Modern blockchains, such as Ethereum, enable the execution of so-called smart contracts - programs that are executed across the decentralised blockchain network. As smart contracts become more popular and carry more value, they become more of an interesting target for attackers. In the past few years, several smart contracts have been found to be vulnerable and thus exploited by attackers. However, a new trend towards a more proactive approach seems to be on the rise where attackers do not search for vulnerable contracts anymore. Instead, they try to lure their victims into traps by deploying vulnerable-looking contracts that contain hidden traps. This type of contracts is commonly referred to as honeypots. In this paper, we present the first systematic analysis of honeypots, by investigating their prevalence, behaviour and impact on the Ethereum blockchain. We develop a taxonomy of honeypot techniques and use this to build HONEYBADGER - a tool that employs symbolic execution and well defined heuristics to expose smart contract honeypots. We perform a large-scale analysis of more than 2 million smart contracts and show that our tool not only achieves high precision, but also high scalability. We identify 690 honeypots as well as 240 victims in the wild, with an accumulated profit of more than $90,000 for the honeypot creators. Our manual validation shows that 87% of the reported contracts are indeed honeypots.
翻译:现代链条,如Etheyum, 能够执行所谓的智能合同 — — 在整个分散化的连锁网中执行的方案。随着智能合同越来越受欢迎,并具有更大的价值,它们成为攻击者的有趣目标。在过去几年中,发现一些智能合同很脆弱,因此被攻击者利用。然而,在攻击者不再寻求脆弱合同的情况下,似乎出现了一种更加主动的办法的新趋势。相反,他们试图通过部署含有隐藏陷阱的脆弱看起来合同来诱骗受害者进入陷阱。这类合同通常被称为蜂蜜罐。在本文中,我们通过调查蜂蜜罐的流行程度、行为和对Eteenum连锁的影响,对蜂蜜罐进行首次系统分析。我们开发了蜂蜜罐技术的分类,并用它来建立HONEYBADGER(一种工具,使用象征性的执行和定义精密的超导力来暴露智能合同的蜂蜜罐。我们对200多万个智能合同进行了大规模分析,并表明我们的工具不仅达到高度精确性,而且还显示我们的工具不仅达到高精确度,而且还通过调查对蜂窝链链链链链链链的影响。 我们确认了890的蜂蜜价值,40的收益价值为40的收益。