Checking smart contracts with structural code embedding

Ministry of Education, Singapore under its Academic Research Funding Tier

Detecting DeFi Securities Violations from Token Smart Contract Code

Decentralized Finance (DeFi) is a system of financial products and services built and delivered through smart contracts on various blockchains. In the past year, DeFi has gained popularity and market capitalization. However, it has also been connected to crime, in particular, various types of securities violations. The lack of Know Your Customer requirements in DeFi poses challenges to governments trying to mitigate potential offending in this space. This study aims to uncover whether this problem is suited to a machine learning approach, namely, whether we can identify DeFi projects potentially engaging in securities violations based on their tokens' smart contract code. We adapt prior work on detecting specific types of securities violations across Ethereum, building a random forest classifier based on features extracted from DeFi projects' tokens' smart contract code. The final classifier achieves a 98.6% F1-score. From further feature-level analysis, we find a single feature makes this a highly detectable problem. The high reliance on a single feature means that, at this stage, a complex machine learning model may not be necessary or desirable for this problem. However, this may change as DeFi securities violations become more sophisticated. Another contribution of our study is a new dataset, comprised of (a) a verified ground truth dataset for tokens involved in securities violations and (b) a set of legitimate tokens from a reputable DeFi aggregator. This paper further discusses the potential use of a model like ours by prosecutors in enforcement efforts and connects it to the wider legal context

Understanding (Mis)Behavior on the EOSIO Blockchain

© 2020 Copyright is held by the owner/author(s). EOSIO has become one of the most popular blockchain platforms since its mainnet launch in June 2018. In contrast to the traditional PoW-based systems (e.g., Bitcoin and Ethereum), which are limited by low throughput, EOSIO is the first high throughput Delegated Proof of Stake system that has been widely adopted by many decentralized applications. Although EOSIO has millions of accounts and billions of transactions, little is known about its ecosystem, especially related to security and fraud. In this paper, we perform a large-scale measurement study of the EOSIO blockchain and its associated DApps. We gather a large-scale dataset of EOSIO and characterize activities including money transfers, account creation and contract invocation. Using our insights, we then develop techniques to automatically detect bots and fraudulent activity. We discover thousands of bot accounts (over 30% of the accounts in the platform) and a number of real-world attacks (301 attack accounts). By the time of our study, 80 attack accounts we identified have been confirmed by DApp teams, causing 828,824 EOS tokens losses (roughly $2.6 million) in total

SourceP: Smart Ponzi Schemes Detection on Ethereum Using Pre-training Model with Data Flow

As blockchain technology becomes more and more popular, a typical financial scam, the Ponzi scheme, has also emerged in the blockchain platform Ethereum. This Ponzi scheme deployed through smart contracts, also known as the smart Ponzi scheme, has caused a lot of economic losses and negative impacts. Existing methods for detecting smart Ponzi schemes on Ethereum mainly rely on bytecode features, opcode features, account features, and transaction behavior features of smart contracts, and such methods lack interpretability and sustainability. In this paper, we propose SourceP, a method to detect smart Ponzi schemes on the Ethereum platform using pre-training models and data flow, which only requires using the source code of smart contracts as features to explore the possibility of detecting smart Ponzi schemes from another direction. SourceP reduces the difficulty of data acquisition and feature extraction of existing detection methods while increasing the interpretability of the model. Specifically, we first convert the source code of a smart contract into a data flow graph and then introduce a pre-training model based on learning code representations to build a classification model to identify Ponzi schemes in smart contracts. The experimental results show that SourceP achieves 87.2\% recall and 90.7\% F-score for detecting smart Ponzi schemes within Ethereum's smart contract dataset, outperforming state-of-the-art methods in terms of performance and sustainability. We also demonstrate through additional experiments that pre-training models and data flow play an important contribution to SourceP, as well as proving that SourceP has a good generalization ability.Comment: 12 page

A User-Centered Perspective for the blockchain Development

Blockchain technology is regarded as one of the most important digital innovations in the last two decades. Its applicability beyond cryptocurrencies has been a growing topic of research interest not only in computer science but also in other areas, such as marketing, finance, law, healthcare, etc. However blockchain is far from reaching the population on a larger scale. The dissertation evaluates the causes that are preventing successful implementation and adoption of blockchain technology at a larger scale, supporting infrastructure for public and private companies. The latest academic research suggests that the blockchain services are still in an early stage, and standards for developing blockchain-based applications have not been defined yet. Moreover the interaction with the blockchain technology is still complex, especially for non expert users, because it requires many technical skills. The dissertation focuses on this knowledge gap as a cause for the blockchain missing reach on society at a larger scale. This work aims to fill the gap by presenting innovative methodologies and user-centered models that could help the adoption of the blockchain technology by a larger number of private/public companies and individuals. Based on these models, specific tools for both expert and non-expert users are developed and discussed in the dissertation. First, tools for expert users, i.e., software developers, are proposed to analyze the smart contracts’ source code, to collect the smart contracts in a reasoned repository, and to identify code clones and boost the use of open source libraries for a better collective practice in developing and maintaining the blockchain. Second, tools for non-expert users, i.e. people with no technical knowledge, are proposed to suggest them the fairest fees to pay to have their transactions executed according to the price and waiting times they are willing to spend, and to identify malicious smart contracts that can deceive them, thus preventing them to trust the blockchain and use it again. Finally, visualization models for users with expertise in different disciplines are proposed to provide them with graphical representations that can foster the understanding of the blockchain underlying mechanisms