Yi Li bio photo

Yi Li

Associate Professor

College of Computing and Data Science (CCDS)
Nanyang Technological University (NTU)

Address: Block N4-02b-63
50 Nanyang Avenue, Singapore 639798
Phone: +65 6790 4287

Email Twitter LinkedIn GitHub Bitbucket Google Scholar ORCID

Demystifying Invariant Effectiveness for Securing Smart Contracts

Zhiyang Chen, Ye Liu, Sidi Mohamed Beillahi, Yi Li, and Fan Long

In Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering (FSE), 2024

Abstract: Smart contract transactions associated with security attacks often exhibit distinct behavioral patterns compared with historical benign transactions before the attacking events. While many runtime monitoring and guarding mechanisms have been proposed to validate invariants and stop anomalous transactions on the fly, the empirical effectiveness of the invariants used remains largely unexplored. In this paper, we studied 23 prevalent invariants of 8 categories, which are either deployed in high-profile protocols or endorsed by leading auditing firms and security experts. Using these well-established invariants as templates, we developed a tool which dynamically generates new invariants customized for a given contract based on its historical transaction data. We evaluated our tool on 42 smart contracts that fell victim to 27 distinct exploits on the Ethereum blockchain. Our findings reveal that the most effective invariant guard alone can successfully block 18 of the 27 identified exploits with minimal gas overhead. Our analysis also shows that most of the invariants remain effective even when the experienced attackers attempt to bypass them. Additionally, we explored the possibility of combining multiple invariant guards, resulting in enhanced true positive rates and reduced false positive rates.

Cite:

@inproceedings{Chen2024DIE,
  author = {Chen, Zhiyang and Liu, Ye and Beillahi, Sidi Mohamed and Li, Yi and Long, Fan},
  booktitle = {Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering (FSE)},
  month = jul,
  title = {Demystifying Invariant Effectiveness for Securing Smart Contracts},
  year = {2024}
}
Paper