HighGuard: Cross-Chain Business Logic Monitoring of Smart Contracts

Logical flaws in smart contracts are often exploited, leading to significant financial losses. Our tool, HighGuard, detects transactions that violate business logic specifications of smart contracts. HighGuard employs dynamic condition response (DCR) graph models as formal specifications to verify c...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE/ACM International Conference on Automated Software Engineering : [proceedings] s. 2378 - 2381
Hlavní autoři: Eshghie, Mojtaba, Artho, Cyrille, Stammler, Hans, Ahrendt, Wolfgang, Hildebrandt, Thomas T., Schneider, Gerardo
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: ACM 27.10.2024
Témata:
Blockchain Security
Business
Codes
DCR Graphs
Instruments
Logic
Monitoring
Runtime Monitoring
Security
Smart contracts
Software
Software engineering
Software testing
ISSN:2643-1572
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Logical flaws in smart contracts are often exploited, leading to significant financial losses. Our tool, HighGuard, detects transactions that violate business logic specifications of smart contracts. HighGuard employs dynamic condition response (DCR) graph models as formal specifications to verify contract execution against these models. It is capable of operating in a cross-chain environment for detecting business logic flaws across different blockchain platforms. We demonstrate HighGuard's effectiveness in identifying deviations from specified behaviors in smart contracts without requiring code instrumentation or incurring additional gas costs. By using precise specifications in the monitor, HighGuard achieves detection without false positives. Our evaluation, involving 54 exploits, confirms HighGuard's effectiveness in detecting business logic vulnerabilities.Our open-source implementation of HighGuard and a screencast of its usage are available at: https://github.com/mojtaba-eshghie/HighGuard https://www.youtube.com/watch?v=sZYVV-slDaYCCS CONCEPTS* Software and its engineering → Dynamic analysis; Software verification; Model checking; Functionality; Formal software verification; Software testing and debugging;* Security and privacy → Formal security models.
ISSN:2643-1572
DOI:10.1145/3691620.3695356