EAOS: Exposing attacks in smart contracts through analyzing opcode sequences with operands

IF 4.6 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE Computer Networks Pub Date : 2025-02-01 Epub Date: 2024-12-02 DOI:10.1016/j.comnet.2024.110959
Peiqiang Li, Guojun Wang, Xiaofei Xing, Jinyao Zhu, Wanyi Gu, Yuheng Zhang
{"title":"EAOS: Exposing attacks in smart contracts through analyzing opcode sequences with operands","authors":"Peiqiang Li,&nbsp;Guojun Wang,&nbsp;Xiaofei Xing,&nbsp;Jinyao Zhu,&nbsp;Wanyi Gu,&nbsp;Yuheng Zhang","doi":"10.1016/j.comnet.2024.110959","DOIUrl":null,"url":null,"abstract":"<div><div>Today, Ethereum is the world’s largest open-source platform. However, because smart contracts hold a large amount of money and cannot be changed once on the chain, they have become the target of attackers. Users will undoubtedly suffer significant financial losses. To counter these attacks, various methods have been proposed to scan smart contracts for vulnerabilities before deploying them on the blockchain, but few of them determine smart contracts to be vulnerable by examining transactions. In this paper, we propose a framework called EAOS to detect attacks through analyzing the opcode sequences executed by EVM. We first obtain the opcode sequences with operands of smart contracts during EVM execution by replaying the historical transactions of Ethereum, and then extract the feature opcodes from the opcode sequences to generate the feature opcode sequences. Next, we provide some very useful APIs to make it easier for users to get the data related to the opcode sequences. Based on the APIs, users can develop various algorithms to detect attacks. Finally, to verify the effectiveness of EAOS, five algorithms are developed to analyze the replayed transaction opcode sequences. The extensive experimental results demonstrate the effectiveness and efficiency of EAOS and our detection algorithms.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"257 ","pages":"Article 110959"},"PeriodicalIF":4.6000,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128624007916","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2024/12/2 0:00:00","PubModel":"Epub","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

Abstract

Today, Ethereum is the world’s largest open-source platform. However, because smart contracts hold a large amount of money and cannot be changed once on the chain, they have become the target of attackers. Users will undoubtedly suffer significant financial losses. To counter these attacks, various methods have been proposed to scan smart contracts for vulnerabilities before deploying them on the blockchain, but few of them determine smart contracts to be vulnerable by examining transactions. In this paper, we propose a framework called EAOS to detect attacks through analyzing the opcode sequences executed by EVM. We first obtain the opcode sequences with operands of smart contracts during EVM execution by replaying the historical transactions of Ethereum, and then extract the feature opcodes from the opcode sequences to generate the feature opcode sequences. Next, we provide some very useful APIs to make it easier for users to get the data related to the opcode sequences. Based on the APIs, users can develop various algorithms to detect attacks. Finally, to verify the effectiveness of EAOS, five algorithms are developed to analyze the replayed transaction opcode sequences. The extensive experimental results demonstrate the effectiveness and efficiency of EAOS and our detection algorithms.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
EAOS:通过分析带有操作数的操作码序列来暴露智能合约中的攻击
今天,以太坊是世界上最大的开源平台。然而,由于智能合约持有大量资金,并且不能在链上进行一次更改,因此成为攻击者的目标。用户无疑将遭受重大经济损失。为了应对这些攻击,在将智能合约部署到区块链之前,已经提出了各种方法来扫描智能合约的漏洞,但很少有方法通过检查交易来确定智能合约是否容易受到攻击。本文提出了一个EAOS框架,通过分析EVM执行的操作码序列来检测攻击。我们首先通过重放以太坊的历史交易,获得EVM执行过程中带有操作数的智能合约操作码序列,然后从操作码序列中提取特征操作码,生成特征操作码序列。接下来,我们提供一些非常有用的api,使用户更容易获得与操作码序列相关的数据。基于这些api,用户可以开发各种算法来检测攻击。最后,为了验证EAOS的有效性,开发了五种算法来分析重放的事务操作码序列。大量的实验结果证明了EAOS和我们的检测算法的有效性和效率。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Computer Networks
Computer Networks 工程技术-电信学
CiteScore
10.80
自引率
3.60%
发文量
434
审稿时长
8.6 months
期刊介绍: Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.
期刊最新文献
STAIR: Towards structure-aware inference of autonomous system relationships using graph neural networks Privacy risks of continuous location sharing under local differential privacy: Inference attacks and defenses CUTIE: Component-specific Unsupervised Technique for In-node Examination AI-driven converged metro-access optical network-as-a-service with point-to-multipoint coherent optics for 6G X-Hauling From simulation to deep learning: Survey on network performance modeling approaches
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1