HighGuard: Cross-Chain Business Logic Monitoring of Smart Contracts
Authors: 
Mojtaba Eshghie, Cyrille Artho, Hans Stammler, Wolfgang Ahrendt, Thomas Hildebrandt, Gerardo SchneiderAuthors Info & Claims
Abstract
Logical flaws in smart contracts are often exploited, leading to significant financial losses. Our tool, HighGuard, detects transactions that violate business logic specifications of smart contracts. HighGuard employs dynamic condition response (DCR) graph models as formal specifications to verify contract execution against these models. It is capable of operating in a cross-chain environment for detecting business logic flaws across different blockchain platforms. We demonstrate HighGuard's effectiveness in identifying deviations from specified behaviors in smart contracts without requiring code instrumentation or incurring additional gas costs. By using precise specifications in the monitor, HighGuard achieves detection without false positives. Our evaluation, involving 54 exploits, confirms HighGuard's effectiveness in detecting business logic vulnerabilities.
Our open-source implementation of HighGuard and a screencast of its usage are available at: https://github.com/mojtaba-eshghie/HighGuard
https://www.youtube.com/watch?v=sZYVV-slDaY
References
[1]
2022. Forta Litepaper. https://docs.forta.network/en/latest/2022-7-11%20Forta%20Litepaper.pdf
[2]
2023. Introduction | Scribble. https://docs.scribble.codes
[3]
2023. ntu-SRSLab/vultron. https://github.com/ntu-SRSLab/vultron original-date: 2018-11-30T05:36:03Z.
[4]
2023. Solidity documentation. https://docs.soliditylang.org/en/latest/
[5]
2024. Avalanche-CLI | Avalanche Dev Docs. https://docs.avax.network/tooling/avalanche-cli
[6]
2024. Consensys/scribble. https://github.com/Consensys/scribble original-date: 2020-12-04T17:43:07Z.
[7]
2024. Defender - OpenZeppelin Docs. https://docs.openzeppelin.com/defender/v2/
[8]
2024. Foundry Book. https://book.getfoundry.sh/reference/anvil/
[9]
2024. HAL Streams Overview. https://docs.hal.xyz/docs/overview
[10]
2024. Monitor - OpenZeppelin Docs. https://docs.openzeppelin.com/defender/v2/module/monitor
[11]
2024. Network Overview - Forta Docs. https://docs.forta.network/en/latest/network-overview/
[12]
2024. SunWeb3Sec/DeFiHackLabs: Reproduce DeFi Hacked Incidents Using Foundry. https://github.com/SunWeb3Sec/DeFiHackLabs
[13]
André Augusto, Rafael Belchior, Miguel Correia, André Vasconcelos, Luyao Zhang, and Thomas Hardjono. 2024. SoK: Security and Privacy of Blockchain Interoperability [Extended Version].
[14]
Vitalik Buterin. 2016. Chain interoperability. R3 research paper 9 (2016), 1--25. https://allquantor.at/blockchainbib/pdf/buterin2016chain.pdf
[15]
Margarita Capretto, Martin Ceresa, and César Sánchez. 2022. Transaction Monitoring of Smart Contracts. In Runtime Verification (Lecture Notes in Computer Science), Thao Dang and Volker Stolz (Eds.). Springer International Publishing, Cham, 162--180.
[16]
Stefanos Chaliasos, Marcos Antonios Charalambous, Liyi Zhou, Rafaila Galanopoulou, Arthur Gervais, Dimitris Mitropoulos, and Ben Livshits. 2023. Smart Contract and DeFi Security: Insights from Tool Evaluations and Practitioner Surveys. arXiv:2304.02981 [cs]
[17]
Yi Ding, Chenshuo Wang, Qionghui Zhong, Haisheng Li, Jinjing Tan, and Jie Li. 2020. Function-Level Dynamic Monitoring and Analysis System for Smart Contract. IEEE Access 8 (2020), 229161--229172. Conference Name: IEEE Access.
[18]
Joshua Ellul and Gordon J. Pace. 2018. Runtime Verification of Ethereum Smart Contracts. In 2018 14th European Dependable Computing Conference (EDCC). 158--163.
[19]
Mojtaba Eshghie. 2024. Mojtaba-Eshghie/Dynamit. https://github.com/mojtaba-eshghie/Dynamit
[20]
Mojtaba Eshghie, Wolfgang Ahrendt, Cyrille Artho, Thomas Troels Hildebrandt, and Gerardo Schneider. 2023. Capturing Smart Contract Design with DCR Graphs. arXiv:2305.04581 [cs].
[21]
Mojtaba Eshghie, Cyrille Artho, and Dilian Gurov. 2021. Dynamic Vulnerability Detection on Smart Contracts Using Machine Learning. In EASE 2021. ACM, 305--312.
[22]
Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: a static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE, 8--15.
[23]
Josselin Feist, Gustavo Grieco, and Alex Groce. 2023. Slither Analyzer. https://github.com/crytic/slither original-date:2018-09-05T21:56:35Z.
[24]
Ritam Ganguly, Yingjie Xue, Aaron Jonckheere, Parker Ljung, Benjamin Schornstein, Borzoo Bonakdarpour, and Maurice Herlihy. 2022. Distributed Runtime Verification of Metric Temporal Properties for Cross-Chain Protocols. In 2022 IEEE 42nd International Conference on Distributed Computing Systems (ICDCS). 23--33. ISSN: 2575-8411.
[25]
gordonpace. 2024. gordonpace/contractLarva. https://github.com/gordonpace/contractLarva original-date: 2017-12-14T19:27:41Z.
[26]
Thomas T. Hildebrandt, Håkon Normann, Morten Marquard, Søren Debois, and Tijs Slaats. 2022. Decision Modelling in Timed Dynamic Condition Response Graphs with Data. In Business Process Management Workshops. Springer, Cham, 362--374.
[27]
Ao Li. 2024. aoli-al/Solythesis. https://github.com/aoli-al/Solythesis original-date: 2019-04-05T01:29:12Z.
[28]
Ao Li, Jemin Andrew Choi, and Fan Long. 2020. Securing smart contract with runtime validation. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2020). Association for Computing Machinery, New York, NY, USA, 438--453.
[29]
Wei Ou, Shiying Huang, Jingjing Zheng, Qionglu Zhang, Guang Zeng, and Wenbao Han. 2022. An overview on cross-chain: Mechanism, platforms, challenges and advances. Computer Networks 218 (2022), 109378.
[30]
R. K. Shyamasundar. 2022. A Framework of Runtime Monitoring for Correct Execution of Smart Contracts. In Blockchain - ICBC 2022 (Lecture Notes in Computer Science), Shiping Chen, Rudrapatna K. Shyamasundar, and Liang-Jie Zhang (Eds.). Springer Nature Switzerland, Cham, 92--116.
[31]
Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko, and Yaroslav Alexandrov. 2018. Smart-Check: Static Analysis of Ethereum Smart Contracts.
[32]
Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Bünzli, and Martin Vechev. 2018. Securify: Practical Security Analysis of Smart Contracts. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS '18). Association for Computing Machinery, New York, NY, USA, 67--82.
[33]
Haijun Wang, Ye Liu, Yi Li, Shang-Wei Lin, Cyrille Artho, Lei Ma, and Yang Liu. 2022. Oracle-Supported Dynamic Exploit Generation for Smart Contracts. IEEE Transactions on Dependable and Secure Computing 19, 3 (2022), 1795--1809. Conference Name: IEEE Transactions on Dependable and Secure Computing.
[34]
Xscope-Tool. 2024. Xscope-Tool/Results. https://github.com/Xscope-Tool/Results original-date: 2022-05-23T02:19:43Z.
[35]
Jiashuo Zhang, Jianbo Gao, Yue Li, Ziming Chen, Zhi Guan, and Zhong Chen. 2023. Xscope: Hunting for Cross-Chain Bridge Attacks. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE '22). Association for Computing Machinery, New York, NY, USA, 1--4.
Index Terms
- HighGuard: Cross-Chain Business Logic Monitoring of Smart Contracts
Recommendations
Formal Modeling and Verification of Smart Contracts
ICSCA '18: Proceedings of the 2018 7th International Conference on Software and Computer ApplicationsSmart contracts can automatically perform the contract terms according to the received information, and it is one of the most important research fields in digital society. The core of smart contracts is algorithm contract, that is, the parties reach an ...
Security Vulnerabilities in Ethereum Smart Contracts
iiWAS2018: Proceedings of the 20th International Conference on Information Integration and Web-based Applications & ServicesSmart contracts (SC) are one of the most appealing features of blockchain technologies facilitating, executing, and enforcing predefined terms of coded contracts without intermediaries. The steady adoption of smart contracts on the Ethereum blockchain ...
Blockchain smart contracts formalization: Approaches and challenges to address vulnerabilities
Highlights- Blockchain smart contracts formalization.
- Vulnerability aspects of smart ...
AbstractBlockchain as a distributed computing platform enables users to deploy pieces of software (known as smart contracts) for a wealth of next-generation decentralized applications without involving a trusted third-party. The advantages of ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
October 2024
2587 pages
ISBN:9798400712487
DOI:10.1145/3691620
- General Chair:
- Vladimir Filkov,
- Program Co-chairs:
- Baishakhi Ray,
- Minghui Zhou
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 27 October 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
ASE '24: 39th IEEE/ACM International Conference on Automated Software Engineering
October 27 - November 1, 2024
CA, Sacramento, USA
Acceptance Rates
Overall Acceptance Rate 82 of 337 submissions, 24%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 67Total Downloads
- Downloads (Last 12 months)67
- Downloads (Last 6 weeks)48
Reflects downloads up to 18 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in