A paper [1] in collaboration with Zhiyang Chen, Ye Liu, Sidi Mohamed Beillahi, and Fan Long was accepted at FSE’24. A summary of the paper is below:
Smart contract transactions associated with security attacks often exhibit distinct behavioral patterns compared with historical benign transactions before the attacking events. While many runtime monitoring and guarding mechanisms have been proposed to validate invariants and stop anomalous transactions on the fly, the empirical effectiveness of the invariants used remains largely unexplored. In this paper, we studied 23 prevalent invariants of 8 categories, which are either deployed in high-profile protocols or endorsed by leading auditing firms and security experts. Using these well-established invariants as templates, we developed a tool which dynamically generates new invariants customized for a given contract based on its historical transaction data. We evaluated our tool on 42 smart contracts that fell victim to 27 distinct exploits on the Ethereum blockchain. Our findings reveal that the most effective invariant guard alone can successfully block 18 of the 27 identified exploits with minimal gas overhead. Our analysis also shows that most of the invariants remain effective even when the experienced attackers attempt to bypass them. Additionally, we explored the possibility of combining multiple invariant guards, resulting in enhanced true positive rates and reduced false positive rates.
References
- Chen, Z., Liu, Y., Beillahi, S. M., Li, Y., & Long, F. (2024, July). Demystifying Invariant Effectiveness for Securing Smart Contracts. Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering (FSE).