Ethereum ERC-20 smart contracts are now widely utilized in various domains for trust and transparent transaction process. However, ERC-20 contracts face significant security risks, particularly backdoors that can lead to severe incidents. In backdoor attacks, malicious actors can exploit these vulnerabilities to perform unauthorized transactions, steal funds, or manipulate token balances, resulting in substantial financial losses and damaging trust of blockchain system. This paper introduces MDetector, a tool for efficiently detecting backdoors in ERC-20 contracts through static analysis. Firstly, MDetector defines 9 basic and 3 complex types of backdoors, covering existing potential risks. Based on these definitions, MDetector runs corresponding detection logic via datalog analysis. Secondly, MDetector is compatible with Solidity versions 0.4 to 0.8.24 and can be deployed on Linux, Windows and Android. Thirdly, MDetector initiates a high-performance decompilation engine to disassemble and convert contract bytecode into intermediate code. The experimental results demonstrate its high precision and reliability, achieving an accuracy of 94.0% in an average of just 1.3 s. This represents a significant improvement over the most advanced scientific tools currently available, achieving approximately 1.55 \(\times \) greater accuracy and 6.17 \(\times \) faster processing speed.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

No Place to Hide: An Efficient and Accurate Backdoor Detection Tool for Ethereum ERC-20 Smart Contracts

  • Shouchen Zhou,
  • Lu Zhou,
  • Yu Tao

摘要

Ethereum ERC-20 smart contracts are now widely utilized in various domains for trust and transparent transaction process. However, ERC-20 contracts face significant security risks, particularly backdoors that can lead to severe incidents. In backdoor attacks, malicious actors can exploit these vulnerabilities to perform unauthorized transactions, steal funds, or manipulate token balances, resulting in substantial financial losses and damaging trust of blockchain system. This paper introduces MDetector, a tool for efficiently detecting backdoors in ERC-20 contracts through static analysis. Firstly, MDetector defines 9 basic and 3 complex types of backdoors, covering existing potential risks. Based on these definitions, MDetector runs corresponding detection logic via datalog analysis. Secondly, MDetector is compatible with Solidity versions 0.4 to 0.8.24 and can be deployed on Linux, Windows and Android. Thirdly, MDetector initiates a high-performance decompilation engine to disassemble and convert contract bytecode into intermediate code. The experimental results demonstrate its high precision and reliability, achieving an accuracy of 94.0% in an average of just 1.3 s. This represents a significant improvement over the most advanced scientific tools currently available, achieving approximately 1.55 \(\times \) greater accuracy and 6.17 \(\times \) faster processing speed.