- 學位論文
Etherspect: 用於探索所有以太坊代理合約的自動化可擴展智慧合約分析平臺
Etherspect: An Automated and Scalable Smart Contract Analysis Platform for Discovering All Proxy Contracts in Ethereum
摘要
以太坊智慧合約的代理設計模式將合約狀態和程式碼邏輯分別解耦至代理合約和邏輯合約中,為之引入了程式碼更新機制、功能重用和程式碼模組化。然而,這種靈活的設計模式也引入了新的安全風險,即函數名稱衝突和儲存位置衝突。面對現實世界中已造成數百萬美元損失的攻擊,業界和學術界對這些問題進行了研究並尋求解決方案。然而,現有研究或涵蓋不足,或依賴原始碼與區塊鏈歷史,未能全面了解以太坊上的代理合約和衝突問題。 為填補此研究缺口,我們提出了涵蓋以太坊「所有」代理合約進行全面研究的方法。我們發現現今缺乏易用且高效的解決方案來評估大型的智慧合約資料集。現有的方法或未能適當處理資料集以進行大規模分析,或無法在分散式計算環境中擴展,或未能妥善管理複雜的分析程序。 為提高效率,我們開發了 Etherspect,一個自動化且可擴展的智能合約分析平台,不僅用於分析代理合約,還能執行一般的智慧合約分析工具。Etherspect 在效率、擴展性和自動化方面表現優越。藉由 Etherspect 的預處理資料集和可擴展的依賴關係感知分析工具排程器,對所有以太坊代理合約進行的複雜大規模分析預計將從 2,228 天縮短至 25 天。最終,Etherspect 分析了 3700 萬個乙太坊智慧合約,發現了 2000 萬個代理合約、150 萬個函數名稱衝突和 2.5 萬個儲存位置衝突。
並列摘要
This flexible pattern introduces new security risks, namely function collisions and storage collisions. In the presence of real-world attacks with millions of dollars worth of loss, the industry and the academy have studied the issues and searched for solutions. However, previous research either lacks enough coverage or relies on source code or past transactions, failing to understand all proxy contracts and collision issues comprehensively. To address the gap, we proposed a complete study of all proxy contracts in Ethereum. Simultaneously, we found the lack of a user-friendly and efficient solution to evaluate large smart contract datasets. Current solutions either do not properly tailor datasets for large-scale analysis, do not scale out in a distributed computing environment, or do not manage complex analysis procedures appropriately. For efficiency, we built Etherspect, an automated and scalable smart contract analysis platform, for not only analyzing proxy contracts but also executing general smart contract analyzers. Etherspect is shown to excel in efficiency, extensibility, and automation. With Etherspect's preprocessed dataset and scalable dependency-aware analyzer scheduler, a complicated large-scale analysis to discover and analyze all Ethereum proxy contracts is estimated to reduce from 2,228 days to 25 days, finally analyzing 37M Ethereum smart contracts, identifying 20M proxy contracts, 1.5M function collisions and 25k storage collisions.