Paper 2021/284

The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts

Christof Ferreira Torres, Antonio Ken Iannillo, Arthur Gervais, and Radu State

Abstract

In recent years, Ethereum gained tremendously in popularity, growing from a daily transaction average of 10K in January 2016 to an average of 500K in January 2020. Similarly, smart contracts began to carry more value, making them appealing targets for attackers. As a result, they started to become victims of attacks, costing millions of dollars. In response to these attacks, both academia and industry proposed a plethora of tools to scan smart contracts for vulnerabilities before deploying them on the blockchain. However, most of these tools solely focus on detecting vulnerabilities and not attacks, let alone quantifying or tracing the number of stolen assets. In this paper, we present Horus, a framework that empowers the automated detection and investigation of smart contract attacks based on logic-driven and graph-driven analysis of transactions. Horus provides quick means to quantify and trace the flow of stolen assets across the Ethereum blockchain. We perform a large-scale analysis of all the smart contracts deployed on Ethereum until May 2020. We identified 1,888 attacked smart contracts and 8,095 adversarial transactions in the wild. Our investigation shows that the number of attacks did not necessarily decrease over the past few years, but for some vulnerabilities remained constant. Finally, we also demonstrate the practicality of our framework via an in-depth analysis on the recent Uniswap and Lendf.me attacks.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. 25th International Conference on Financial Cryptography and Data Security 2021
Keywords
Ethereumsmart contractsattack detectionforensics
Contact author(s)
christof torres @ uni lu
History
2021-03-07: received
Short URL
https://ia.cr/2021/284
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/284,
      author = {Christof Ferreira Torres and Antonio Ken Iannillo and Arthur Gervais and Radu State},
      title = {The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/284},
      year = {2021},
      url = {https://eprint.iacr.org/2021/284}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.