Guardians of the Ledger: Protecting Decentralized Exchanges from State Derailment Defects
- URL: http://arxiv.org/abs/2411.18935v2
- Date: Wed, 18 Dec 2024 07:21:51 GMT
- Title: Guardians of the Ledger: Protecting Decentralized Exchanges from State Derailment Defects
- Authors: Zongwei Li, Wenkai Li, Xiaoqi Li, Yuqing Zhang,
- Abstract summary: We conduct the first systematic study of state derailment defects in DEX projects.<n>We propose a novel deep learning-based framework StateGuard for detecting state derailment defects in DEX smart contracts.
- Score: 4.891180928768215
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The decentralized exchange (DEX) leverages smart contracts to trade digital assets for users on the blockchain. Developers usually develop several smart contracts into one project, implementing complex logic functions and multiple transaction operations. However, the interaction among these contracts poses challenges for developers analyzing the state logic. Due to the complex state logic in DEX projects, many critical state derailment defects have emerged in recent years. In this paper, we conduct the first systematic study of state derailment defects in DEX. We define five categories of state derailment defects and provide detailed analyses of them. Furthermore, we propose a novel deep learning-based framework StateGuard for detecting state derailment defects in DEX smart contracts. It leverages a smart contract deconstructor to deconstruct the contract into an Abstract Syntax Tree (AST), from which five categories of dependency features are extracted. Next, it implements a graph optimizer to process the structured data. At last, the optimized data is analyzed by Graph Convolutional Networks (GCNs) to identify potential state derailment defects. We evaluated StateGuard through a dataset of 46 DEX projects containing 5,671 smart contracts, and it achieved 94.25% F1-score. In addition, in a comparison experiment with state-of-the-art, StateGuard leads the F1-score by 6.29%. To further verify its practicality, we used StateGuar to audit real-world contracts and successfully authenticated multiple novel CVEs.
Related papers
- Are You Getting What You Pay For? Auditing Model Substitution in LLM APIs [60.881609323604685]
Large Language Models (LLMs) accessed via black-box APIs introduce a trust challenge.
Users pay for services based on advertised model capabilities.
providers may covertly substitute the specified model with a cheaper, lower-quality alternative to reduce operational costs.
This lack of transparency undermines fairness, erodes trust, and complicates reliable benchmarking.
arXiv Detail & Related papers (2025-04-07T03:57:41Z) - Detecting Functional Bugs in Smart Contracts through LLM-Powered and Bug-Oriented Composite Analysis [34.8337182669106]
We design and implement PROMFUZZ, an automated and scalable system to detect functional bugs in smart contracts.
We first propose a novel Large Language Model (LLM)-driven analysis framework, which leverages a dual-agent prompt engineering strategy.
Finally, we design a bug-oriented fuzzing engine, which maps the logical information from the high-level business model to the low-level smart contract implementations.
arXiv Detail & Related papers (2025-03-31T04:39:51Z) - SolBench: A Dataset and Benchmark for Evaluating Functional Correctness in Solidity Code Completion and Repair [51.0686873716938]
We introduce SolBench, a benchmark for evaluating the functional correctness of Solidity smart contracts generated by code completion models.
We propose a Retrieval-Augmented Code Repair framework to verify functional correctness of smart contracts.
Results show that code repair and retrieval techniques effectively enhance the correctness of smart contract completion while reducing computational costs.
arXiv Detail & Related papers (2025-03-03T01:55:20Z) - Definition and Detection of Centralization Defects in Smart Contracts [30.24160537607527]
Security incidents stemming from centralization defects in smart contracts have led to substantial financial losses.
This paper introduces six types of centralization defects in smart contracts by manually analyzing 597 Stack Exchange posts and 117 audit reports.
We introduce a tool named CDRipper (Centralization Defects Ripper) designed to identify the defined centralization defects.
arXiv Detail & Related papers (2024-11-15T13:16:16Z) - Proxion: Uncovering Hidden Proxy Smart Contracts for Finding Collision Vulnerabilities in Ethereum [6.544211171664063]
We present Proxion, an automated cross-contract analyzer that identifies all proxy smart contracts and their collisions.
What sets Proxion apart is its ability to analyze hidden smart contracts that lack both source code and past transactions.
We apply Proxion to analyze over 36 million alive contracts from 2015 to 2023, revealing that 54.2% of them are proxy contracts.
arXiv Detail & Related papers (2024-09-20T15:03:19Z) - Effective Targeted Testing of Smart Contracts [0.0]
Since smart contracts are immutable, their bugs cannot be fixed, which may lead to significant monetary losses.
Our framework, Griffin, tackles this deficiency by employing a targeted symbolic execution technique for generating test data.
This paper discusses how smart contracts differ from legacy software in targeted symbolic execution and how these differences can affect the tool structure.
arXiv Detail & Related papers (2024-07-05T04:38:11Z) - SmartState: Detecting State-Reverting Vulnerabilities in Smart Contracts via Fine-Grained State-Dependency Analysis [25.364505252702028]
State-reverting Vulnerability (SRV) can bring security consequences such as illegal profit-gain and Deny-of-Service (DoS)
This paper presents SmartState, a new framework for detecting state-reverting vulnerability in Solidity smart contracts.
In addition, SmartState successfully identifies 406 new SRVs from 47,351 real-world smart contracts.
arXiv Detail & Related papers (2024-06-23T02:51:23Z) - StateGuard: Detecting State Derailment Defects in Decentralized Exchange Smart Contract [4.891180928768215]
We conduct the first systematic study on state derailment defects of DEXs.
These defects could lead to incorrect, incomplete, or unauthorized changes to the system state during contract execution.
We propose StateGuard, a deep learning-based framework to detect state derailment defects in DEX smart contracts.
arXiv Detail & Related papers (2024-05-15T08:40:29Z) - Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study [44.25093111430751]
In 2023 alone, such vulnerabilities led to substantial financial losses exceeding a billion of US dollars.
Various tools have been developed to detect and mitigate vulnerabilities in smart contracts.
This study investigates the gap between the effectiveness of existing security scanners and the vulnerabilities that still persist in practice.
arXiv Detail & Related papers (2023-12-27T11:26:26Z) - Blockchain Large Language Models [65.7726590159576]
This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions.
The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System.
arXiv Detail & Related papers (2023-04-25T11:56:18Z) - Smart Contract Vulnerability Detection: From Pure Neural Network to
Interpretable Graph Feature and Expert Pattern Fusion [48.744359070088166]
Conventional smart contract vulnerability detection methods heavily rely on fixed expert rules.
Recent deep learning approaches alleviate this issue but fail to encode useful expert knowledge.
We develop automatic tools to extract expert patterns from the source code.
We then cast the code into a semantic graph to extract deep graph features.
arXiv Detail & Related papers (2021-06-17T07:12:13Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z) - D2A: A Dataset Built for AI-Based Vulnerability Detection Methods Using
Differential Analysis [55.15995704119158]
We propose D2A, a differential analysis based approach to label issues reported by static analysis tools.
We use D2A to generate a large labeled dataset to train models for vulnerability identification.
arXiv Detail & Related papers (2021-02-16T07:46:53Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.