The paper discusses the growing threat of composability bugs in Decentralized Finance (DeFi) applications, particularly in the context of Constant Product Market Maker (CPMM) decentralized exchanges. It identifies two key safety invariants that, when violated, can lead to attackers stealing funds from CPMM exchanges.
The authors propose CPMM-Exploiter, a two-step approach to detect and exploit these CPMM composability bugs. First, CPMM-Exploiter uses grammar-based fuzzing to find transactions that break the identified safety invariants. Then, it refines these transactions to make them profitable for the attacker, effectively generating end-to-end exploits.
The evaluation shows that CPMM-Exploiter outperforms existing tools in detecting CPMM composability bugs, achieving recall values of 0.91 and 0.89 on two real-world exploit datasets. It is also significantly more efficient, detecting vulnerabilities 4.56 to 37 times faster than the baselines. Finally, the authors demonstrate the effectiveness of CPMM-Exploiter in the real world by running it on Ethereum and Binance Smart Chain, where it successfully generated 18 new exploits that could result in a total profit of 12.9K USD.
To Another Language
from source content
arxiv.org
Viktige innsikter hentet fra
by Sujin Han,Ji... klokken arxiv.org 04-09-2024
https://arxiv.org/pdf/2404.05297.pdfDypere Spørsmål