HighGuard: Cross-Chain Business Logic Monitoring of Smart Contracts

Logical flaws in smart contracts are often exploited, leading to significant financial losses. Our tool, HighGuard, detects transactions that violate business logic specifications of smart contracts. HighGuard employs dynamic condition response (DCR) graph models as formal specifications to verify c...

Full description

Saved in:
Bibliographic Details
Published in:IEEE/ACM International Conference on Automated Software Engineering : [proceedings] pp. 2378 - 2381
Main Authors: Eshghie, Mojtaba, Artho, Cyrille, Stammler, Hans, Ahrendt, Wolfgang, Hildebrandt, Thomas T., Schneider, Gerardo
Format: Conference Proceeding
Language:English
Published: ACM 27.10.2024
Subjects:
Blockchain Security
Business
Codes
DCR Graphs
Instruments
Logic
Monitoring
Runtime Monitoring
Security
Smart contracts
Software
Software engineering
Software testing
ISSN:2643-1572
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Logical flaws in smart contracts are often exploited, leading to significant financial losses. Our tool, HighGuard, detects transactions that violate business logic specifications of smart contracts. HighGuard employs dynamic condition response (DCR) graph models as formal specifications to verify contract execution against these models. It is capable of operating in a cross-chain environment for detecting business logic flaws across different blockchain platforms. We demonstrate HighGuard's effectiveness in identifying deviations from specified behaviors in smart contracts without requiring code instrumentation or incurring additional gas costs. By using precise specifications in the monitor, HighGuard achieves detection without false positives. Our evaluation, involving 54 exploits, confirms HighGuard's effectiveness in detecting business logic vulnerabilities.Our open-source implementation of HighGuard and a screencast of its usage are available at: https://github.com/mojtaba-eshghie/HighGuard https://www.youtube.com/watch?v=sZYVV-slDaYCCS CONCEPTS* Software and its engineering → Dynamic analysis; Software verification; Model checking; Functionality; Formal software verification; Software testing and debugging;* Security and privacy → Formal security models.
ISSN:2643-1572
DOI:10.1145/3691620.3695356