The paper discusses the growing threat of composability bugs in Decentralized Finance (DeFi) applications, particularly in the context of Constant Product Market Maker (CPMM) decentralized exchanges. It identifies two key safety invariants that, when violated, can lead to attackers stealing funds from CPMM exchanges.
The authors propose CPMM-Exploiter, a two-step approach to detect and exploit these CPMM composability bugs. First, CPMM-Exploiter uses grammar-based fuzzing to find transactions that break the identified safety invariants. Then, it refines these transactions to make them profitable for the attacker, effectively generating end-to-end exploits.
The evaluation shows that CPMM-Exploiter outperforms existing tools in detecting CPMM composability bugs, achieving recall values of 0.91 and 0.89 on two real-world exploit datasets. It is also significantly more efficient, detecting vulnerabilities 4.56 to 37 times faster than the baselines. Finally, the authors demonstrate the effectiveness of CPMM-Exploiter in the real world by running it on Ethereum and Binance Smart Chain, where it successfully generated 18 new exploits that could result in a total profit of 12.9K USD.
Ke Bahasa Lain
dari konten sumber
arxiv.org
Wawasan Utama Disaring Dari
by Sujin Han,Ji... pada arxiv.org 04-09-2024
https://arxiv.org/pdf/2404.05297.pdfPertanyaan yang Lebih Dalam