SigRec: Automatic Recovery of Function Signatures in Smart Contracts

Ting Chen; Zihao Li; Xiapu Luo; Xiaofeng Wang; Ting Wang; Zheyuan He; Kezhao Fang; Yufei Zhang; Hang Zhu; Hongwei Li; Yan Cheng; Xiaosong Zhang

Paper 2023/672

SigRec: Automatic Recovery of Function Signatures in Smart Contracts

Ting Chen, University of Electronic Science and Technology of China

Zihao Li, The Hong Kong Polytechnic University

Xiapu Luo, The Hong Kong Polytechnic University

Xiaofeng Wang, Indiana University Bloomington

Ting Wang, Pennsylvania State University

Zheyuan He, University of Electronic Science and Technology of China

Kezhao Fang, University of Electronic Science and Technology of China

Yufei Zhang, University of Electronic Science and Technology of China

Hang Zhu, University of Electronic Science and Technology of China

Hongwei Li, University of Electronic Science and Technology of China

Yan Cheng, Ant Group

Xiaosong Zhang, University of Electronic Science and Technology of China

Abstract

Millions of smart contracts have been deployed onto Ethereum for providing various services, whose functions can be invoked. For this purpose, the caller needs to know the function signature of a callee, which includes its function id and parameter types. Such signatures are critical to many applications focusing on smart contracts, e.g., reverse engineering, fuzzing, attack detection, and profiling. Unfortunately, it is challenging to recover the function signatures from contract bytecode, since neither debug information nor type information is present in the bytecode. To address this issue, prior approaches rely on source code, or a collection of known signatures from incomplete databases or incomplete heuristic rules, which, however, are far from adequate and cannot cope with the rapid growth of new contracts. In this paper, we propose a novel solution that leverages how functions are handled by Ethereum virtual machine (EVM) to automatically recover function signatures. In particular, we exploit how smart contracts determine the functions to be invoked to locate and extract function ids, and propose a new approach named type-aware symbolic execution (TASE) that utilizes the semantics of EVM operations on parameters to identify the number and the types of parameters. Moreover, we develop SigRec , a new tool for recovering function signatures from contract bytecode without the need of source code and function signature databases. The extensive experimental results show that SigRec outperforms all existing tools, achieving an unprecedented 98.7 percent accuracy within 0.074 seconds. We further demonstrate that the recovered function signatures are useful in attack detection, fuzzing and reverse engineering of EVM bytecode.

Metadata

Available format(s): PDF
Category: Applications
Publication info: Published elsewhere. IEEE Transactions on Software Engineering
DOI: 10.1109/TSE.2021.3078342
Keywords: smart contract function signature Ethereum automatic recovery type-aware symbolic execution.
Contact author(s): cszhli @ comp polyu edu hk
History: 2023-05-11: revised; 2023-05-11: received; See all versions
Short URL: https://ia.cr/2023/672
License: CC BY-NC-ND

BibTeX

@misc{cryptoeprint:2023/672,
      author = {Ting Chen and Zihao Li and Xiapu Luo and Xiaofeng Wang and Ting Wang and Zheyuan He and Kezhao Fang and Yufei Zhang and Hang Zhu and Hongwei Li and Yan Cheng and Xiaosong Zhang},
      title = {{SigRec}: Automatic Recovery of Function Signatures in Smart Contracts},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/672},
      year = {2023},
      doi = {10.1109/TSE.2021.3078342},
      url = {https://eprint.iacr.org/2023/672}
}