【Author】
Li, Yue; Liu, Han; Yang, Zhiqiang; Wang, Bin; Ren, Qian; Wang, Lei; Chen, Bangdao
【Source】2020 INTERNATIONAL SYMPOSIUM ON RELIABLE DISTRIBUTED SYSTEMS (SRDS 2020)
【Abstract】While smart contracts have enabled a wide range of applications in many public blockchains, e.g., Ethereum, their security issues have been raising an increasing number of threats on the stability of blockchain ecosystem. In practice, many external attacks on smart contracts result from broken payments with digital assets, e.g., cryptocurrencies. While an increasing number of research works have been focusing on such problems, many of them adopted pattern-based heuristics (e.g., reentrancy) to find payment-related attacks thus can incur a considerably large portion of both false positives and negatives. To overcome these limitations and achieve better payment security on blockchain, we introduced a new class of payment attacks in this paper, i.e., unfair payment (UP). Compared to existing heuristics, UP semantically captures a wider range of payment attacks. Furthermore, we highlighted the general framework SAFEPAY to systematically detect UP. The key insight behind is a novel security invariant, i.e., fair value exchange (FVE), which models the fairness for blockchain payments between multiple parties. More specifically, SAFEPAY systematically explores the transaction space of a given smart contract and generates a bounded set of transaction sequences. For each of the sequence, SAFEPAY reports a UP attack once a violation on FVE is confirmed. We have further instantiated SAFEPAY for Ethereum and applied it in real-world smart contracts. In the empirical evaluation, SAFEPAY managed to identify previously unreported UP attacks and effectively avoid false alarms compared to analyzers in the literature as well.
【Keywords】Smart contract; Unfair payment; Fair value exchange
评论