DeepAI AI Chat
Log In Sign Up

ÆGIS: Shielding Vulnerable Smart Contracts Against Attacks

by   Christof Ferreira Torres, et al.
University of Luxembourg
Open Universiteit

In recent years, smart contracts have suffered major exploits, costing millions of dollars. Unlike traditional programs, smart contracts are deployed on a blockchain. As such, they cannot be modified once deployed. Though various tools have been proposed to detect vulnerable smart contracts, the majority fails to protect vulnerable contracts that have already been deployed on the blockchain. Only very few solutions have been proposed so far to tackle the issue of post-deployment. However, these solutions suffer from low precision and are not generic enough to prevent any type of attack. In this work, we introduce ÆGIS, a dynamic analysis tool that protects smart contracts from being exploited during runtime. Its capability of detecting new vulnerabilities can easily be extended through so-called attack patterns. These patterns are written in a domain-specific language that is tailored to the execution model of Ethereum smart contracts. The language enables the description of malicious control and data flows. In addition, we propose a novel mechanism to streamline and speed up the process of managing attack patterns. Patterns are voted upon and stored via a smart contract, thus leveraging the benefits of tamper-resistance and transparency provided by the blockchain. We compare ÆGIS to current state-of-the-art tools and demonstrate that our solution achieves higher precision in detecting attacks. Finally, we perform a large-scale analysis on the first 4.5 million blocks of the Ethereum blockchain, thereby confirming the occurrences of well reported and yet unreported attacks in the wild.


page 1

page 2

page 3

page 4


Hunting for Re-Entrancy Attacks in Ethereum Smart Contracts via Static Analysis

Ethereum smart contracts are programs that are deployed and executed in ...

The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts

Modern blockchains, such as Ethereum, enable the execution of so-called ...

Extorsionware: Exploiting Smart Contract Vulnerabilities for Fun and Profit

Smart Contracts (SCs) publicly deployed on blockchain have been shown to...

SmartBugs: A Framework to Analyze Solidity Smart Contracts

Over the last few years, there has been substantial research on automate...

Solidity 0.5: when typed does not mean type safe

The recent release of Solidity 0.5 introduced a new type to prevent Ethe...

Evolution of Automated Weakness Detection in Ethereum Bytecode: a Comprehensive Study

Blockchain programs manage valuable assets like crypto-currencies and to...

BLOCKEYE: Hunting For DeFi Attacks on Blockchain

Decentralized finance, i.e., DeFi, has become the most popular type of a...