and Expert Pattern Fusion [48.744359070088166]
Conventional smart contract vulnerability detection methods heavily rely on fixed expert rules.
Recent deep learning approaches alleviate this issue but fail to encode useful expert knowledge.
We develop automatic tools to extract expert patterns from the source code.
We then cast the code into a semantic graph to extract deep graph features.
arXiv Detail & Related papers (2021-06-17T07:12:13Z) - The Doge of Wall Street: Analysis and Detection of Pump and Dump Cryptocurrency Manipulations [50.521292491613224]
This paper performs an in-depth analysis of two market manipulations organized by communities over the Internet: The pump and dump and the crowd pump.
The pump and dump scheme is a fraud as old as the stock market. Now, it got new vitality in the loosely regulated market of cryptocurrencies.
We report on three case studies related to pump and dump groups.
arXiv Detail & Related papers (2021-05-03T10:20:47Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z) - Pump and Dumps in the Bitcoin Era: Real Time Detection of Cryptocurrency Market Manipulations [50.521292491613224]
We perform an in-depth analysis of pump and dump schemes organized by communities over the Internet.
We observe how these communities are organized and how they carry out the fraud.
We introduce an approach to detect the fraud in real time that outperforms the current state of the art.
arXiv Detail & Related papers (2020-05-04T21:36:18Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.