Show simple item record

dc.contributor.authorJi, R
dc.contributor.authorHe, N
dc.contributor.authorWu, L
dc.contributor.authorWang, H
dc.contributor.authorBai, G
dc.contributor.authorGuo, Y
dc.date.accessioned2021-05-10T05:29:22Z
dc.date.available2021-05-10T05:29:22Z
dc.date.issued2020
dc.identifier.isbn9781728185583
dc.identifier.doi10.1109/ICECCS51672.2020.00022
dc.identifier.urihttp://hdl.handle.net/10072/404250
dc.description.abstractCryptocurrency has seen an explosive growth in recent years, thanks to the evolvement of blockchain technology and its economic ecosystem. Besides Bitcoin, thousands of cryptocur-rencies have been distributed on blockchains, while hundreds of cryptocurrency exchanges are emerging to facilitate the trading of digital assets. At the same time, it also attracts the attentions of attackers. Fake deposit, as one of the most representative attacks (vulnerabilities) related to exchanges and tokens, has been frequently observed in the blockchain ecosystem, causing large financial losses. However, besides a few security reports, our community lacks the understanding of this vulnerability, for example its scale and the impacts. In this paper, we take the first step to demystify the fake deposit vulnerability. Based on the essential patterns we have summarized, we implement DEPOSafe, an automated tool to detect and verify (exploit) the fake deposit vulnerability in ERC-20 smart contracts. DEPOSafe incorporates several key techniques including symbolic execution based static analysis and behavior modeling based dynamic verification. By applying DEPOSafe to 176,000 ERC-20 smart contracts, we have identified over 7,000 vulnerable contracts that may suffer from two types of attacks. Our findings demonstrate the urgency to identify and prevent the fake deposit vulnerability.
dc.description.peerreviewedYes
dc.languageEnglish
dc.publisherIEEE
dc.relation.ispartofconferencename25th International Conference on Engineering of Complex Computer Systems (ICECCS)
dc.relation.ispartofconferencetitleProceedings of the IEEE International Conference on Engineering of Complex Computer Systems, ICECCS
dc.relation.ispartofdatefrom2020-10-28
dc.relation.ispartofdateto2020-10-31
dc.relation.ispartoflocationSingapore
dc.relation.ispartofpagefrom125
dc.relation.ispartofpageto134
dc.subject.fieldofresearchApplied economics
dc.subject.fieldofresearchcode3801
dc.titleDEPOSafe: Demystifying the Fake Deposit Vulnerability in Ethereum Smart Contracts
dc.typeConference output
dc.type.descriptionE1 - Conferences
dcterms.bibliographicCitationJi, R; He, N; Wu, L; Wang, H; Bai, G; Guo, Y, DEPOSafe: Demystifying the Fake Deposit Vulnerability in Ethereum Smart Contracts, Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems, ICECCS, 2020, 2020-October, pp. 125-134
dc.date.updated2021-05-06T01:18:12Z
dc.description.versionAccepted Manuscript (AM)
gro.rights.copyright© 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
gro.hasfulltextFull Text
gro.griffith.authorBai, Guangdong


Files in this item

This item appears in the following Collection(s)

  • Conference outputs
    Contains papers delivered by Griffith authors at national and international conferences.

Show simple item record