Demystifying and Detecting Cryptographic Defects in Ethereum Smart Contracts

doi:10.1109/ICSE55347.2025.00010

科研成果详情

题名	Demystifying and Detecting Cryptographic Defects in Ethereum Smart Contracts
作者	Zhang，Jiashuo 1; Shen，Yiming 2; Chen，Jiachi 2; Su，Jianzhong 2; Wang，Yanlin 2; Chen，Ting 3; Gao，Jianbo 4; Chen，Zhong 1
发表日期	2025
会议名称	47th IEEE/ACM International Conference on Software Engineering, ICSE 2025
会议录名称	Proceedings - International Conference on Software Engineering
ISSN	0270-5257
页码	3009-3021
会议日期	2025-04-27——2025-04-27
会议地点	can,Ottawa
摘要	Ethereum has officially provided a set of system-level cryptographic APIs to enhance smart contracts with cryptographic capabilities. These APIs have been utilized in over 10% of Ethereum transactions, motivating developers to implement various on-chain cryptographic tasks, such as digital signatures. However, since developers may not always be cryptographic experts, their ad-hoc and potentially defective implementations could compromise the theoretical guarantees of cryptography, leading to real-world security issues. To mitigate this threat, we conducted the first study aimed at demystifying and detecting cryptographic defects in smart contracts. Through the analysis of 2,406 real-world security reports, we defined nine types of cryptographic defects in smart contracts with detailed descriptions and practical detection patterns. Based on this categorization, we proposed Crysol, a fuzzing-based tool to automate the detection of cryptographic defects in smart contracts. It combines transaction replaying and dynamic taint analysis to extract fine-grained crypto-related semantics and employs crypto-specific strategies to guide the test case generation process. Furthermore, we collected a large-scale dataset containing 25,745 real-world crypto-related smart contracts and evaluated CRYSOL's effectiveness on it. The result demonstrated that CRySOL achieves an overall precision of 95.4% and a recall of 91.2%. Notably, CRySOL revealed that 5,847 (22.7%) out of 25,745 smart contracts contain at least one crvptographic defect' hiahlighting the prevalence of these defects.
关键词	cryptography defects detection Ethereum smart contracts
DOI	10.1109/ICSE55347.2025.00010
URL	查看来源
语种	英语English
Scopus入藏号	2-s2.0-105010334937
引用统计
文献类型	会议论文
条目标识符	https://repository.uic.edu.cn/handle/39GCC9TT/13437
专题	个人在本单位外知识产出
通讯作者	Chen，Jiachi; Chen，Zhong
作者单位	1.Peking University,School of Computer Science,Beijing,China 2.Sun Yat-sen University,Zhuhai,China 3.University of Electronic Science and Technology of China,Chengdu,China 4.Beijing Jiaotong University,Beijing Key Laboratory of Security and Privacy in Intelligent Transportation,Beijing,China
推荐引用方式 GB/T 7714	Zhang，Jiashuo,Shen，Yiming,Chen，Jiachiet al. Demystifying and Detecting Cryptographic Defects in Ethereum Smart Contracts[C], 2025: 3009-3021.