Use Your Spell Against You: Threat Prevention of Smart Contract Exploit By Reusing Opcode Trace

With the increasing number of attacks on decentralized finance (DeFi) protocols, the losses caused by DeFi attacks have become a significant concern. To protect the security of DeFi protocols, contract code audits have gained attention in the industry. However, hundreds of cases still exist where these audited projects are attacked. Since traditional code-centric approaches are not enough to fully address these threats, we argue that proactive threat prevention is needed to block attacks and recover losses when an attack occurs. Our method takes advantage of the time difference between the attack transaction broadcasting and confirming. Specifically, we can automatically reconstruct the attack contract and broadcast a block transaction to front-run the attack transaction. The reconstructed contract can preserve the original attack logic while bypassing access control and replacing the revenue address. We have developed a system called IRONDOME by solving multiple technical challenges. The evaluation of historical attacks shows that our system can block 78 DeFi attack incidents in their corresponding chain state, including 31 incidents with anti-front-running strategies. The real deployment of our system has successfully blocked multiple attacks on Ethereum and BNB and saved more than 10 million USD assets of users in the past year for ten DeFi protocols. By: Yajin Zhou | Professor; CEO, Zhejiang University; BlockSec Full Abstract and Presentation Materials: https://ift.tt/1bZz7JR

source https://www.youtube.com/watch?v=Gqxc9zf0OZY