TL;DR
This paper analyzes cryptographic defects in Ethereum smart contracts, categorizes common issues, and introduces CrySol, a fuzzing-based tool that effectively detects these defects with high precision and recall.
Contribution
It provides the first comprehensive categorization of cryptographic defects in smart contracts and develops CrySol, a novel tool for automated detection using fuzzing and dynamic analysis.
Findings
CrySol achieves 95.4% precision and 91.2% recall in defect detection.
22.7% of analyzed smart contracts contain cryptographic defects.
The study highlights the widespread presence of cryptographic issues in real-world contracts.
Abstract
Ethereum has officially provided a set of system-level cryptographic APIs to enhance smart contracts with cryptographic capabilities. These APIs have been utilized in over 10% of Ethereum transactions, motivating developers to implement various on-chain cryptographic tasks, such as digital signatures. However, since developers may not always be cryptographic experts, their ad-hoc and potentially defective implementations could compromise the theoretical guarantees of cryptography, leading to real-world security issues. To mitigate this threat, we conducted the first study aimed at demystifying and detecting cryptographic defects in smart contracts. Through the analysis of 2,406 real-world security reports, we defined nine types of cryptographic defects in smart contracts with detailed descriptions and practical detection patterns. Based on this categorization, we proposed CrySol, a…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
