34 research outputs found
Checking smart contracts with structural code embedding
Ministry of Education, Singapore under its Academic Research Funding Tier
Detecting DeFi Securities Violations from Token Smart Contract Code
Decentralized Finance (DeFi) is a system of financial products and services
built and delivered through smart contracts on various blockchains. In the past
year, DeFi has gained popularity and market capitalization. However, it has
also been connected to crime, in particular, various types of securities
violations. The lack of Know Your Customer requirements in DeFi poses
challenges to governments trying to mitigate potential offending in this space.
This study aims to uncover whether this problem is suited to a machine learning
approach, namely, whether we can identify DeFi projects potentially engaging in
securities violations based on their tokens' smart contract code. We adapt
prior work on detecting specific types of securities violations across
Ethereum, building a random forest classifier based on features extracted from
DeFi projects' tokens' smart contract code. The final classifier achieves a
98.6% F1-score. From further feature-level analysis, we find a single feature
makes this a highly detectable problem. The high reliance on a single feature
means that, at this stage, a complex machine learning model may not be
necessary or desirable for this problem. However, this may change as DeFi
securities violations become more sophisticated. Another contribution of our
study is a new dataset, comprised of (a) a verified ground truth dataset for
tokens involved in securities violations and (b) a set of legitimate tokens
from a reputable DeFi aggregator. This paper further discusses the potential
use of a model like ours by prosecutors in enforcement efforts and connects it
to the wider legal context
Understanding (Mis)Behavior on the EOSIO Blockchain
© 2020 Copyright is held by the owner/author(s). EOSIO has become one of the most popular blockchain platforms since its mainnet launch in June 2018. In contrast to the traditional PoW-based systems (e.g., Bitcoin and Ethereum), which are limited by low throughput, EOSIO is the first high throughput Delegated Proof of Stake system that has been widely adopted by many decentralized applications. Although EOSIO has millions of accounts and billions of transactions, little is known about its ecosystem, especially related to security and fraud. In this paper, we perform a large-scale measurement study of the EOSIO blockchain and its associated DApps. We gather a large-scale dataset of EOSIO and characterize activities including money transfers, account creation and contract invocation. Using our insights, we then develop techniques to automatically detect bots and fraudulent activity. We discover thousands of bot accounts (over 30% of the accounts in the platform) and a number of real-world attacks (301 attack accounts). By the time of our study, 80 attack accounts we identified have been confirmed by DApp teams, causing 828,824 EOS tokens losses (roughly $2.6 million) in total
SourceP: Smart Ponzi Schemes Detection on Ethereum Using Pre-training Model with Data Flow
As blockchain technology becomes more and more popular, a typical financial
scam, the Ponzi scheme, has also emerged in the blockchain platform Ethereum.
This Ponzi scheme deployed through smart contracts, also known as the smart
Ponzi scheme, has caused a lot of economic losses and negative impacts.
Existing methods for detecting smart Ponzi schemes on Ethereum mainly rely on
bytecode features, opcode features, account features, and transaction behavior
features of smart contracts, and such methods lack interpretability and
sustainability. In this paper, we propose SourceP, a method to detect smart
Ponzi schemes on the Ethereum platform using pre-training models and data flow,
which only requires using the source code of smart contracts as features to
explore the possibility of detecting smart Ponzi schemes from another
direction. SourceP reduces the difficulty of data acquisition and feature
extraction of existing detection methods while increasing the interpretability
of the model. Specifically, we first convert the source code of a smart
contract into a data flow graph and then introduce a pre-training model based
on learning code representations to build a classification model to identify
Ponzi schemes in smart contracts. The experimental results show that SourceP
achieves 87.2\% recall and 90.7\% F-score for detecting smart Ponzi schemes
within Ethereum's smart contract dataset, outperforming state-of-the-art
methods in terms of performance and sustainability. We also demonstrate through
additional experiments that pre-training models and data flow play an important
contribution to SourceP, as well as proving that SourceP has a good
generalization ability.Comment: 12 page
A User-Centered Perspective for the blockchain Development
Blockchain technology is regarded as one of the most important digital innovations in the last two decades. Its applicability beyond cryptocurrencies has been a growing topic of research interest not only in computer science but also in other areas, such as marketing, finance, law, healthcare, etc. However blockchain is far from reaching the population on a larger scale. The dissertation evaluates the causes that are preventing successful implementation and adoption of blockchain technology at a larger scale, supporting infrastructure for public and private companies.
The latest academic research suggests that the blockchain services are still in an early stage, and standards for developing blockchain-based applications have not been defined yet. Moreover the interaction with the blockchain technology is still complex, especially for non expert users, because it requires many technical skills. The dissertation focuses on this knowledge gap as a cause for the blockchain missing reach on society at a larger scale. This work aims to fill the gap by presenting innovative methodologies and user-centered models that could help the adoption of the blockchain technology by a larger number of private/public companies and individuals. Based on these models, specific tools for both expert and non-expert users are developed and discussed in the dissertation.
First, tools for expert users, i.e., software developers, are proposed to analyze the smart contracts’ source code, to collect the smart contracts in a reasoned repository, and to identify code clones and boost the use of open source libraries for a better collective practice in developing and maintaining the blockchain. Second, tools for non-expert users, i.e. people with no technical knowledge, are proposed to suggest them the fairest fees to pay to have their transactions executed according to the price and waiting times they are willing to spend, and to identify malicious smart contracts that can deceive them, thus preventing them to trust the blockchain and use it again. Finally, visualization models for users with expertise in different disciplines are proposed to provide them with graphical representations that can foster the understanding of the blockchain underlying mechanisms