Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
GPT-4o
Gemini 2.5 Pro Pro
o3 Pro
GPT-4.1 Pro
DeepSeek R1 via Azure Pro
2000 character limit reached

Safeguarding Blockchain Ecosystem: Understanding and Detecting Attack Transactions on Cross-chain Bridges (2410.14493v2)

Published 18 Oct 2024 in cs.CR

Abstract: Cross-chain bridges are essential decentralized applications (DApps) to facilitate interoperability between different blockchain networks. Unlike regular DApps, the functionality of cross-chain bridges relies on the collaboration of information both on and off the chain, which exposes them to a wider risk of attacks. According to our statistics, attacks on cross-chain bridges have resulted in losses of nearly 4.3 billion dollars since 2021. Therefore, it is particularly necessary to understand and detect attacks on cross-chain bridges. In this paper, we collect the largest number of cross-chain bridge attack incidents to date, including 49 attacks that occurred between June 2021 and September 2024. Our analysis reveal that attacks against cross-chain business logic cause significantly more damage than those that do not. These cross-chain attacks exhibit different patterns compared to normal transactions in terms of call structure, which effectively indicates potential attack behaviors. Given the significant losses in these cases and the scarcity of related research, this paper aims to detect attacks against cross-chain business logic, and propose the BridgeGuard tool. Specifically, BridgeGuard models cross-chain transactions from a graph perspective, and employs a two-stage detection framework comprising global and local graph mining to identify attack patterns in cross-chain transactions. We conduct multiple experiments on the datasets with 203 attack transactions and 40,000 normal cross-chain transactions. The results show that BridgeGuard's reported recall score is 36.32\% higher than that of state-of-the-art tools and can detect unknown attack transactions.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (48)
  1. 2023. Etherscan. https://etherscan.io/
  2. Uri Alon. 2007. Network motifs: theory and experimental approaches. Nature Reviews Genetics 8, 6 (2007), 450–461.
  3. Arjun Bhuptani. 2021. The interoperability trilemma. https://medium.com/connext/the-interoperability-trilemma-657c2cf69f17.
  4. Hephaestus: Modeling, Analysis, and Performance Evaluation of Cross-Chain Transactions. IEEE Transactions on Reliability (2023).
  5. Higher-order organization of complex networks. Science 353, 6295 (2016), 163–166. https://doi.org/10.1126/science.aad9029
  6. certik. Accessed: 2023. certik. {https://www.certik.com/zh-CN}.
  7. SODA: A Generic Online Detection Framework for Smart Contracts.. In NDSS.
  8. Xgboost: extreme gradient boosting. R package version 0.4-2 1, 4 (2015), 1–4.
  9. De.Fi Team. Accessed: 2023. REKT database. https://de.fi/rekt-database.
  10. Exploring the front-end of project management. Engineering project organization journal 3, 2 (2013), 71–85.
  11. A closer look at skip-gram modelling.. In LREC, Vol. 6. 1222–1225.
  12. Gus Gutoski and Douglas Stebila. 2015. Hierarchical deterministic bitcoin wallets that tolerate key leakage. In International Conference on Financial Cryptography and Data Security. Springer, 497–504.
  13. Maurice Herlihy. 2018. Atomic cross-chain swaps. In Proceedings of the 2018 ACM symposium on principles of distributed computing. 245–254.
  14. Jey Han Lau and Timothy Baldwin. 2016. An empirical evaluation of doc2vec with practical insights into document embedding generation. arXiv preprint arXiv:1607.05368 (2016).
  15. SoK: Not quite water under the bridge: Review of cross-Chain bridge hacks. In IEEE International Conference on Blockchain and Cryptocurrency. https://doi.org/10.1109/ICBC56567.2023.10174993
  16. Sok: Not quite water under the bridge: Review of cross-chain bridge hacks. In 2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). IEEE, 1–14.
  17. A privacy protection scheme for cross-chain transactions based on group signature and relay chain. International Journal of Digital Crime and Forensics (IJDCF) 14, 2 (2022), 1–20.
  18. Reguard: finding reentrancy bugs in smart contracts. In Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings. 65–68.
  19. Characterizing transaction-reverting statements in Ethereum smart contracts. In International Conference on Automated Software Engineering. 630–641. https://doi.org/10.1109/ASE51524.2021.9678597
  20. graph2vec: Learning distributed representations of graphs. arXiv preprint arXiv:1707.05005 (2017).
  21. SoK: Cross-Chain Bridging Architectural Design Flaws and Mitigations. arXiv preprint arXiv:2403.00405 (2024).
  22. An overview on cross-chain: Mechanism, platforms, challenges and advances. Computer Networks 218 (2022), 109378.
  23. Access Control in Decentralised Publish/Subscribe Systems. J. Networks 2, 2 (2007), 57–67.
  24. Leif E Peterson. 2009. K-nearest neighbor. Scholarpedia 4, 2 (2009), 1883.
  25. Multilayer perceptron and neural networks. WSEAS Transactions on Circuits and Systems 8, 7 (2009), 579–588.
  26. Attacking the defi ecosystem with flash loans for fun and profit. In International conference on financial cryptography and data security. Springer, 3–32.
  27. Sereum: Protecting existing smart contracts against re-entrancy attacks. arXiv preprint arXiv:1812.05934 (2018).
  28. Weisfeiler-lehman graph kernels. Journal of Machine Learning Research 12, 9 (2011).
  29. Sidechain technologies in blockchain networks: An examination and state-of-the-art review. Journal of Network and Computer Applications 149 (2020), 102471.
  30. slowmist. Accessed: 2023. slowmist. {https://cn.slowmist.com/}.
  31. Yan-Yan Song and LU Ying. 2015. Decision tree methods: applications for classification and prediction. Shanghai archives of psychiatry 27, 2 (2015), 130.
  32. DeFiWarder: Protecting DeFi apps from token leaking vulnerabilities. In International Conference on Automated Software Engineering.
  33. Evil under the sun: Understanding and discovering attacks on ethereum decentralized applications. In 30th USENIX Security Symposium (USENIX Security 21). 1307–1324.
  34. The art of the scam: Demystifying honeypots in ethereum smart contracts. In 28th USENIX Security Symposium (USENIX Security 19). 1591–1607.
  35. DeFiScanner: Spotting DeFi attacks exploiting logic vulnerabilities on blockchain. IEEE Transactions on Computational Social Systems (2022), 1–12. https://doi.org/10.1109/TCSS.2022.3228122
  36. Gavin Wood. 2023. Ethereum: A secure decentralized generalized transaction ledger. https://ethereum.github.io/yellowpaper/paper.pdf.
  37. Know your transactions: Real-time and generic transaction semantic representation on blockchain & Web3 ecosystem. In Proceedings of the ACM Web Conference. 1918–1927. https://doi.org/10.1145/3543507.3583537
  38. A notary group-based cross-chain mechanism. Digital Communications and Networks 8, 6 (2022), 1059–1067.
  39. Mengjia Xu. 2021. Understanding graph embedding methods and their applications. SIAM Rev. 63, 4 (2021), 825–853.
  40. Chameleon hash time-lock contract for privacy preserving payment channel networks. In Provable Security: 13th International Conference, ProvSec 2019, Cairns, QLD, Australia, October 1–4, 2019, Proceedings 13. Springer, 303–318.
  41. Xscope: Hunting for cross-chain bridge attacks. In International Conference on Automated Software Engineering. https://doi.org/10.1145/3551349.3559520
  42. SoK: Security of Cross-chain Bridges: Attack Surfaces, Defenses, and Open Problems. arXiv preprint arXiv:2312.12573 (2023).
  43. {{\{{TXSPECTOR}}\}}: Uncovering attacks in ethereum from transactions. In 29th USENIX Security Symposium (USENIX Security 20). 2775–2792.
  44. An overview on smart contracts: Challenges, advances and platforms. Future Generation Computer Systems 105 (2020), 475–491.
  45. Blockchain challenges and opportunities: A survey. International journal of web and grid services 14, 4 (2018), 352–375.
  46. Sok: Decentralized finance (defi) attacks. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 2444–2461.
  47. An ever-evolving game: Evaluation of real-world attacks and defenses in ethereum ecosystem. In 29th USENIX Security Symposium (USENIX Security 20). 2793–2810.
  48. Stop pulling my rug: Exposing rug pull risks in crypto token to investors. In Proceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice. 228–239.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Dice Question Streamline Icon: https://streamlinehq.com

Follow-up Questions

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets