EVulHunter: Detecting Fake Transfer Vulnerabilities for EOSIO's Smart Contracts at Webassembly-level
Lijin Quan, Lei Wu, Haoyu Wang
TL;DR
EVulHunter is a static analysis tool designed to automatically detect fake transfer vulnerabilities in EOSIO WebAssembly smart contracts, addressing a critical security gap in blockchain applications.
Contribution
This paper introduces EVulHunter, the first automated tool for detecting specific vulnerabilities in EOSIO's WebAssembly smart contracts, focusing on fake transfer issues.
Findings
Successfully detects fake transfer vulnerabilities in EOSIO WASM code
Operates efficiently with high accuracy in identifying security flaws
Available as an open-source tool on GitHub
Abstract
As one of the representative Delegated Proof-of-Stake (DPoS) blockchain platforms, EOSIO's ecosystem grows rapidly in recent years. A number of vulnerabilities and corresponding attacks of EOSIO's smart contracts have been discovered and observed in the wild, which caused a large amount of financial damages. However, the majority of EOSIO's smart contracts are not open-sourced. As a result, the WebAssembly code may become the only available object to be analyzed in most cases. Unfortunately, current tools are web-application oriented and cannot be applied to EOSIO WebAssembly code directly, which makes it more difficult to detect vulnerabilities from those smart contracts. In this paper, we propose \toolname, a static analysis tool that can be used to detect vulnerabilities from EOSIO WASM code automatically. We focus on one particular type of vulnerabilities named…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsBlockchain Technology Applications and Security · Advanced Malware Detection Techniques · Spam and Phishing Detection