Guardians of the Ledger: Protecting Decentralized Exchanges from State Derailment Defects

• URL: http://arxiv.org/abs/2411.18935v2
• Date: Wed, 18 Dec 2024 07:21:51 GMT
• Title: Guardians of the Ledger: Protecting Decentralized Exchanges from State Derailment Defects
• Authors: Zongwei Li, Wenkai Li, Xiaoqi Li, Yuqing Zhang,
• Abstract summary: We conduct the first systematic study of state derailment defects in DEX projects. We propose a novel deep learning-based framework StateGuard for detecting state derailment defects in DEX smart contracts.
• Score: 4.891180928768215
• License:
• Abstract: The decentralized exchange (DEX) leverages smart contracts to trade digital assets for users on the blockchain. Developers usually develop several smart contracts into one project, implementing complex logic functions and multiple transaction operations. However, the interaction among these contracts poses challenges for developers analyzing the state logic. Due to the complex state logic in DEX projects, many critical state derailment defects have emerged in recent years. In this paper, we conduct the first systematic study of state derailment defects in DEX. We define five categories of state derailment defects and provide detailed analyses of them. Furthermore, we propose a novel deep learning-based framework StateGuard for detecting state derailment defects in DEX smart contracts. It leverages a smart contract deconstructor to deconstruct the contract into an Abstract Syntax Tree (AST), from which five categories of dependency features are extracted. Next, it implements a graph optimizer to process the structured data. At last, the optimized data is analyzed by Graph Convolutional Networks (GCNs) to identify potential state derailment defects. We evaluated StateGuard through a dataset of 46 DEX projects containing 5,671 smart contracts, and it achieved 94.25% F1-score. In addition, in a comparison experiment with state-of-the-art, StateGuard leads the F1-score by 6.29%. To further verify its practicality, we used StateGuar to audit real-world contracts and successfully authenticated multiple novel CVEs.

Related papers

• Smart Contract Vulnerabilities, Tools, and Benchmarks: An Updated Systematic Literature Review [2.4646766265478393]
  Smart contracts are self-executing programs on blockchain platforms like, which have revolutionized decentralized finance by enabling trustless transactions and the operation of decentralized applications. Despite their potential, the security of smart contracts remains a critical concern due to their immutability and transparency, which expose them to malicious actors. This paper presents a systematic literature review that explores vulnerabilities in smart contracts, focusing on automated detection tools and benchmark evaluation.
  arXiv  Detail & Related papers  (2024-12-02T17:08:48Z)
• Definition and Detection of Centralization Defects in Smart Contracts [30.24160537607527]
  Security incidents stemming from centralization defects in smart contracts have led to substantial financial losses. This paper introduces six types of centralization defects in smart contracts by manually analyzing 597 Stack Exchange posts and 117 audit reports. We introduce a tool named CDRipper (Centralization Defects Ripper) designed to identify the defined centralization defects.
  arXiv  Detail & Related papers  (2024-11-15T13:16:16Z)
• BlockFound: Customized blockchain foundation model for anomaly detection [47.04595143348698]
  BlockFound is a customized foundation model for anomaly blockchain transaction detection. We introduce a series of customized designs to model the unique data structure of blockchain transactions. BlockFound is the only method that successfully detects anomalous transactions on Solana with high accuracy.
  arXiv  Detail & Related papers  (2024-10-05T05:11:34Z)
• Effective Targeted Testing of Smart Contracts [0.0]
  Since smart contracts are immutable, their bugs cannot be fixed, which may lead to significant monetary losses. Our framework, Griffin, tackles this deficiency by employing a targeted symbolic execution technique for generating test data. This paper discusses how smart contracts differ from legacy software in targeted symbolic execution and how these differences can affect the tool structure.
  arXiv  Detail & Related papers  (2024-07-05T04:38:11Z)
• SmartState: Detecting State-Reverting Vulnerabilities in Smart Contracts via Fine-Grained State-Dependency Analysis [25.364505252702028]
  State-reverting Vulnerability (SRV) can bring security consequences such as illegal profit-gain and Deny-of-Service (DoS) This paper presents SmartState, a new framework for detecting state-reverting vulnerability in Solidity smart contracts. In addition, SmartState successfully identifies 406 new SRVs from 47,351 real-world smart contracts.
  arXiv  Detail & Related papers  (2024-06-23T02:51:23Z)
• StateGuard: Detecting State Derailment Defects in Decentralized Exchange Smart Contract [4.891180928768215]
  We conduct the first systematic study on state derailment defects of DEXs. These defects could lead to incorrect, incomplete, or unauthorized changes to the system state during contract execution. We propose StateGuard, a deep learning-based framework to detect state derailment defects in DEX smart contracts.
  arXiv  Detail & Related papers  (2024-05-15T08:40:29Z)
• Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study [44.25093111430751]
  In 2023 alone, such vulnerabilities led to substantial financial losses exceeding a billion of US dollars. Various tools have been developed to detect and mitigate vulnerabilities in smart contracts. This study investigates the gap between the effectiveness of existing security scanners and the vulnerabilities that still persist in practice.
  arXiv  Detail & Related papers  (2023-12-27T11:26:26Z)
• Blockchain Large Language Models [65.7726590159576]
  This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions. The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System.
  arXiv  Detail & Related papers  (2023-04-25T11:56:18Z)
• Smart Contract Vulnerability Detection: From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion [48.744359070088166]
  Conventional smart contract vulnerability detection methods heavily rely on fixed expert rules. Recent deep learning approaches alleviate this issue but fail to encode useful expert knowledge. We develop automatic tools to extract expert patterns from the source code. We then cast the code into a semantic graph to extract deep graph features.
  arXiv  Detail & Related papers  (2021-06-17T07:12:13Z)
• ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning [80.85273827468063]
  Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable. We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts. We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
  arXiv  Detail & Related papers  (2021-03-23T15:04:44Z)
• D2A: A Dataset Built for AI-Based Vulnerability Detection Methods Using Differential Analysis [55.15995704119158]
  We propose D2A, a differential analysis based approach to label issues reported by static analysis tools. We use D2A to generate a large labeled dataset to train models for vulnerability identification.
  arXiv  Detail & Related papers  (2021-02-16T07:46:53Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.