当前位置:
X-MOL 学术
›
IEEE Trans. Softw. Eng.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
CRPWarner: Warning the Risk of Contract-Related Rug Pull in DeFi Smart Contracts
IEEE Transactions on Software Engineering ( IF 6.5 ) Pub Date : 4-30-2024 , DOI: 10.1109/tse.2024.3392451 Zewei Lin 1 , Jiachi Chen 1 , Jiajing Wu 1 , Weizhe Zhang 2 , Yongjuan Wang 3 , Zibin Zheng 1
IEEE Transactions on Software Engineering ( IF 6.5 ) Pub Date : 4-30-2024 , DOI: 10.1109/tse.2024.3392451 Zewei Lin 1 , Jiachi Chen 1 , Jiajing Wu 1 , Weizhe Zhang 2 , Yongjuan Wang 3 , Zibin Zheng 1
Affiliation
In recent years, Decentralized Finance (DeFi) has grown rapidly due to the development of blockchain technology and smart contracts. As of March 2023, the estimated global cryptocurrency market cap has reached approximately $949 billion. However, security incidents continue to plague the DeFi ecosystem, and one of the most notorious examples is the “Rug Pull” scam. This type of cryptocurrency scam occurs when the developer of a particular token project intentionally abandons the project and disappears with investors’ funds. Despite only emerging in recent years, Rug Pull events have already caused significant financial losses. In this work, we manually collected and analyzed 103 real-world rug pull events, categorizing them based on their scam methods. Two primary categories were identified: Contract-related Rug Pull (through malicious functions in smart contracts) and Transaction-related Rug Pull (through cryptocurrency trading without utilizing malicious functions). Based on the analysis of rug pull events, we propose CRPWarner (short for C
ontract-related R
ug P
ull Risk Warner
) to identify malicious functions in smart contracts and issue warnings regarding potential rug pulls. We evaluated CRPWarner on 69 open-source smart contracts related to rug pull events and achieved a 91.8% precision, 85.9% recall, and 88.7% F1-score. Additionally, when evaluating CRPWarner on 13,484 real-world token contracts on Ethereum, it successfully detected 4168 smart contracts with malicious functions, including zero-day examples. The precision of large-scale experiments reaches 84.9%.
中文翻译:
CRPWarner:警告 DeFi 智能合约中与合约相关的拉动风险
近年来,由于区块链技术和智能合约的发展,去中心化金融(DeFi)迅速发展。截至 2023 年 3 月,全球加密货币市值估计已达到约 9490 亿美元。然而,安全事件继续困扰着 DeFi 生态系统,其中最臭名昭著的例子之一就是“Rug Pull”骗局。当特定代币项目的开发商故意放弃该项目并带着投资者的资金消失时,就会发生这种类型的加密货币骗局。尽管拉动事件是近年来才出现的,但它已经造成了重大的经济损失。在这项工作中,我们手动收集并分析了 103 个真实世界的拉地毯事件,并根据其诈骗方法对它们进行了分类。确定了两个主要类别:与合同相关的 Rug Pull(通过智能合约中的恶意功能)和与交易相关的 Rug Pull(通过不利用恶意功能的加密货币交易)。基于对rug pull事件的分析,我们提出了CRPWarner(合约相关Rug Pull Risk Warner的缩写)来识别智能合约中的恶意功能,并对潜在的rug pull发出警告。我们对 CRPWarner 的 69 个与拉地毯事件相关的开源智能合约进行了评估,获得了 91.8% 的准确率、85.9% 的召回率和 88.7% 的 F1 分数。此外,在对以太坊上的 13,484 个真实代币合约进行评估时,CRPWarner 成功检测到了 4168 个具有恶意功能的智能合约,其中包括零日示例。大规模实验精度达到84.9%。
更新日期:2024-08-19
中文翻译:
CRPWarner:警告 DeFi 智能合约中与合约相关的拉动风险
近年来,由于区块链技术和智能合约的发展,去中心化金融(DeFi)迅速发展。截至 2023 年 3 月,全球加密货币市值估计已达到约 9490 亿美元。然而,安全事件继续困扰着 DeFi 生态系统,其中最臭名昭著的例子之一就是“Rug Pull”骗局。当特定代币项目的开发商故意放弃该项目并带着投资者的资金消失时,就会发生这种类型的加密货币骗局。尽管拉动事件是近年来才出现的,但它已经造成了重大的经济损失。在这项工作中,我们手动收集并分析了 103 个真实世界的拉地毯事件,并根据其诈骗方法对它们进行了分类。确定了两个主要类别:与合同相关的 Rug Pull(通过智能合约中的恶意功能)和与交易相关的 Rug Pull(通过不利用恶意功能的加密货币交易)。基于对rug pull事件的分析,我们提出了CRPWarner(合约相关Rug Pull Risk Warner的缩写)来识别智能合约中的恶意功能,并对潜在的rug pull发出警告。我们对 CRPWarner 的 69 个与拉地毯事件相关的开源智能合约进行了评估,获得了 91.8% 的准确率、85.9% 的召回率和 88.7% 的 F1 分数。此外,在对以太坊上的 13,484 个真实代币合约进行评估时,CRPWarner 成功检测到了 4168 个具有恶意功能的智能合约,其中包括零日示例。大规模实验精度达到84.9%。
京公网安备 11010802027423号