In recent years, Ethereum gained tremendously in popularity, growing from a daily transaction average of 10K in January 2016 to an average of 500K in January 2020. Similarly, smart contracts began to carry more value, making them appealing targets for attackers. As a result, they started to become victims of attacks, costing millions of dollars. In response to these attacks, both academia and industry proposed a plethora of tools to scan smart contracts for vulnerabilities before deploying them on the blockchain. However, most of these tools solely focus on detecting vulnerabilities and not attacks, let alone quantifying or tracing the number of stolen assets. In this paper, we present Horus, a framework that empowers the automated detection and investigation of smart contract attacks based on logic-driven and graph-driven analysis of transactions. Horus provides quick means to quantify and trace the flow of stolen assets across the Ethereum blockchain. We perform a large-scale analysis of all the smart contracts deployed on Ethereum until May 2020. We identified 1,888 attacked smart contracts and 8,095 adversarial transactions in the wild. Our investigation shows that the number of attacks did not necessarily decrease over the past few years, but for some vulnerabilities remained constant. Finally, we also demonstrate the practicality of our framework via an in-depth analysis on the recent Uniswap and Lendf.me attacks.
翻译:近些年来,Eceenum的受欢迎程度大增,从2016年1月的每日交易平均数10K增加到2020年1月的500K。同样,智能合同开始具有更大的价值,使得它们成为袭击者的吸引力目标。因此,它们开始成为袭击的受害者,花费了数百万美元。为了应对这些袭击,学术界和工业界都提出了大量工具,在将智能合同用于脆弱性扫描之前,在将这些合同部署在铁链上。然而,这些工具大多仅仅侧重于发现弱点而不是攻击,更不用说量化或追踪被盗资产的数量。在本文中,我们介绍了Horus,这是一个基于逻辑驱动和图表驱动的交易分析而自动发现和调查智能合同袭击的框架。Horus提供了快速量化和追踪被盗资产在Etheurum链上流动情况的手段。我们在2020年5月之前对所有在Etheinum上部署的智能合同进行了大规模分析。我们发现了1,888年袭击智能合同和野外8,095项对抗性交易。我们的调查表明,过去几年袭击的数量不一定减少,而是以逻辑驱动和图表驱动的交易。最后展示了我们的一些弱点。