BLOCKEYE: Hunting For DeFi Attacks on Blockchain

03/04/2021
by   Bin Wang, et al.
0

Decentralized finance, i.e., DeFi, has become the most popular type of application on many public blockchains (e.g., Ethereum) in recent years. Compared to the traditional finance, DeFi allows customers to flexibly participate in diverse blockchain financial services (e.g., lending, borrowing, collateralizing, exchanging etc.) via smart contracts at a relatively low cost of trust. However, the open nature of DeFi inevitably introduces a large attack surface, which is a severe threat to the security of participants funds. In this paper, we proposed BLOCKEYE, a real-time attack detection system for DeFi projects on the Ethereum blockchain. Key capabilities provided by BLOCKEYE are twofold: (1) Potentially vulnerable DeFi projects are identified based on an automatic security analysis process, which performs symbolic reasoning on the data flow of important service states, e.g., asset price, and checks whether they can be externally manipulated. (2) Then, a transaction monitor is installed offchain for a vulnerable DeFi project. Transactions sent not only to that project but other associated projects as well are collected for further security analysis. A potential attack is flagged if a violation is detected on a critical invariant configured in BLOCKEYE, e.g., Benefit is achieved within a very short time and way much bigger than the cost. We applied BLOCKEYE in several popular DeFi projects and managed to discover potential security attacks that are unreported before. A video of BLOCKEYE is available at https://youtu.be/7DjsWBLdlQU.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

11/09/2018

EASYFLOW: Keep Ethereum Away From Overflow

While Ethereum smart contracts enabled a wide range of blockchain applic...
05/17/2020

EthScope: A Transaction-centric Security Analytics Framework to Detect Malicious Smart Contracts on Ethereum

As one of the representative blockchain platforms, Ethereum has attracte...
08/09/2020

Security checklists for Ethereum smart contract development: patterns and best practices

In recent years Smart Contracts and DApps are becoming increasingly impo...
04/12/2021

Ethereum Name Service: the Good, the Bad, and the Ugly

DNS has always been criticized for its inherent design flaws, making the...
08/11/2020

Security Analysis on Tangle-based Blockchain through Simulation

The Tangle-based structure becomes one of the most promising solutions w...
04/30/2021

DeFiRanger: Detecting Price Manipulation Attacks on DeFi Applications

The rapid growth of Decentralized Finance (DeFi) boosts the Ethereum eco...
08/10/2018

A survey of data transfer and storage techniques in prevalent cryptocurrencies and suggested improvements

This thesis focuses on aspects related to the functioning of the gossip ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.