Research And Application Of Token Identification Method On Ethereum

The field of blockchain and cryptocurrency has experienced tremendous growth in the past few years.Except for a small amount of native cryptocurrency as the property of the blockchain itself,most of the cryptocurrencies are deployed on the blockchain platform in the form of smart contracts.Moreover,Ethereum is the blockchain platform with the most cryptocurrency deployments.However,due to some problems in smart contracts and the token contract's non-compliance with ERC standards,many token misbehaviors have been caused,which has caused major security accidents and huge property losses to the blockchain platform and the cryptocurrency field.And because the accurate identification of the transfer behavior of tokens is important for detecting token misbehaviors,and the existing approaches either cannot obtain the real token transfer behaviors due to incorrect assumptions,or have high false positives and negatives due to a limited number of manually-defined patterns.To this end,this thesis proposes a method for automatically identifying token transfer operations,and implements the method using symbolic execution technology.At the same time,a large number of experiments have proved that this method can effectively and efficiently identify token transfer operations.This method first learns the access mode of the basic container,then collects the write mode of the storage,and analyzes the container composition of the write mode according to the access mode of the basic container,so as to obtain the suspicious token transfer pattern,and finally transfer the suspicious token transfer pattern Correlate with standard functions and standard events to determine the real token transfer pattern,which identifies the token transfer operation.This thesis uses symbolic execution technology to implement the method.In order to avoid the path explosion of symbolic execution and improve the efficiency of the method,this thesis designs inter-contract symbolic execution that restricts most codes to only run once.At the same time,in the implementation process of this thesis,it is found that some specific codes need to be run multiple times to ensure validity,so this thesis allows this part of the code to be executed repeatedly in symbolic execution.In order to prove the versatility of the method,this thesis applies the method to smart contracts written in two programming languages Solidity and Vyper,and three token standards ERC-20,ERC-721 and ERC-1155.A large number of experiments were carried out to evaluate the implementation of the method.The experimental results show that the method can accurately identify the transfer pattern of tokens and has good efficiency.The average time to analyze a smart contract is 0.56 seconds.In addition,ten token transfer patterns were discovered,six of which were previously undiscovered transfer patterns.Finally,in order to illustrate the important effect of the approach on the token misbehaviors,this thesis develops five vulnerability detection applications based on the approach of token transfer patterns,which are used to detect ”fake notification” vulnerabilities,”fake deposit” vulnerabilities,allowance inconsistency vulnerabilities,DEX incon-sistency and unauthorized token burning.