nach oben

Erschienen in:

2021 | OriginalPaper | Buchkapitel

Rectifying Administrated ERC20 Tokens

verfasst von : Nikolay Ivanov, Hanqing Guo, Qiben Yan

Erschienen in: Information and Communications Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

ERC20 token is the most popular type of Ethereum smart contract. The daily transaction volume of these tokens exceeds 100 billion dollars, which agitates the popular notions of “decentralized banking” and “tokenized economy”. Yet, it is a common misconception to assume that the decentralization of blockchain entails the decentralization of smart contracts deployed on this blockchain. In practice, the developers of smart contracts implement administrating patterns, such as censoring certain users, creating or destroying balances on demand, destroying smart contracts, or injecting arbitrary code. These routines, which are designed to tightly control the operation of these smart contracts, turn an ERC20 token into an administrated token—the type of Ethereum smart contract that we scrutinize in this research.

We discover that many smart contracts are administrated, which means that their owners solely possess an omnipotent power over these contracts. Moreover, the owners of these tokens carry lesser social and legal responsibilities compared to the traditional centralized actors that those tokens intend to disrupt. This entails two major problems: a) the owners of the tokens have the ability to quickly steal all the funds and disappear from the market; and b) if the private key of the owner’s account is stolen, all the assets might immediately turn into the property of the attacker. Therefore, the administrated ERC20 tokens are not only dissimilar to the traditional centralized asset management tools, such as banks, but they are also more vulnerable to adversarial actions by their owners or attackers. We develop a pattern recognition framework based on 9 syntactic features characterizing administrated ERC20 tokens, which we use to analyze existing smart contracts deployed on Ethereum Mainnet. Our analysis of 84,062 unique Ethereum smart contracts reveals that nearly 58% of them are administrated ERC20 tokens, which accounts for almost 90% of all ERC20 tokens deployed on Ethereum.

To protect users from the frivolousness of unregulated token owners without depriving the ability of these owners to properly manage their tokens, we introduce SafelyAdministrated—a library that enforces a responsible ownership and management of ERC20 tokens. The library introduces three mechanisms: deferred maintenance, board of trustees and safe pause. We implement and test SafelyAdministrated in the form of Solidity abstract contract, which is ready to be used by the next generation of safely administrated ERC20 tokens.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel The Golden Snitch: A Byzantine Fault Tolerant Protocol with Activity

Nächstes Kapitel Moat: Model Agnostic Defense against Targeted Poisoning Attacks in Federated Learning

The smart contracts deployed at 0xdf4df8ee1bd1c9f01e60ee15e4c2f7643b690699 and 0x5dc60c4d5e75d22588fa17ffeb90a63e535efce0 are two (out of many) examples of ownable non-administrated contracts.

A typical example of an effectively ungoverned token is the popular ChainLink Token deployed at 0x514910771AF9Ca656af840dff83E8264EcF986CA.

Each fungible token has the same value and does not possess any special characteristics compared with other tokens of the same type.

https://eips.ethereum.org/EIPS/eip-20.

The discovery of these patterns has been largely facilitated by a manual examination of approximately 3,800 source codes of smart contracts in the course of our previous research.

This opcode is formerly known as SUICIDE. In this context, the word “remove” means that the contract is no longer available for transactions; however the entire transaction history of the contract is still retained by the blockchain.

The smart contracts that include several files are represented as JSON arrays in our dataset. Preprocessing these arrays also includes an additional step of replacing the escaped characters, such as newlines and quotes, with their original ASCII codes.

https://etherscan.io/.

https://github.com/adrianlopezroche/fdupes.

Mythril. https://github.com/ConsenSys/mythril. Accessed 06 Jan 2020

OpenZeppelin ERC-20 Token Implementations. https://github.com/OpenZeppelin/openzeppelin-contracts/tree/master/contracts/token/ERC20. Accessed 12 Jan 2020

Openzeppelin contracts (2021). https://github.com/OpenZeppelin/openzeppelin-contracts

Antonopoulos, A.M., Wood, G.: Mastering Ethereum: Building Smart Contracts and DApps. O’Reilly Media (2018)

Brent, L., et al.: Vandal: a scalable security analysis framework for smart contracts. arXiv preprint arXiv:1809.03981 (2018)

Burt, J.E., Barber, G.M., Rigby, D.L.: Elementary Statistics for Geographers. Guilford Press (2009)

Chen, T., et al.: TokenScope: automatically detecting inconsistent behaviors of cryptocurrency tokens in Ethereum. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1503–1520 (2019)

Christodoulou, P., Christodoulou, K.: A decentralized voting mechanism: engaging ERC-20 token holders in decision-making. In: 2020 7th International Conference on Software Defined Systems (SDS), pp. 160–164. IEEE (2020)

Fenu, G., Marchesi, L., Marchesi, M., Tonelli, R.: The ICO phenomenon and its relationships with Ethereum smart contract environment. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), pp. 26–32. IEEE (2018)

10.

Ferreira Torres, C., Baden, M., Norvill, R., Fiz Pontiveros, B.B., Jonker, H., Mauw, S.: ÆGIS: shielding vulnerable smart contracts against attacks. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (2020)

11.

Griffin, J.M., Shams, A.: Is Bitcoin really untethered? J. Finan. 75(4), 1913–1964 (2020)CrossRef

12.

Ivanov, N., Lou, J., Chen, T., Li, J., Yan, Q.: Targeting the weakest link: social engineering attacks in Ethereum smart contracts. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, pp. 787–801 (2021)

13.

Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the CCS, pp. 254–269 (2016)

14.

Raman, A., Joglekar, S., Cristofaro, E.D., Sastry, N., Tyson, G.: Challenges in the decentralised web: the Mastodon case. In: Proceedings of the Internet Measurement Conference, pp. 217–229 (2019)

15.

Torres, C.F., Steichen, M., et al.: The art of the scam: demystifying honeypots in Ethereum smart contracts. In: 28th USENIX Security Symposium, USENIX Security 2019, pp. 1591–1607 (2019)

16.

Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., Vechev, M.: Securify: practical security analysis of smart contracts. In: Proceedings of the CCS (2018)

17.

Zhou, S., et al.: An ever-evolving game: evaluation of real-world attacks and defenses in Ethereum ecosystem. In: 29th USENIX Security Symposium, USENIX Security 2020, pp. 2793–2810 (2020)

Titel: Rectifying Administrated ERC20 Tokens
verfasst von: Nikolay Ivanov
Hanqing Guo
Qiben Yan
Verlag: Springer International Publishing
Buch: Information and Communications Security
Print ISBN: 978-3-030-86889-5

Electronic ISBN: 978-3-030-86890-1

Copyright-Jahr: 2021
DOI: https://doi.org/10.1007/978-3-030-86890-1_2

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner