Phantom Events: Demystifying the Issues of Log Forgery in Blockchain

• URL: http://arxiv.org/abs/2502.13513v1
• Date: Wed, 19 Feb 2025 08:07:26 GMT
• Title: Phantom Events: Demystifying the Issues of Log Forgery in Blockchain
• Authors: Yixuan Liu, Yuxin Dong, Ye Liu, Xiapu Luo, Yi Li,
• Abstract summary: We present the first in-depth security analysis of transaction log forgery in EVM-based blockchains.<n>We propose a tool designed to detect event forgery vulnerabilities in smart contracts.<n>We have successfully identified real-world instances for all five types of attacks across multiple decentralized applications.
• Score: 31.570414211726888
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: With the rapid development of blockchain technology, transaction logs play a central role in various applications, including decentralized exchanges, wallets, cross-chain bridges, and other third-party services. However, these logs, particularly those based on smart contract events, are highly susceptible to manipulation and forgery, creating substantial security risks across the ecosystem. To address this issue, we present the first in-depth security analysis of transaction log forgery in EVM-based blockchains, a phenomenon we term Phantom Events. We systematically model five types of attacks and propose a tool designed to detect event forgery vulnerabilities in smart contracts. Our evaluation demonstrates that our approach outperforms existing tools in identifying potential phantom events. Furthermore, we have successfully identified real-world instances for all five types of attacks across multiple decentralized applications. Finally, we call on community developers to take proactive steps to address these critical security vulnerabilities.

Related papers

• A Comprehensive Study of Exploitable Patterns in Smart Contracts: From Vulnerability to Defense [1.1138859624936408]
  Vulnerabilities within smart contracts not only undermine the security of individual applications but also pose significant risks to the broader blockchain ecosystem. This paper provides a comprehensive analysis of key security risks in smart contracts, specifically those written in Solidity and executed on the Virtual Machine. We focus on two prevalent and critical types (reentrancy and integer overflow) by examining their underlying mechanisms, replicating attack scenarios, and assessing effective countermeasures.
  arXiv  Detail & Related papers  (2025-04-30T10:00:36Z)
• Security Vulnerabilities in Ethereum Smart Contracts: A Systematic Analysis [7.858744413354451]
  This paper focuses on Ether smart contracts and explains the main components of Ether, smart contract architecture and mechanism. According to the four security events of American Chain, The, Parity and KotET, the principles of integer overflow attack, reentrant attack, access control attack and denial of service attack are studied and analyzed. preventive measures are given.
  arXiv  Detail & Related papers  (2025-04-08T12:25:34Z)
• Impact of Conflicting Transactions in Blockchain: Detecting and Mitigating Potential Attacks [0.2982610402087727]
  Conflicting transactions within blockchain networks pose performance challenges and introduce security vulnerabilities.<n>We propose a set of countermeasures for mitigating these attacks.<n>Our findings emphasize the critical importance of actively managing conflicting transactions to reinforce blockchain security and performance.
  arXiv  Detail & Related papers  (2024-07-30T17:16:54Z)
• Blockchains for Internet of Things: Fundamentals, Applications, and Challenges [38.29453164670072]
  Not every blockchain system is suitable for specific IoT applications. Public blockchains are not suitable for storing sensitive data. We explore the blockchain's application in three pivotal IoT areas: edge AI, communications, and healthcare.
  arXiv  Detail & Related papers  (2024-05-08T04:25:57Z)
• Generative AI-enabled Blockchain Networks: Fundamentals, Applications, and Case Study [73.87110604150315]
  Generative Artificial Intelligence (GAI) has emerged as a promising solution to address challenges of blockchain technology. In this paper, we first introduce GAI techniques, outline their applications, and discuss existing solutions for integrating GAI into blockchains.
  arXiv  Detail & Related papers  (2024-01-28T10:46:17Z)
• Architectural Design for Secure Smart Contract Development [0.0]
  Several attacks on blockchain infrastructures have resulted in hundreds of millions of dollars lost and sensitive information compromised. I identify common software vulnerabilities and attacks on blockchain infrastructures. I propose a model for ensuring a stronger security standard for future systems leveraging smart contracts.
  arXiv  Detail & Related papers  (2024-01-03T18:59:17Z)
• Collaborative Learning Framework to Detect Attacks in Transactions and Smart Contracts [26.70294159598272]
  This paper presents a novel collaborative learning framework designed to detect attacks in blockchain transactions and smart contracts. Our framework exhibits the capability to classify various types of blockchain attacks, including intricate attacks at the machine code level. Our framework achieves a detection accuracy of approximately 94% through extensive simulations and 91% in real-time experiments with a throughput of over 2,150 transactions per second.
  arXiv  Detail & Related papers  (2023-08-30T07:17:20Z)
• Enhancing Smart Contract Security Analysis with Execution Property Graphs [48.31617821205042]
  We introduce Clue, a dynamic analysis framework specifically designed for a runtime virtual machine. Clue captures critical information during contract executions, employing a novel graph-based representation, the Execution Property Graph. evaluation results reveal Clue's superior performance with high true positive rates and low false positive rates, outperforming state-of-the-art tools.
  arXiv  Detail & Related papers  (2023-05-23T13:16:42Z)
• Blockchain Large Language Models [65.7726590159576]
  This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions. The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System.
  arXiv  Detail & Related papers  (2023-04-25T11:56:18Z)
• ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning [80.85273827468063]
  Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable. We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts. We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
  arXiv  Detail & Related papers  (2021-03-23T15:04:44Z)
• Lightweight Collaborative Anomaly Detection for the IoT using Blockchain [40.52854197326305]
  Internet of things (IoT) devices tend to have many vulnerabilities which can be exploited by an attacker. Unsupervised techniques, such as anomaly detection, can be used to secure these devices in a plug-and-protect manner. We present a distributed IoT simulation platform, which consists of 48 Raspberry Pis.
  arXiv  Detail & Related papers  (2020-06-18T14:50:08Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.