UPC Sentinel: An Accurate Approach for Detecting Upgradeability Proxy Contracts in Ethereum

TL;DR

This paper presents UPC Sentinel, a highly accurate algorithm combining static and dynamic analysis to detect upgradeability proxy contracts in Ethereum DApps, aiding transparency and security in smart contract maintenance.

Contribution

Introduces UPC Sentinel, a novel three-layer analysis method that significantly improves detection accuracy of upgradeability proxies in Ethereum smart contracts.

Findings

Achieved 99% accuracy on first dataset

Attained 100% precision and 99.3% recall on second dataset

Outperformed existing state-of-the-art detection methods

Abstract

Software applications that run on a blockchain platform are known as DApps. DApps are built using smart contracts, which are immutable after deployment. Just like any real-world software system, DApps need to receive new features and bug fixes over time in order to remain useful and secure. However, Ethereum lacks native solutions for post-deployment smart contract maintenance, requiring developers to devise their own methods. A popular method is known as the upgradeability proxy contract (UPC), which involves implementing the proxy design pattern (as defined by the Gang of Four). In this method, client calls first hit a proxy contract, which then delegates calls to a certain implementation contract. Most importantly, the proxy contract can be reconfigured during runtime to delegate calls to another implementation contract, effectively enabling application upgrades. For researchers, the accurate detection of UPCs is a strong requirement in the understanding of how exactly real-world DApps are maintained over time. For practitioners, the accurate detection of UPCs is crucial for providing application behavior transparency and enabling auditing. In this paper, we introduce UPC Sentinel, a novel three-layer algorithm that utilizes both static and dynamic analysis of smart contract bytecode to accurately detect active UPCs. We evaluated UPC Sentinel using two distinct ground truth datasets. In the first dataset, our method demonstrated a near-perfect accuracy of 99%. The evaluation on the second dataset further established our method's efficacy, showing a perfect precision rate of 100% and a near-perfect recall of 99.3%, outperforming the state of the art. Finally, we discuss the potential value of UPC Sentinel in advancing future research efforts.