{"title":"EAOS: Exposing attacks in smart contracts through analyzing opcode sequences with operands","authors":"Peiqiang Li, Guojun Wang, Xiaofei Xing, Jinyao Zhu, Wanyi Gu, Yuheng Zhang","doi":"10.1016/j.comnet.2024.110959","DOIUrl":null,"url":null,"abstract":"<div><div>Today, Ethereum is the world’s largest open-source platform. However, because smart contracts hold a large amount of money and cannot be changed once on the chain, they have become the target of attackers. Users will undoubtedly suffer significant financial losses. To counter these attacks, various methods have been proposed to scan smart contracts for vulnerabilities before deploying them on the blockchain, but few of them determine smart contracts to be vulnerable by examining transactions. In this paper, we propose a framework called EAOS to detect attacks through analyzing the opcode sequences executed by EVM. We first obtain the opcode sequences with operands of smart contracts during EVM execution by replaying the historical transactions of Ethereum, and then extract the feature opcodes from the opcode sequences to generate the feature opcode sequences. Next, we provide some very useful APIs to make it easier for users to get the data related to the opcode sequences. Based on the APIs, users can develop various algorithms to detect attacks. Finally, to verify the effectiveness of EAOS, five algorithms are developed to analyze the replayed transaction opcode sequences. The extensive experimental results demonstrate the effectiveness and efficiency of EAOS and our detection algorithms.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"257 ","pages":"Article 110959"},"PeriodicalIF":4.4000,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128624007916","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0
Abstract
Today, Ethereum is the world’s largest open-source platform. However, because smart contracts hold a large amount of money and cannot be changed once on the chain, they have become the target of attackers. Users will undoubtedly suffer significant financial losses. To counter these attacks, various methods have been proposed to scan smart contracts for vulnerabilities before deploying them on the blockchain, but few of them determine smart contracts to be vulnerable by examining transactions. In this paper, we propose a framework called EAOS to detect attacks through analyzing the opcode sequences executed by EVM. We first obtain the opcode sequences with operands of smart contracts during EVM execution by replaying the historical transactions of Ethereum, and then extract the feature opcodes from the opcode sequences to generate the feature opcode sequences. Next, we provide some very useful APIs to make it easier for users to get the data related to the opcode sequences. Based on the APIs, users can develop various algorithms to detect attacks. Finally, to verify the effectiveness of EAOS, five algorithms are developed to analyze the replayed transaction opcode sequences. The extensive experimental results demonstrate the effectiveness and efficiency of EAOS and our detection algorithms.
期刊介绍:
Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
