ExGen: Cross-platform, Automated Exploit Generation for Smart Contract VulnerabilitiesDownload PDFOpen Website

Ling Jin, Yinzhi Cao, Yan Chen, Di Zhang, Simone Campanoni

Published: 01 Jan 2023, Last Modified: 28 Sept 2023IEEE Trans. Dependable Secur. Comput. 2023Readers: Everyone
Abstract: Smart contracts, just like other computer programs, are prone to a variety of vulnerabilities, which lead to severe consequences including massive token and coin losses. Prior works have explored automated exploit generation for vulnerable Ethereum contracts. However, the scopes of prior works are limited in both vulnerability types and contract platforms. In this paper, we propose a cross-platform framework, called <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">ExGen</small> , to generate multiple transactions as exploits to given vulnerable smart contracts. <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">ExGen</small> first translates either Ethereum or EOS contracts to an intermediate representation (IR). Then, <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">ExGen</small> generates symbolic attack contracts with transactions in a partial order and then symbolically executes the attack contracts together with the target to find and solve all the constraints. Lastly, <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">ExGen</small> concretizes all the symbols, generates attack contracts with multiple transactions, and verifies the generated contracts’ exploitability on a private chain with values crawled from the public chain. We implemented a prototype of <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">ExGen</small> and evaluated it on Ethereum and EOS benchmarks. <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">ExGen</small> successfully exploits 1,258/1,399 (89.9%) Ethereum and 126/130 (96.9%) EOS vulnerabilities. <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">ExGen</small> is also able to exploit zero-day vulnerabilities on EOS.
0 Replies