Phantom Events: Demystifying the Issues of Log Forgery in Blockchain

• URL: http://arxiv.org/abs/2502.13513v1
• Date: Wed, 19 Feb 2025 08:07:26 GMT
• Title: Phantom Events: Demystifying the Issues of Log Forgery in Blockchain
• Authors: Yixuan Liu, Yuxin Dong, Ye Liu, Xiapu Luo, Yi Li,
• Abstract summary: We present the first in-depth security analysis of transaction log forgery in EVM-based blockchains. We propose a tool designed to detect event forgery vulnerabilities in smart contracts. We have successfully identified real-world instances for all five types of attacks across multiple decentralized applications.
• Score: 31.570414211726888
• License:
• Abstract: With the rapid development of blockchain technology, transaction logs play a central role in various applications, including decentralized exchanges, wallets, cross-chain bridges, and other third-party services. However, these logs, particularly those based on smart contract events, are highly susceptible to manipulation and forgery, creating substantial security risks across the ecosystem. To address this issue, we present the first in-depth security analysis of transaction log forgery in EVM-based blockchains, a phenomenon we term Phantom Events. We systematically model five types of attacks and propose a tool designed to detect event forgery vulnerabilities in smart contracts. Our evaluation demonstrates that our approach outperforms existing tools in identifying potential phantom events. Furthermore, we have successfully identified real-world instances for all five types of attacks across multiple decentralized applications. Finally, we call on community developers to take proactive steps to address these critical security vulnerabilities.

Related papers

• Impact of Conflicting Transactions in Blockchain: Detecting and Mitigating Potential Attacks [0.2982610402087727]
  Conflicting transactions within blockchain networks pose performance challenges and introduce security vulnerabilities. We propose a set of countermeasures for mitigating these attacks. Our findings emphasize the critical importance of actively managing conflicting transactions to reinforce blockchain security and performance.
  arXiv  Detail & Related papers  (2024-07-30T17:16:54Z)
• Towards a Formal Foundation for Blockchain Rollups [9.760484165522005]
  ZK-Rollups aim to address challenges by processing transactions off-chain and validating them on the main chain. This work presents a formal analysis using the Alloy specification language to examine and design key Layer 2 functionalities. We propose enhanced models to strengthen security and censorship resistance, setting new standards for the security of rollups.
  arXiv  Detail & Related papers  (2024-06-23T21:12:19Z)
• Enhancing Trust and Privacy in Distributed Networks: A Comprehensive Survey on Blockchain-based Federated Learning [51.13534069758711]
  Decentralized approaches like blockchain offer a compelling solution by implementing a consensus mechanism among multiple entities. Federated Learning (FL) enables participants to collaboratively train models while safeguarding data privacy. This paper investigates the synergy between blockchain's security features and FL's privacy-preserving model training capabilities.
  arXiv  Detail & Related papers  (2024-03-28T07:08:26Z)
• Penetration Testing of 5G Core Network Web Technologies [53.89039878885825]
  We present the first security assessment of the 5G core from a web security perspective. We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks. Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors.
  arXiv  Detail & Related papers  (2024-03-04T09:27:11Z)
• Generative AI-enabled Blockchain Networks: Fundamentals, Applications, and Case Study [73.87110604150315]
  Generative Artificial Intelligence (GAI) has emerged as a promising solution to address challenges of blockchain technology. In this paper, we first introduce GAI techniques, outline their applications, and discuss existing solutions for integrating GAI into blockchains.
  arXiv  Detail & Related papers  (2024-01-28T10:46:17Z)
• LookAhead: Preventing DeFi Attacks via Unveiling Adversarial Contracts [15.071155232677643]
  Decentralized Finance (DeFi) incidents have resulted in financial damages exceeding 3 billion US dollars. Current detection tools face significant challenges in identifying attack activities effectively. We propose a new direction for detecting DeFi attacks that focuses on identifying adversarial contracts.
  arXiv  Detail & Related papers  (2024-01-14T11:39:33Z)
• Architectural Design for Secure Smart Contract Development [0.0]
  Several attacks on blockchain infrastructures have resulted in hundreds of millions of dollars lost and sensitive information compromised. I identify common software vulnerabilities and attacks on blockchain infrastructures. I propose a model for ensuring a stronger security standard for future systems leveraging smart contracts.
  arXiv  Detail & Related papers  (2024-01-03T18:59:17Z)
• Collaborative Learning Framework to Detect Attacks in Transactions and Smart Contracts [26.70294159598272]
  This paper presents a novel collaborative learning framework designed to detect attacks in blockchain transactions and smart contracts. Our framework exhibits the capability to classify various types of blockchain attacks, including intricate attacks at the machine code level. Our framework achieves a detection accuracy of approximately 94% through extensive simulations and 91% in real-time experiments with a throughput of over 2,150 transactions per second.
  arXiv  Detail & Related papers  (2023-08-30T07:17:20Z)
• Blockchain Large Language Models [65.7726590159576]
  This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions. The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System.
  arXiv  Detail & Related papers  (2023-04-25T11:56:18Z)
• ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning [80.85273827468063]
  Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable. We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts. We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
  arXiv  Detail & Related papers  (2021-03-23T15:04:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.