Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
156 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

StateGuard: Detecting State Derailment Defects in Decentralized Exchange Smart Contract (2405.09181v1)

Published 15 May 2024 in cs.SE

Abstract: Decentralized Exchanges (DEXs), leveraging blockchain technology and smart contracts, have emerged in decentralized finance. However, the DEX project with multi-contract interaction is accompanied by complex state logic, which makes it challenging to solve state defects. In this paper, we conduct the first systematic study on state derailment defects of DEXs. These defects could lead to incorrect, incomplete, or unauthorized changes to the system state during contract execution, potentially causing security threats. We propose StateGuard, a deep learning-based framework to detect state derailment defects in DEX smart contracts. StateGuard constructs an Abstract Syntax Tree (AST) of the smart contract, extracting key features to generate a graph representation. Then, it leverages a Graph Convolutional Network (GCN) to discover defects. Evaluating StateGuard on 46 DEX projects with 5,671 smart contracts reveals its effectiveness, with a precision of 92.24%. To further verify its practicality, we used StateGuard to audit real-world smart contracts and successfully authenticated multiple novel CVEs.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (25)
  1. Improving the Performance of Code Vulnerability Prediction Using Abstract Syntax Tree Information. In Proc. of PROMISE. 2–11.
  2. Impact of Word Embedding Models on Text Analytics in Deep Learning Environment: A Review. Artificial Intelligence Review 56, 9 (2023), 10345–10425.
  3. Towards Automated Safety Vetting of Smart Contracts in Decentralized Applications. In Proc. of CCS. 921–935.
  4. Empirical Review of Automated Analysis Tools on 47,587 Ethereum Smart Contracts. In Proc. of ICSE. 530–541.
  5. Etherscan. 2023. Etherscan: The Ethereum Blockchain Explorer. https://etherscan.io/.
  6. A survey of DeFi security: Challenges and opportunities. Journal of King Saud University - Computer and Information Sciences 34, 10, Part B (2022), 10378–10404.
  7. CLUE: towards discovering locked cryptocurrencies in ethereum. In Proceedings of the 36th Annual ACM Symposium on Applied Computing. 1584–1587.
  8. Characterizing erasable accounts in ethereum. In Information Security: 23rd International Conference, ISC 2020, Bali, Indonesia, December 16–18, 2020, Proceedings 23. Springer, 352–371.
  9. Research on Blockchain Smart Contracts Vulnerability and A Code Audit Tool Based on Matching Rules. In Proc. of CIAT. 484–489.
  10. An overview of AI and blockchain integration for privacy-preserving. arXiv preprint arXiv:2305.03928 (2023).
  11. SolSaviour: A Defending Framework for Deployed Defective Smart Contracts. In Proc. of ACSAC. 748–760.
  12. Making Smart Contracts Smarter. In Proc. of CCS. 254–269.
  13. Automated Smart Contract Summarization via LLMs. arXiv preprint arXiv:2402.04863 (2024).
  14. Mythril. 2019. A Security Analysis Tool for EVM Bytecode. https://github.com/ConsenSys/mythril
  15. SPEEDEX: A Scalable, Parallelizable, and Economically Efficient Decentralized EXchange. In Proc. of NSDI. 849–875.
  16. ConFuzzius: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts. In Proc. of EuroS&P. 103–119.
  17. Securify: Practical security analysis of smart contracts. In Proc. of CCS. 67–82.
  18. Nuno Veloso. 2023. Conkas: A Modular and Static Analysis Tool for Ethereum Bytecode. https://github.com/nveloso/conkas/.
  19. Unified Abstract Syntax Tree Representation Learning for Cross-Language Program Classification. In Proc. of ICPC. 390–400.
  20. Trade or Trick? Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange. Proc. of the ACM on Measurement and Analysis of Computing Systems 5, 3 (2021), 1–26.
  21. Definition and Detection of Defects in NFT Smart Contracts. In Proc. of ISSTA. 373–384.
  22. Authros: Secure data sharing among robot operating systems based on ethereum. In 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS). IEEE, 147–156.
  23. Blockchain-Based Decentralized Application: A Survey. IEEE Open Journal of the Computer Society 4 (2023), 121–133.
  24. DAppSCAN: Building Large-Scale Datasets for Smart Contract Weaknesses in DApp Projects. arXiv preprint arXiv:2305.08456 (2023).
  25. Smart Contract Vulnerability Detection Using Graph Neural Network. In Proc. of IJCAI. 3283–3290.
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now