Conference:33rd USENIX Security Symposium
CCF level:CCF A
Categories:network and information security
Year:2024
Conference time:August 14–16, 2024 Philadelphia, PA, USA
Title:
All Your Tokens are Belong to Us: Demystifying Address Verification Vulnerabilities in Solidity Smart Contracts
你的所有代币都属于我们:揭秘 Solidity 智能合约中的地址验证漏洞
Authors:
Abstract:
In Ethereum, the practice of verifying the validity of the passed addresses is a common practice, which is a crucial step to ensure the secure execution of smart contracts. Vulnerabilities in the process of address verification can lead to great security issues, and anecdotal evidence has been reported by our community. However, this type of vulnerability has not been well studied. To fill the void, in this paper, we aim to characterize and detect this kind of emerging vulnerability. We design and implement AVVERIFIER, a lightweight taint analyzer based on static EVM opcode simulation. Its three-phase detector can progressively rule out false positives and false negatives based on the intrinsic characteristics. Upon a well-established and unbiased benchmark, AVVERIFIER can improve efficiency 2 to 5 times than the SOTA while maintaining a 94.3% precision and 100% recall. After a large-scale evaluation of over 5 million Ethereum smart contracts, we have identified 812 vulnerable smart contracts that were undisclosed by our community before this work, and 348 open source smart contracts were further verified, whose largest total value locked is over $11.2 billion. We further deploy AVVERIFIER as a real-time detector on Ethereum and Binance Smart Chain, and the results suggest that AVVERIFIER can raise timely warnings once contracts are deployed.
在以太坊中,验证传递地址的有效性是一种常见做法,这是确保智能合约安全执行的关键步骤。地址验证过程中的漏洞可能导致严重的安全问题,社区也报告了一些轶事证据。然而,这种类型的漏洞尚未得到很好的研究。为了填补空白,本文旨在表征和检测这种新出现的漏洞。我们设计并实现了 AVVERIFIER,一种基于静态 EVM 操作码模拟的轻量级污点分析器。它的3阶段检测器可以根据内在特征逐步排除误报和漏报。在一个完善且无偏见的基准上,AVVERIFIER 的效率可以比 SOTA 提高 2 到 5 倍,同时保持 94.3% 的准确率和 100% 的召回率。经过对超过 500 万个以太坊智能合约的大规模评估,我们识别出 812 个此前未被社区公开的易受攻击的智能合约,并进一步验证了 348 个开源智能合约,其中最大的总锁定价值超过 112 亿美元。我们进一步在以太坊和币安智能链上部署了 AVVERIFIER 作为实时检测器,结果表明 AVVERIFIER 可以在合约部署后及时发出警告。
