WakeMint: Detecting Sleepminting Vulnerabilities in NFT Smart Contracts

• URL: http://arxiv.org/abs/2502.19032v1
• Date: Wed, 26 Feb 2025 10:39:46 GMT
• Title: WakeMint: Detecting Sleepminting Vulnerabilities in NFT Smart Contracts
• Authors: Lei Xiao, Shuo Yang, Wen Chen, Zibin Zheng,
• Abstract summary: Sleepminting allows attackers to illegally transfer others' tokens.<n>There is a lack of understanding from the contract code perspective, which is crucial for identifying such issues.<n>We propose WakeMint, which is built on a symbolic execution framework and is designed to be compatible with both high and low versions of Solidity.
• Score: 33.83946216568598
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The non-fungible tokens (NFTs) market has evolved over the past decade, with NFTs serving as unique digital identifiers on a blockchain that certify ownership and authenticity. However, their high value also attracts attackers who exploit vulnerabilities in NFT smart contracts for illegal profits, thereby harming the NFT ecosystem. One notable vulnerability in NFT smart contracts is sleepminting, which allows attackers to illegally transfer others' tokens. Although some research has been conducted on sleepminting, these studies are basically qualitative analyses or based on historical transaction data. There is a lack of understanding from the contract code perspective, which is crucial for identifying such issues and preventing attacks before they occur. To address this gap, in this paper, we categoriz four distinct types of sleepminting in NFT smart contracts. Each type is accompanied by a comprehensive definition and illustrative code examples to provide how these vulnerabilities manifest within the contract code. Furthermore, to help detect the defined defects before the sleepminting problem occurrence, we propose a tool named WakeMint, which is built on a symbolic execution framework and is designed to be compatible with both high and low versions of Solidity. The tool also employs a pruning strategy to shorten the detection period. Additionally, WakeMint gathers some key information, such as the owner of an NFT and emissions of events related to the transfer of the NFT's ownership during symbolic execution. Then, it analyzes the features of the transfer function based on this information so that it can judge the existence of sleepminting. We ran WakeMint on 11,161 real-world NFT smart contracts and evaluated the results. We found 115 instances of sleepminting issues in total, and the precision of our tool is 87.8%.

Related papers

• Grimm: A Plug-and-Play Perturbation Rectifier for Graph Neural Networks Defending against Poisoning Attacks [53.972077392749185]
  Recent studies have revealed the vulnerability of graph neural networks (GNNs) to adversarial poisoning attacks on node classification tasks.<n>Here we introduce Grimm, the first plug-and-play defense model.
  arXiv  Detail & Related papers  (2024-12-11T17:17:02Z)
• Exact Certification of (Graph) Neural Networks Against Label Poisoning [50.87615167799367]
  Machine learning models are vulnerable to label flipping, i.e., the adversarial modification (poisoning) of training labels to compromise performance.<n>We introduce an exact certification method, deriving both sample-wise and collective certificates.<n>Our work presents the first exact certificate to a poisoning attack ever derived for neural networks, which could be of independent interest.
  arXiv  Detail & Related papers  (2024-11-30T17:05:12Z)
• Versioned Analysis of Software Quality Indicators and Self-admitted Technical Debt in Ethereum Smart Contracts with Ethstractor [2.052808596154225]
  This paper proposes Ethstractor, the first smart contract collection tool for gathering a dataset of versioned smart contracts. The collected dataset is then used to evaluate the reliability of code metrics as indicators of vulnerabilities in smart contracts.
  arXiv  Detail & Related papers  (2024-07-22T18:27:29Z)
• Effective Targeted Testing of Smart Contracts [0.0]
  Since smart contracts are immutable, their bugs cannot be fixed, which may lead to significant monetary losses. Our framework, Griffin, tackles this deficiency by employing a targeted symbolic execution technique for generating test data. This paper discusses how smart contracts differ from legacy software in targeted symbolic execution and how these differences can affect the tool structure.
  arXiv  Detail & Related papers  (2024-07-05T04:38:11Z)
• LookAhead: Preventing DeFi Attacks via Unveiling Adversarial Contracts [15.071155232677643]
  Decentralized Finance (DeFi) incidents have resulted in financial damages exceeding 3 billion US dollars. Current detection tools face significant challenges in identifying attack activities effectively. We propose a new direction for detecting DeFi attacks that focuses on identifying adversarial contracts.
  arXiv  Detail & Related papers  (2024-01-14T11:39:33Z)
• The Dark Side of NFTs: A Large-Scale Empirical Study of Wash Trading [28.20696034160891]
  We analyze 8,717,031 transfer events and 3,830,141 sale events from 2,701,883 NFTs. We identify three types of NFT wash trading and propose identification algorithms. We also provide insights from six aspects, i.e., marketplace design, profitability, NFT project design, payment token, user behavior, and NFT ecosystem.
  arXiv  Detail & Related papers  (2023-12-19T19:29:24Z)
• Transaction Fraud Detection via an Adaptive Graph Neural Network [64.9428588496749]
  We propose an Adaptive Sampling and Aggregation-based Graph Neural Network (ASA-GNN) that learns discriminative representations to improve the performance of transaction fraud detection. A neighbor sampling strategy is performed to filter noisy nodes and supplement information for fraudulent nodes. Experiments on three real financial datasets demonstrate that the proposed method ASA-GNN outperforms state-of-the-art ones.
  arXiv  Detail & Related papers  (2023-07-11T07:48:39Z)
• Definition and Detection of Defects in NFT Smart Contracts [34.359991158202796]
  Defects in NFT smart contracts could be exploited by attackers to harm the security and reliability of the NFT ecosystem. In this paper, we introduce 5 defects in NFT smart contracts and propose a tool named NFTGuard to detect these defects. We find that 1,331 contracts contain at least one of the 5 defects, and the overall precision achieved by our tool is 92.6%.
  arXiv  Detail & Related papers  (2023-05-25T08:17:05Z)
• Detecting DeFi Securities Violations from Token Smart Contract Code [0.4263043028086136]
  Decentralized Finance (DeFi) is a system of financial products and services built and delivered through smart contracts on various blockchains. This study aims to uncover whether we can identify DeFi projects potentially engaging in securities violations based on their tokens' smart contract code.
  arXiv  Detail & Related papers  (2021-12-06T01:44:08Z)
• ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning [80.85273827468063]
  Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable. We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts. We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
  arXiv  Detail & Related papers  (2021-03-23T15:04:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.