{\AE}GIS: Shielding Vulnerable Smart Contracts Against Attacks

TL;DR

{ extdegree}GIS is a dynamic runtime protection tool for smart contracts that detects vulnerabilities through customizable attack patterns, leveraging blockchain features for management, and demonstrates higher precision and real-world attack detection on Ethereum.

Contribution

{ extdegree}GIS introduces a novel, flexible, and precise runtime protection mechanism for smart contracts using attack patterns stored on the blockchain.

Findings

Achieves higher detection precision than existing tools.

Successfully detects both known and unreported attacks in Ethereum.

Demonstrates effectiveness on large-scale blockchain data.

Abstract

In recent years, smart contracts have suffered major exploits, costing millions of dollars. Unlike traditional programs, smart contracts are deployed on a blockchain. As such, they cannot be modified once deployed. Though various tools have been proposed to detect vulnerable smart contracts, the majority fails to protect vulnerable contracts that have already been deployed on the blockchain. Only very few solutions have been proposed so far to tackle the issue of post-deployment. However, these solutions suffer from low precision and are not generic enough to prevent any type of attack. In this work, we introduce {\AE}GIS, a dynamic analysis tool that protects smart contracts from being exploited during runtime. Its capability of detecting new vulnerabilities can easily be extended through so-called attack patterns. These patterns are written in a domain-specific language that is tailored to the execution model of Ethereum smart contracts. The language enables the description of malicious control and data flows. In addition, we propose a novel mechanism to streamline and speed up the process of managing attack patterns. Patterns are voted upon and stored via a smart contract, thus leveraging the benefits of tamper-resistance and transparency provided by the blockchain. We compare {\AE}GIS to current state-of-the-art tools and demonstrate that our solution achieves higher precision in detecting attacks. Finally, we perform a large-scale analysis on the first 4.5 million blocks of the Ethereum blockchain, thereby confirming the occurrences of well reported and yet unreported attacks in the wild.