Name
Title | ||
|---|---|---|
EVM<sup>*</sup>: From Offline Detection to Online Reinforcement for Ethereum Virtual Machine |
Abstract | ||
|---|---|---|
Attacks on transactions of Ethereum could be dangerous because they could lead to a big loss of money. There are many tools detecting vulnerabilities in smart contracts trying to avoid potential attacks. However, we found that there are still many missed vulnerabilities in contracts. Motivated by this, we propose a methodology to reinforce EVM to stop dangerous transactions in real time even when the smart contract contains vulnerabilities. Basically, the methodology consists of three steps: monitoring strategy definition, opcode-structure maintenance and EVM instrumentation. Monitoring strategy definition refers to the specific rule to test whether there is a dangerous operation during transaction execution. Opcode-structure maintenance is to maintain a structure to store the rule related opcodes and analyze it before an operation execution. EVM instrumentation inserts the monitoring strategy, interrupting mechanism and the opcode-structure operations in EVM source code. For evaluation, we implement EVM
<sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">*</sup>
on js-evm, a widely-used EVM platform written in javascript. We collect 10 contracts online with known bugs and use each contract to execute a dangerous transaction, all of them have been interrupted by our reinforced EVM
<sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">*</sup>
, while the original EVM permits all attack transactions. For the time overhead, the reinforced EVM
<sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">*</sup>
is slower than the original one by 20-30%, which is tolerable for the financial critical applications. |
Year | DOI | Venue |
|---|---|---|
2019 | 10.1109/SANER.2019.8668038 | 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER) |
Keywords | Field | DocType |
Monitoring,Computer bugs,Tools,Instruments,Smart contracts,Maintenance engineering | Opcode,Virtual machine,Source code,Computer security,Computer science,Software bug,Database transaction,Maintenance engineering,JavaScript,Smart contract | Conference |
ISBN | Citations | PageRank |
978-1-7281-0591-8 | 4 | 0.42 |
References | Authors | |
0 | 8 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Fuchen Ma | 1 | 12 | 2.96 |
| Ying Fu | 2 | 104 | 33.62 |
| Meng Ren | 3 | 12 | 2.62 |
| Mingzhe Wang | 4 | 46 | 8.23 |
| Yu Jiang | 5 | 346 | 56.49 |
| Kaixiang Zhang | 6 | 4 | 0.76 |
| Huizhong Li | 7 | 11 | 2.62 |
| Xiang Shi | 8 | 7 | 0.82 |