BLOCKEYE: Hunting For DeFi Attacks on Blockchain

by   Bin Wang, et al.

Decentralized finance, i.e., DeFi, has become the most popular type of application on many public blockchains (e.g., Ethereum) in recent years. Compared to the traditional finance, DeFi allows customers to flexibly participate in diverse blockchain financial services (e.g., lending, borrowing, collateralizing, exchanging etc.) via smart contracts at a relatively low cost of trust. However, the open nature of DeFi inevitably introduces a large attack surface, which is a severe threat to the security of participants funds. In this paper, we proposed BLOCKEYE, a real-time attack detection system for DeFi projects on the Ethereum blockchain. Key capabilities provided by BLOCKEYE are twofold: (1) Potentially vulnerable DeFi projects are identified based on an automatic security analysis process, which performs symbolic reasoning on the data flow of important service states, e.g., asset price, and checks whether they can be externally manipulated. (2) Then, a transaction monitor is installed offchain for a vulnerable DeFi project. Transactions sent not only to that project but other associated projects as well are collected for further security analysis. A potential attack is flagged if a violation is detected on a critical invariant configured in BLOCKEYE, e.g., Benefit is achieved within a very short time and way much bigger than the cost. We applied BLOCKEYE in several popular DeFi projects and managed to discover potential security attacks that are unreported before. A video of BLOCKEYE is available at


EASYFLOW: Keep Ethereum Away From Overflow

While Ethereum smart contracts enabled a wide range of blockchain applic...

The Blockchain Imitation Game

The use of blockchains for automated and adversarial trading has become ...

EthScope: A Transaction-centric Security Analytics Framework to Detect Malicious Smart Contracts on Ethereum

As one of the representative blockchain platforms, Ethereum has attracte...

Security Analysis on Tangle-based Blockchain through Simulation

The Tangle-based structure becomes one of the most promising solutions w...

Towards the Comprehensive Understanding of Mempool DoS Security in Ethereum (Work in Progress)

While awareness has been recently raised on Ethereum mempool security, t...

Ethereum Name Service: the Good, the Bad, and the Ugly

DNS has always been criticized for its inherent design flaws, making the...

Detection Of Insider Attacks In Block Chain Network Using The Trusted Two Way Intrusion Detection System

For data privacy, system reliability, and security, Blockchain technolog...

Please sign up or login with your details

Forgot password? Click here to reset