Related papers: Is My RPC Response Reliable? Detecting RPC Bugs in Ethereum Blockchain Client under Context

Is My RPC Response Reliable? Detecting RPC Bugs in Ethereum Blockchain Client under Context

URL: http://arxiv.org/abs/2601.21593v1
Date: Thu, 29 Jan 2026 12:03:05 GMT
Title: Is My RPC Response Reliable? Detecting RPC Bugs in Ethereum Blockchain Client under Context
Authors: Zhijie Zhong, Yuhong Nan, Mingxi Ye, Qing Xue, Jiashui Wang, Xinlei Ying, Long Liu, Zibin Zheng,
Abstract summary: We propose EthCRAFT, a context-aware RPC Analysis and Fuzzing Tool for client RPC bug detection.<n>We evaluate EthCRAFT on real-world RPC bugs collected from the GitHub issues of client implementations.<n>EthCRAFT has found six new bugs in major clients and reported them to the developers.
Score: 40.367409845710505
License: http://creativecommons.org/licenses/by-nc-nd/4.0/
Abstract: Blockchain clients are fundamental software for running blockchain nodes. They provide users with various RPC (Remote Procedure Call) interfaces to interact with the blockchain. These RPC methods are expected to follow the same specification across different blockchain nodes, providing users with seamless interaction. However, there have been continuous reports on various RPC bugs that can cause unexpected responses or even Denial of Service weakness. Existing studies on blockchain RPC bug detection mainly focus on generating the RPC method calls for testing blockchain clients. However, a wide range of the reported RPC bugs are triggered in various blockchain contexts. To the best of our knowledge, little attention is paid to generating proper contexts that can trigger these context-dependent RPC bugs. In this work, we propose EthCRAFT, a Context-aware RPC Analysis and Fuzzing Tool for client RPC bug detection. EthCRAFT first proposes to explore the state transition program space of blockchain clients and generate various transactions to construct the context. EthCRAFT then designs a context-aware RPC method call generation method to send RPC calls to the blockchain clients. The responses of 5 different client implementations are used as cross-referring oracles to detect the RPC bugs. We evaluate EthCRAFT on real-world RPC bugs collected from the GitHub issues of Ethereum client implementations. Experiment results show that EthCRAFT outperforms existing client RPC detectors by detecting more RPC bugs. Moreover, EthCRAFT has found six new bugs in major Ethereum clients and reported them to the developers. One of the bug fixes has been written into breaking changes in the client's updates. Three of our bug reports have been offered a vulnerability bounty by the Ethereum Foundation.

Related papers

TxRay: Agentic Postmortem of Live Blockchain Attacks [52.658018348998105]
Within five years, the DeFi ecosystem has lost over 15.75B USD to reported exploits.<n>We present TxRay, a postmortem system that reconstructs live ACT attacks from limited evidence.<n>On 114 incidents from DeFiHackLabs, TxRay produces an expert-aligned root cause and an executable PoC for 105 incidents, achieving 92.11% end-to-end reproduction.
arXiv Detail & Related papers (2026-02-01T16:17:33Z)
MemeChain: A Multimodal Cross-Chain Dataset for Meme Coin Forensics and Risk Analysis [52.468043639056596]
The meme coin ecosystem has grown into one of the most active yet least observable segments of the cryptocurrency market.<n>MemeChain integrates on-chain data with off-chain artifacts, including website HTML source code, token logos, and linked social media accounts.<n>We quantify the ecosystem's extreme volatility, identifying 1,801 tokens (5.15%) that cease all trading activity within just 24 hours of launch.
arXiv Detail & Related papers (2026-01-28T14:42:02Z)
Time Tells All: Deanonymization of Blockchain RPC Users with Zero Transaction Fee (Extended Version) [29.846192259039455]
We propose a novel deanonymization attack that can link an IP address of a RPC user to this user's blockchain pseudonym.<n>By monitoring network traffic and analyzing public ledgers, the attacker can link the IP address of the TCP packet to the pseudonym of the transaction initiator.<n>Our attack achieves a high success rate of over 95% against normal RPC users on various blockchain networks.
arXiv Detail & Related papers (2025-08-29T09:08:16Z)
Efficient Blockchain-based Steganography via Backcalculating Generative Adversarial Network [105.47203971578871]
We propose a generic blockchain-based steganography framework (GBSF)<n>The sender generates the required fields such as amount and fees, where the additional covert data is embedded to enhance the channel capacity.<n>Based on GBSF, we design a reversible generative adversarial network (R-GAN)<n>We propose R-GAN with Counter-intuitive data preprocessing and Custom activation functions, namely CCR-GAN.
arXiv Detail & Related papers (2025-06-19T04:43:41Z)
Combating Reentrancy Bugs on Sharded Blockchains [0.0]
Reentrancy is a well-known source of smart contract bugs on sharded blockchains.<n>We study the features of this model and its effect on reentrancy bugs on three examples.<n>We present novel Rust and Motoko patterns that can be leveraged on ICP to solve these issues.
arXiv Detail & Related papers (2025-06-06T09:57:03Z)
Efficient Query Verification for Blockchain Superlight Clients Using SNARKs [0.6149772262764599]
We present an architecture allowing superlight clients to outsource the computation of a query to a server, receiving a trustworthy answer.<n>Our architecture relies on the power of SNARKs and makes them lighter to compute by using data obtained from full nodes and blockchain explorers.
arXiv Detail & Related papers (2025-03-11T12:16:35Z)
Proving and Rewarding Client Diversity to Strengthen Resilience of Blockchain Networks [7.603268198737613]
Client diversity is a cornerstone of blockchain resilience, yet most networks suffer from a dangerously skewed distribution of client implementations.<n>This monoculture exposes the network to very risky scenarios, such as massive financial losses in the event of a majority client failure.<n>We present a novel framework that combines verifiable execution and economic incentives to provably identify and reward the use of minority clients.
arXiv Detail & Related papers (2024-11-27T14:44:43Z)
BlockScan: Detecting Anomalies in Blockchain Transactions [16.73896087813861]
BlockScan is a customized Transformer for anomaly detection in blockchain transactions.<n>This work sets a new benchmark for applying Transformer-based approaches in blockchain data analysis.
arXiv Detail & Related papers (2024-10-05T05:11:34Z)
The Latency Price of Threshold Cryptosystem in Blockchains [52.359230560289745]
We study the interplay between threshold cryptography and a class of blockchains that use Byzantine-fault tolerant (BFT) consensus protocols.<n>Our measurements from the Aptos mainnet show that the optimistic approach reduces latency overhead by 71%.
arXiv Detail & Related papers (2024-07-16T20:53:04Z)
Secure compilation of rich smart contracts on poor UTXO blockchains [0.8192907805418581]
We present ILLUM, an Intermediate-Level Language for the UTXO Model. We define a compiler from ILLUM to a bare-bone UTXO blockchain with loop-free scripts. We exploit covenants, a mechanism for preserving scripts along chains of transactions.
arXiv Detail & Related papers (2023-05-16T15:40:18Z)
Blockchain Large Language Models [65.7726590159576]
This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions. The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System.
arXiv Detail & Related papers (2023-04-25T11:56:18Z)
Chaos Engineering of Ethereum Blockchain Clients [13.131269677617286]
We present ChaosETH, a chaos engineering approach for resilience assessment of blockchain clients. Our results reveal a broad spectrum of resilience characteristics of clients w.r.t. system call invocation errors, ranging from direct crashes to full resilience.
arXiv Detail & Related papers (2021-10-30T10:03:19Z)

This list is automatically generated from the titles and abstracts of the papers in this site.