Skip to main content
UNIVERSITY OF ILLINOIS URBANA-CHAMPAIGN
Toggle navigation
Research
Dropdown menu toggle
Artificial Intelligence
Arts and Humanities
Astrophysics
Digital Agriculture
Earth and Environment
Engineering
Health Sciences
Project Highlights
Expertise
Dropdown menu toggle
Compute Resources
Data Analytics
Facilities
Innovative Systems
Integrated Cyberinfrastructure
Program Administration
Software and Applications
User Services
Visualization
People
Dropdown menu toggle
Leadership
Directorates
Staff Directory
News & Events
Dropdown menu toggle
News
Calendar
Press Room
Tours
About
Dropdown menu toggle
Careers
Fellowships & Internships
Industry Partner Program
Institutional Partnerships
Diversity
History
Giving
Contact
Search
Search
Toggle navigation
Calendar
National Center for Supercomputing Applications WordPress Master Calendar
Share on Facebook
Tweet
Email
add to calendar
contact
add an event
View Full Calendar
NCSA staff who would like to submit an item for the calendar can email
newsdesk@ncsa.illinois.edu
.
SmartAxe: Detecting Cross-Chain Vulnerabilities in Bridge Smart Contracts via Fine-Grained Static Analysis
Event Type
Seminar/Symposium
Sponsor
PL/FM/SE
Location
0222 Siebel Center and Zoom
Virtual
Date
Oct 25, 2024 2:00 - 3:00 pm
Speaker
Siheng Pan, UIUC
Contact
Kristin Irle
E-Mail
kirle@illinois.edu
Phone
217-244-0229
Views
28
Originating Calendar
Siebel School Speakers Calendar
Abstract:
With the increasing popularity of blockchain, different blockchain platforms coexist in the ecosystem (e.g., Ethereum, BNB, EOSIO, etc.), which prompts the high demand for cross-chain communication. Cross-chain bridge is a specific type of decentralized application for asset exchange across different blockchain platforms. Securing the smart contracts of cross-chain bridges is in urgent need, as there are a number of recent security incidents with heavy financial losses caused by vulnerabilities in bridge smart contracts, as we call them Cross-Chain Vulnerabilities (CCVs). However, automatically identifying CCVs in smart contracts poses several unique challenges. Particularly, it is non-trivial to (1) identify application-specific access control constraints needed for cross-bridge asset exchange, and (2) identify inconsistent cross-chain semantics between the two sides of the bridge.
In this paper, we propose SmartAxe, a new framework to identify vulnerabilities in cross-chain bridge smart contracts. Particularly, to locate vulnerable functions that have access control incompleteness, SmartAxe models the heterogeneous implementations of access control and finds necessary security checks in smart contracts through probabilistic pattern inference. Besides, SmartAxe constructs cross-chain control-flow graph (xCFG) and data-flow graph (xDFG), which help to find semantic inconsistency during cross-chain data communication. To evaluate SmartAxe, we collect and label a dataset of 88 CCVs from real-attacks cross-chain bridge contracts. Evaluation results show that SmartAxe achieves a precision of 84.95% and a recall of 89.77%. In addition, SmartAxe successfully identifies 232 new/unknown CCVs from 129 real-world cross-chain bridge applications (i.e., from 1,703 smart contracts). These identified CCVs affect a total amount of digital assets worth 1,885,250 USD.
Reference
:
https://arxiv.org/abs/2406.15999
link for robots only
Back to top