Khái niệm cốt lõi
Context-Sensitive Concolic Verification (CSCV) is an effective method for automatically identifying various types of DeFi vulnerabilities by leveraging user-defined temporal properties.
Tóm tắt
The content discusses the security challenges faced by the decentralized finance (DeFi) ecosystem and proposes a novel method called Context-Sensitive Concolic Verification (CSCV) to address these challenges.
Key highlights:
- The authors investigated 80 real-world DeFi incidents from 2017 to 2022, which resulted in financial damages ranging from $2,400 to $600 million. They classified the underlying vulnerabilities into six types based on their root causes.
- Existing methods, such as symbolic execution, model checking, semantic analysis, and fuzzing, fall short in identifying the most severe DeFi vulnerability types, which include Business Logic Flaws (BF), Reentrancy (RE), and Price Oracle Manipulation (PM).
- CSCV is proposed as a method to automate the DeFi vulnerability finding process based on user-defined properties formulated in temporal logic. It builds and optimizes contexts to guide verification processes that dynamically construct context-carrying transition systems in tandem with concolic executions.
- The CSCV prototype successfully detected 76.25% of the vulnerabilities from the investigated incidents, with an average time of 253.06 seconds. It outperforms existing methods in various criteria, including vulnerable function path finding, malicious assignment generation, code-level property specification, protocol-level property specification, cross-contract analysis, and DeFi-focused analysis.
Thống kê
The authors investigated 80 real-world DeFi incidents from 2017 to 2022, which resulted in financial damages ranging from $2,400 to $600 million.
The authors classified the underlying vulnerabilities into six types based on their root causes: Business Logic Flaw (BF), Reentrancy (RE), Price Oracle Manipulation (PM), Insufficient Validation (IV), Access Control Flaw (AF), and Unexpected External Call (UE).
The experiment results show that the CSCV prototype successfully identified 61 vulnerabilities (76.25% of the total) and 1,498 attack vectors, including 20.96% of previously unknown attack vectors, with an average time of 253.06 seconds.
Trích dẫn
"Existing methods, based on symbolic execution, model checking, semantic analysis, and fuzzing, fall short in identifying the most DeFi vulnerability types."
"CSCV builds and optimizes contexts to guide verification processes that dynamically construct context-carrying transition systems in tandem with concolic executions."
"The experiment results show that our CSCV prototype successfully detects 76.25% of the vulnerabilities from the investigated incidents with an average time of 253.06 seconds."