Characterizing Ethereum Upgradable Smart Contracts and Their Security Implications

Xiaofan Li, Jin Yang, Jiaqi Chen, Yuzhe Tang, Xing Gao

Research output: Chapter in Book/Entry/PoemConference contribution

1 Scopus citations

Abstract

Upgradeable smart contracts (USCs) have been widely adopted to enable modifying deployed smart contracts. While USCs bring great flexibility to developers, improper usage might introduce new security issues, potentially allowing attackers to hijack USCs and their users. In this paper, we conduct a large-scale measurement study to characterize USCs and their security implications in the wild. We summarize six commonly used USC patterns and develop a tool, USCDetector, to identify USCs without needing source code. Particularly, USCDetector collects various information such as bytecode and transaction information to construct upgrade chains for USCs and disclose potentially vulnerable ones. We evaluate USCDetector using verified smart contracts (i.e., with source code) as ground truth and show that USCDetector can achieve high accuracy with a precision of 96.26%. We then use USCDetector to conduct a large-scale study on Ethereum, covering a total of 60,251,064 smart contracts. USCDetecor constructs 10,218 upgrade chains and discloses multiple real-world USCs with potential security issues.

Original languageEnglish (US)
Title of host publicationWWW 2024 - Proceedings of the ACM Web Conference
PublisherAssociation for Computing Machinery, Inc
Pages1847-1858
Number of pages12
ISBN (Electronic)9798400701719
DOIs
StatePublished - May 13 2024
Event33rd ACM Web Conference, WWW 2024 - Singapore, Singapore
Duration: May 13 2024May 17 2024

Publication series

NameWWW 2024 - Proceedings of the ACM Web Conference

Conference

Conference33rd ACM Web Conference, WWW 2024
Country/TerritorySingapore
CitySingapore
Period5/13/245/17/24

Keywords

  • ethereum
  • security
  • upgradable smart contracts

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software

Fingerprint

Dive into the research topics of 'Characterizing Ethereum Upgradable Smart Contracts and Their Security Implications'. Together they form a unique fingerprint.

Cite this