Characterizing Ethereum Upgradable Smart Contracts and Their Security Implications
arxiv(2024)
摘要
Upgradeable smart contracts (USCs) have been widely adopted to enable
modifying deployed smart contracts. While USCs bring great flexibility to
developers, improper usage might introduce new security issues, potentially
allowing attackers to hijack USCs and their users. In this paper, we conduct a
large-scale measurement study to characterize USCs and their security
implications in the wild. We summarize six commonly used USC patterns and
develop a tool, USCDetector, to identify USCs without needing source code.
Particularly, USCDetector collects various information such as bytecode and
transaction information to construct upgrade chains for USCs and disclose
potentially vulnerable ones. We evaluate USCDetector using verified smart
contracts (i.e., with source code) as ground truth and show that USCDetector
can achieve high accuracy with a precision of 96.26
to conduct a large-scale study on Ethereum, covering a total of 60,251,064
smart contracts. USCDetecor constructs 10,218 upgrade chains and discloses
multiple real-world USCs with potential security issues.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要