Beyond “Protected” and “Private”: An Empirical Security Analysis of Custom Function Modifiers in Smart Contracts
A smart contract is a piece of application-layer code running on blockchain ledgers and it provides programmatic logic via transaction-based execution of pre-defined functions. Smart contract functions are by default invokable by any party. To safeguard them, the mainstream smart contract language, i.e., Solidity of the popular Ethereum blockchain, proposed a unique language-level keyword called “modifier,” which allows developers to define custom function access control policies beyond the traditional “protected” and “private” modifiers in classic programming languages.
In this paper, we aim to conduct a large-scale security analysis of the modifiers used in real-world Ethereum smart contracts. To achieve this, we design and implement a novel smart contract analysis tool called SoMo. Its main objective is to identify insecure modifiers that can be bypassed from one or more unprotected smart contract functions. This is challenging because of the complicated relationship between modifiers and their variables/functions and the ambiguity of attacker-accessible entry functions. To overcome them, we first propose a new structure, the Modifier Dependency Graph (MDG), to connect all the modifier-related control/data flows. Over MDGs, we then model system variables, generate symbolic path constraints, and iteratively test each candidate entry function. Our extensive evaluation shows that SoMo outperforms the state-of-the-art SPCon tool by detecting all its true positives and correctly avoiding 9 out of 11 false positives. It also achieves high precision of 91.2% when analyzing a large dataset of 62,464 contracts, over 400 of which were identified with bypassable modifiers. Our analysis further reveals three interesting security findings about modifiers and nine major types of modifier usage in the wild. SoMo has been integrated into an online security scanning service, MetaScan.
Wed 19 JulDisplayed time zone: Pacific Time (US & Canada) change
15:30 - 17:00 | ISSTA Online 6: Smart Contracts and AutomotiveTechnical Papers at Bezos Seminar Room (Gates G04) Chair(s): Alex Groce Northern Arizona University | ||
15:30 10mTalk | SmartState: Detecting State-Reverting Vulnerabilities in Smart Contracts via Fine-Grained State-Dependency Analysis Technical Papers Zeqin Liao Sun Yat-sen University, Sicheng Hao Sun Yat-sen University, Yuhong Nan Sun Yat-sen University, Zibin Zheng Sun Yat-sen University DOI | ||
15:40 10mTalk | DeFiTainter: Detecting Price Manipulation Vulnerabilities in DeFi Protocols Technical Papers Queping Kong Sun Yat-sen University, Jiachi Chen Sun Yat-sen University, Yanlin Wang Sun Yat-sen University, Zigui Jiang Sun Yat-sen University, Zibin Zheng Sun Yat-sen University DOI | ||
15:50 10mTalk | Beyond “Protected” and “Private”: An Empirical Security Analysis of Custom Function Modifiers in Smart Contracts Technical Papers Yuzhou Fang Hong Kong University of Science and Technology, Daoyuan Wu Chinese University of Hong Kong, Xiao Yi Chinese University of Hong Kong, Shuai Wang Hong Kong University of Science and Technology, Yufan Chen Xidian University, Mengjie Chen Mask Network, Yang Liu Nanyang Technological University, Lingxiao Jiang Singapore Management University DOI | ||
16:00 10mTalk | Testing Automated Driving Systems by Breaking Many Laws Efficiently Technical Papers Xiaodong Zhang Xidian University, Zhao Wei Tencent, Yang Sun Singapore Management University, Jun Sun Singapore Management University, Yulong Shen Xidian University, Xuewen Dong Xidian University, Zijiang Yang GuardStrike DOI | ||
16:10 10mTalk | Simulation-Based Validation for Autonomous Driving Systems Technical Papers Changwen Li Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Joseph Sifakis University Grenoble Alpes; CNRS; Grenoble INP; VERIMAG, Qiang Wang Academy of Military Sciences, Rongjie Yan Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Jian Zhang Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences DOI | ||
16:20 10mTalk | Data Constraint Mining for Automatic Reconciliation Scripts Generation Technical Papers Tianxiao Wang Zhejiang University; Alibaba-Zhejiang University Joint Institute of Frontier Technologies, Chen Zhi Zhejiang University; Alibaba-Zhejiang University Joint Institute of Frontier Technologies, Xiaoqun Zhou Alibaba Group, Jinjie Wu Alibaba Group, Jianwei Yin Zhejiang University, Shuiguang Deng Zhejiang University; Alibaba-Zhejiang University Joint Institute of Frontier Technologies DOI |