Txspector: Uncovering Attacks in Ethereum from Transactions
Total Page:16
File Type:pdf, Size:1020Kb
TXSPECTOR: Uncovering Attacks in Ethereum from Transactions Mengya Zhang, Xiaokuan Zhang, Yinqian Zhang, and Zhiqiang Lin, The Ohio State University https://www.usenix.org/conference/usenixsecurity20/presentation/zhang-mengya This paper is included in the Proceedings of the 29th USENIX Security Symposium. August 12–14, 2020 978-1-939133-17-5 Open access to the Proceedings of the 29th USENIX Security Symposium is sponsored by USENIX. TXSPECTOR: Uncovering Attacks in Ethereum from Transactions Mengya Zhang∗, Xiaokuan Zhang∗, Yinqian Zhang, Zhiqiang Lin The Ohio State University Abstract However, greater usability also comes with greater risks. The invention of Ethereum smart contract has enabled the Two features have made smart contracts more vulnerable blockchain users to customize computing logic in transactions. to software attacks than traditional software programs. (i) However, similar to traditional computer programs, smart con- Smart contracts are immutable once deployed. This feature tracts have vulnerabilities, which can be exploited to cause is required by any immutable distributed ledgers. As a result, financial loss of contract owners. While there are many soft- vulnerabilities in smart contracts cannot be easily fixed as they ware tools for detecting vulnerabilities in the smart contract cannot be patched. (ii) Ethereum is driven by cryptocurrency; bytecode, few have focused on transactions. In this paper, many popular smart contracts also involve transfers of cryp- we propose TXSPECTOR, a generic, logic-driven framework tocurrency. Therefore, exploitation of smart contracts often to investigate Ethereum transactions for attack detection. At leads to huge financial losses. For instance, in the notorious a high level, TXSPECTOR replays history transactions and DAO attack, the attacker utilized the re-entrancy vulnerability records EVM bytecode-level traces, and then encodes the in The DAO contract and stole more than $50 million [27,42]. control and data dependencies into logic relations. Instead As another example, a vulnerability in the Parity Multisig of setting a pre-defined set of functionalities, TXSPECTOR Wallet [47] has led to over $30 million losses. Many such allows users to specify customized rules to uncover various attack instances have caused serious concerns regarding the types of attacks in the transactions. We have built a prototype security of smart contracts in Ethereum. of TXSPECTOR and evaluated it for the detection of three Due to the popularity of Ethereum, efforts have been made Ethereum attacks that exploit: (i) the Re-entrancy vulnerabil- to understand and detect these smart contract vulnerabilities ity, (ii) the UncheckedCall vulnerability, and (iii) the Suicidal such as re-entrancy, and integer overflow [1], using techniques vulnerability. The results demonstrate that TXSPECTOR can such as symbolic execution to analyze smart contracts [3,7,31, effectively detect attacks in the transactions and, as a byprod- 43,44] or formal verification to verify its correctness [2,29]. uct, the corresponding vulnerabilities in the smart contracts. However, using static or symbolic analysis on smart contracts We also show how TXSPECTOR can be used for forensic anal- to identify vulnerabilities has its limitations for two reasons. ysis on transactions, and present Detection Rules for detecting First, these tools are difficult to achieve completeness and other types of attacks in addition to the three focused Ethereum accuracy simultaneously. For instance, tools using symbolic attacks. execution [31,44] suffer from path explosion problems, and existing tools do not detect vulnerabilities involving multiple 1 Introduction smart contracts. Second, these tools could not be used to inspect and understand real-world Ethereum attacks. Forensic Ethereum is one of the largest public decentralized comput- information, such as the pattern and statistics of the attacks, ing platform built atop blockchain technology. Compared addresses used by attackers, and addresses of victims, can only to Bitcoin network [34], Ethereum not only supports simple be learned from transactions. As such, a tool that can perform transactions, but also features Turing-complete computing, bytecode-level analysis on the transactions may bring together in the form of smart contracts. Like many other software the best of the two worlds, enabling effective detection and programs, smart contracts can be developed using high-level analysis of attacks and vulnerabilities in Ethereum. programming languages, such as Solidity [22], and then com- In this paper, we present TXSPECTOR, a generic analysis Ethereum piled into bytecode, which are executed in the Virtual framework for Ethereum transactions to identify real-world Machines (EVM) for each node of the peer-to-peer (P2P) net- attacks against smart contracts in transactions and enable the work. The capability of executing complex smart contract has forensic analysis of the attacks. The key idea of TXSPECTOR become a critical feature of Ethereum compared to the first is to detect attacks against smart contracts using logic-driven generation blockchain network. program analysis on Ethereum transactions, and this design ∗These authors contributed equally. is inspired by VANDAL [3], which is a Soufflé-based static USENIX Association 29th USENIX Security Symposium 2775 analysis tool for EVM bytecode. The challenges to perform • Open source. To ease the follow-up research for trans- logic-driven analysis on transactions, however, are twofold: action related analysis, we make TXSPECTOR available First, new methods need to be developed to extract data and to the research community under an open-source license control dependencies in Ethereum transactions and encode at https://github:com/OSUSecLab/TxSpector. them into logic relations. Second, while the number of smart contracts are small, transaction volumes can be huge. There- 2 Background and Related Work fore, tracing and analyzing Ethereum transactions requires innovative approaches to optimize the performance. In this section, we first provide the necessary background TXSPECTOR addresses these challenges as follows. First, it (§2.1) related to Ethereum including smart contracts and trans- replays transactions on the blockchain and records bytecode- actions, and then present the corresponding related work level traces of the transaction execution. The transaction re- (§2.2) to motivate our research. play can be achieved all at once or incrementally as new transactions are appended to the blockchain. To avoid re- 2.1 A Primer on Ethereum Smart Contract peated efforts, a database of bytecode-level execution traces is built, which can be reused. Second, it constructs Execu- A smart contract is a program of general purpose and tion Flow Graphs (EFGs) to encode the control and data de- executed on a blockchain. It can utilize three memory regions pendencies. Third, it extracts logic relations from the EFGs to perform data operations during execution: stack, memory, and stores them into databases. Fourth, it uses user-specific and storage. A (data) stack is a virtual stack that can be logic rules (dubbed Detection Rules) to query the databases. used to store data. Note that EVM also has a call stack, TXSPECTOR supports arbitrary Detection Rules defined by which is different from the data stack. The memory is a users, which enables them to study any aspect of their inter- byte-addressable region allocated at run-time. Storage is a ests. To the best of our knowledge, TXSPECTOR is the first key-value store that maps 256-bit words to 256-bit words. generic framework to perform bytecode-level, logic-driven The stack and memory are both volatile, meaning that the analysis on Ethereum transactions. data stored are cleared after each execution. However, the As proof of concept, we apply TXSPECTOR to detect storage is persistent, which can be used to store data across Ethereum attacks that exploit (i) the Re-entrancy vulnerability, transactions. As a result, the gas price for storage operations (ii) the Unchecked Call vulnerability, and (iii) the Suicidal are much higher than stack and memory operations. vulnerability. Our empirical evaluation results on real-world Currently, EVM supports over 150 OPCODEs [18, 46]. Ethereum transactions show that TXSPECTOR can detect at- They can be classified into five categories [4] based on the tacks from transactions with a low false positive rate. We target the instruction operates: also perform a forensic study on the transactions flagged by Category 1 TXSPECTOR, which reveals several interesting findings of • : OPCODEs that do not operate on any data these attacks. In addition to the three focused vulnerability ex- structures (e.g., JUMPDEST). ploits, we also present a number of Detection Rules for readers of interest in Appendix A for other vulnerabilities, such as the • Category 2: OPCODEs that perform stack operations PUSHx Timestamp Dependence vulnerability, the Misuse-of-origin (e.g., ) or operate on existing values in the stack ADD vulnerability, and the FailedSend vulnerability. (e.g., ). Contributions. In short, we make the following contributions • Category 3: OPCODEs that retrieve information from in this paper: the blockchain (e.g., TIMESTAMP) or the current transac- tion (e.g., ORIGIN). • New framework. We present TXSPECTOR, the first generic and logic-driven framework for inspecting the • Category 4: OPCODEs that read/write the memory (e.g., real-world attacks in Ethereum transactions at bytecode MSTORE). level. • Category