Abstract:
As one of the most successful applications of blockchain technology, Ethereum smart contract has been widely integrated into programs and become a common implementation scheme for decentralized applications. However, smart contract suffers from security attacks since born because of its unique financial characteristics, and fresh attack forms continue to dribble out. State-of-art research works have proposed many effective mechanisms to detect vulnerabilities in smart contract, but they all have limitations in practical, such as design only for known vulnerabilities, need to modify the contract code, and the cost on-chain is too high. Because of the immutability of smart contract, these defense techniques which aim at specific vulnerabilities cannot fix the original contract, and as a result, they can hardly work on the new attack forms. To this end, we present a runtime information based upgradable defense system for Ethereum smart contract, which provides real-time data for the off-chain attack detection by collecting kinds of runtime information. At the same time, we design an access control mechanism deployed on smart contract, which restricts the access to the contract based on the dynamic detection result, so that we can secure the contract without modifying the code. Ethereum does not provide a mechanism to recognize and intercept real-time attack transactions, So we make use of race condition to enhance the defense on the real-time attack. The evaluation results show that out defense technology is extremely effective to prevent attacks, which can achieve 100% success rate for the follow-up attacks and achieve 97.5% success rate for the first attack detected by the use of race condition.