EASYFLOW: Keep Ethereum Away From Overflow
This addresses security vulnerabilities in Ethereum smart contracts to prevent money loss and financial disorder, representing an incremental improvement in detection methods.
The paper tackles the problem of overflow attacks in Ethereum smart contracts, which are common and easy to exploit, by developing EASYFLOW, an overflow detector at the Ethereum Virtual Machine level that uses taint analysis to track propagation and automatically generate transactions to trigger potential overflows, with preliminary evaluation showing it finds potentially vulnerable contracts with little runtime overhead.
While Ethereum smart contracts enabled a wide range of blockchain applications, they are extremely vulnerable to different forms of security attacks. Due to the fact that transactions to smart contracts commonly involve cryptocurrency transfer, any successful attacks can lead to money loss or even financial disorder. In this paper, we focus on the overflow attacks in Ethereum , mainly because they widely rooted in many smart contracts and comparatively easy to exploit. We have developed EASYFLOW , an overflow detector at Ethereum Virtual Machine level. The key insight behind EASYFLOW is a taint analysis based tracking technique to analyze the propagation of involved taints. Specifically, EASYFLOW can not only divide smart contracts into safe contracts, manifested overflows, well-protected overflows and potential overflows, but also automatically generate transactions to trigger potential overflows. In our preliminary evaluation, EASYFLOW managed to find potentially vulnerable Ethereum contracts with little runtime overhead.