Instrumenting Transaction Trace Properties in Smart Contracts: Extending the EVM for Real-Time Security

• URL: http://arxiv.org/abs/2408.14621v1
• Date: Mon, 26 Aug 2024 20:33:22 GMT
• Title: Instrumenting Transaction Trace Properties in Smart Contracts: Extending the EVM for Real-Time Security
• Authors: Zhiyang Chen, Jan Gorzny, Martin Derka,
• Abstract summary: Smart contracts are often instrumented with some safety properties to enhance their security. These safety properties are limited and fail to block certain types of hacks such as those which exploit read-only re-entrancy. We propose to enable smart contracts to validate transaction trace properties in real-time without affecting traditional EVM execution.
• Score: 3.4237310507643706
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: In the realm of smart contract security, transaction malice detection has been able to leverage properties of transaction traces to identify hacks with high accuracy. However, these methods cannot be applied in real-time to revert malicious transactions. Instead, smart contracts are often instrumented with some safety properties to enhance their security. However, these instrumentable safety properties are limited and fail to block certain types of hacks such as those which exploit read-only re-entrancy. This limitation primarily stems from the Ethereum Virtual Machine's (EVM) inability to allow a smart contract to read transaction traces in real-time. Additionally, these instrumentable safety properties can be gas-intensive, rendering them impractical for on-the-fly validation. To address these challenges, we propose modifications to both the EVM and Ethereum clients, enabling smart contracts to validate these transaction trace properties in real-time without affecting traditional EVM execution. We also use past-time linear temporal logic (PLTL) to formalize transaction trace properties, showcasing that most existing detection metrics can be expressed using PLTL. We also discuss the potential implications of our proposed modifications, emphasizing their capacity to significantly enhance smart contract security.

Related papers

• ML Study of MaliciousTransactions in Ethereum [0.0]
  This paper presents two successful approaches for detecting malicious contracts. One uses opcode and relies on GPT2 and the other uses the Solidity source and a LORA fine-tuned CodeLlama.
  arXiv  Detail & Related papers  (2024-08-16T13:50:04Z)
• Solvent: liquidity verification of smart contracts [2.680854115314008]
  A current limitation of smart contract verification tools is that they are not really effective in expressing and verifying liquidity properties regarding the exchange of crypto-assets. We propose solvent, a tool aimed at verifying these kinds of properties, which are beyond the reach of existing verification tools for Solidity.
  arXiv  Detail & Related papers  (2024-04-27T10:54:50Z)
• Demystifying Invariant Effectiveness for Securing Smart Contracts [8.848934430494088]
  In this paper, we studied 23 prevalent invariants of 8 categories, which are either deployed in high-profile protocols or endorsed by leading auditing firms and security experts. We developed a tool Trace2Inv which dynamically generates new invariants customized for a given contract based on its historical transaction data. Our findings reveal that the most effective invariant guard alone can successfully block 18 of the 27 identified exploits with minimal gas overhead.
  arXiv  Detail & Related papers  (2024-04-22T20:59:09Z)
• Detectors for Safe and Reliable LLMs: Implementations, Uses, and Limitations [76.19419888353586]
  Large language models (LLMs) are susceptible to a variety of risks, from non-faithful output to biased and toxic generations. We present our efforts to create and deploy a library of detectors: compact and easy-to-build classification models that provide labels for various harms.
  arXiv  Detail & Related papers  (2024-03-09T21:07:16Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• Gradual Verification for Smart Contracts [0.4543820534430522]
  Algos facilitate secure resource transactions through smart contracts, yet these digital agreements are prone to vulnerabilities. Traditional verification techniques fall short in providing comprehensive security assurances. This paper introduces an incremental approach: gradual verification.
  arXiv  Detail & Related papers  (2023-11-22T12:42:26Z)
• Safety Margins for Reinforcement Learning [53.10194953873209]
  We show how to leverage proxy criticality metrics to generate safety margins. We evaluate our approach on learned policies from APE-X and A3C within an Atari environment.
  arXiv  Detail & Related papers  (2023-07-25T16:49:54Z)
• Blockchain Large Language Models [65.7726590159576]
  This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions. The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System.
  arXiv  Detail & Related papers  (2023-04-25T11:56:18Z)
• Online Safety Property Collection and Refinement for Safe Deep Reinforcement Learning in Mapless Navigation [79.89605349842569]
  We introduce the Collection and Refinement of Online Properties (CROP) framework to design properties at training time. CROP employs a cost signal to identify unsafe interactions and use them to shape safety properties. We evaluate our approach in several robotic mapless navigation tasks and demonstrate that the violation metric computed with CROP allows higher returns and lower violations over previous Safe DRL approaches.
  arXiv  Detail & Related papers  (2023-02-13T21:19:36Z)
• Safety Verification of Declarative Smart Contracts [4.303272418564008]
  This paper presents an automated safety verification tool, DCV, that targets declarative smart contracts written in DeCon. Our evaluation on 20 benchmark contracts shows that DCV is effective in verifying smart contracts adapted from public repositories, and can verify contracts not supported by other tools.
  arXiv  Detail & Related papers  (2022-11-26T15:02:37Z)
• ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning [80.85273827468063]
  Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable. We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts. We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
  arXiv  Detail & Related papers  (2021-03-23T15:04:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.