Core Concepts
Dynamically inferred runtime invariants can effectively neutralize a majority of real-world smart contract exploits while maintaining low false positive rates.
Abstract
The paper presents a comprehensive study on the effectiveness of 23 invariant templates for securing smart contracts against security attacks. The key findings are:
- Certain invariant templates outperform others in terms of effectiveness, with the most effective single invariant able to block 18 out of 27 identified exploits.
- Most invariants remain effective even when experienced attackers attempt to bypass them, as the invariants directly counter critical elements of the attack strategies.
- Normal users can often circumvent invariant guards, mitigating the impact on user experience.
- Combining multiple invariants through disjunction or conjunction can enhance security coverage and reduce false positive rates.
The authors developed Trace2Inv, a tool that dynamically infers these invariants from historical transaction data. Trace2Inv was evaluated on 42 smart contracts that fell victim to 27 distinct exploits, demonstrating its ability to effectively secure smart contracts against real-world attacks.
Stats
The exploit transaction in the Harvest Finance incident consumed an unusually high gas count of 9,895,111, narrowly within the gas limit of 12,065,986 at the time.
The exploit transaction in the Harvest Finance incident distorted the market of Curve, another DeFi protocol, to cause the Harvest Finance to make sub-optimal investment decisions.
The exploit transaction in the Harvest Finance incident invoked the deposit and withdraw functions 3 times within a single transaction.
The exploit transaction in the Harvest Finance incident elevated the total supply of fUSDC tokens to an all-time high.
Quotes
"Transactions initiated by attackers often display abnormal behaviors when compared to standard transactions from regular DeFi contract users."
"Properly constructed invariants are effective in neutralizing security threats in 39 out of the 42 benchmark contracts."
"Selected invariants in the access control, time lock, gas control, money flow, and data flow groups often directly counter critical elements of attack strategies, such as flash loans and transaction atomicity."