Go to OpenReview Archive homepageDemystifying Invariant Effectiveness for Securing Smart Contracts
Abstract: Smart contract transactions associated with security attacks often exhibit distinct behavioral patterns compared
with historical benign transactions before the attacking events. While many runtime monitoring and guarding
mechanisms have been proposed to validate invariants and stop anomalous transactions on the fly, the empirical
effectiveness of the invariants used remains largely unexplored. In this paper, we studied 23 prevalent invariants
of 8 categories, which are either deployed in high-profile protocols or endorsed by leading auditing firms and
security experts. Using these well-established invariants as templates, we developed a tool Trace2Inv which
dynamically generates new invariants customized for a given contract based on its historical transaction
data. We evaluated Trace2Inv on 42 smart contracts that fell victim to 27 distinct exploits on the Ethereum
blockchain. Our findings reveal that the most effective invariant guard alone can successfully block 18 of
the 27 identified exploits with minimal gas overhead. Our analysis also shows that most of the invariants
remain effective even when the experienced attackers attempt to bypass them. Additionally, we studied the
possibility of combining multiple invariant guards, resulting in blocking up to 23 of the 27 benchmark exploits
and achieving false positive rates as low as 0.28%. Trace2Inv significantly outperforms state-of-the-art works
on smart contract invariant mining and transaction attack detection in accuracy. Trace2Inv also surprisingly
found two previously unreported exploit transactions.
Loading