Pied-Piper: Revealing the Backdoor Threats in Ethereum ERC Token Contracts
نویسندگان
چکیده
With the development of decentralized networks, smart contracts, especially those for ERC tokens, are attracting more and Dapp users to implement their applications. There some functions in token contracts that only a specific group accounts could invoke. Among functions, even can influence other or whole system without prior notice permission. These referred as contract backdoors. Once exploited by an attacker, they cause property losses harm users’ privacy. In this work, we propose Pied-Piper, hybrid analysis method integrates datalog directed fuzzing detect backdoor threats Ethereum contracts. First, is applied abstract data structures identification rules related preliminary static detection. Then, eliminate false positives caused analysis. We first evaluated Pied-Piper on 200 which injected with different types It reported all problems positives, none was missed. 13,484 real deployed Ethereum. 189 confirmed problems, four have been assigned unique CVE ids while others still review process. Each takes 8.03 seconds average, engine within one minute.
منابع مشابه
The Pied Piper of Hamelin
The German dramatist Carl Zuckmayer once claimed for the story of the Pied Piper of Hamelin a preeminent position among legends that have been influential in both folklore and literature.1 Even those who question Zuckmayer's view might find good grounds for reviewing the legend's history in folkloric and literary tradition. In 1984 the town of Hameln (Hamelin) in Germany celebrated the seven hu...
متن کاملThe Pied Piper of Hamelin
The German dramatist Carl Zuckmayer once claimed for the story of the Pied Piper of Hamelin a preeminent position among legends that have been influential in both folklore and literature.1 Even those who question Zuckmayer's view might find good grounds for reviewing the legend's history in folkloric and literary tradition. In 1984 the town of Hameln (Hamelin) in Germany celebrated the seven hu...
متن کاملFindel: Secure Derivative Contracts for Ethereum
Blockchain-based smart contracts are considered a promising technology for handling financial agreements securely. In order to realize this vision, we need a formal language to unambiguously describe contract clauses. We introduce Findel – a purely declarative financial domain-specific language (DSL) well suited for implementation in blockchain networks. We implement an Ethereum smart contract ...
متن کاملThe Pied Piper: A Parasitic Beetle’s Melodies Modulate Ant Behaviours
Ants use various communication channels to regulate their social organisation. The main channel that drives almost all the ants' activities and behaviours is the chemical one, but it is long acknowledged that the acoustic channel also plays an important role. However, very little is known regarding exploitation of the acoustical channel by myrmecophile parasites to infiltrate the ant society. A...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: ACM Transactions on Software Engineering and Methodology
سال: 2023
ISSN: ['1049-331X', '1557-7392']
DOI: https://doi.org/10.1145/3560264