Rui Xi, Zehua Wang, and Karthik Pattabiraman, To appear in the Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2024. (Acceptance Rate: 17.8%) [ PDF | Talk] (Code)
Abstract: Price Oracle Manipulation Attacks (POMAs) are increasingly occurring in blockchain systems, and result in significant financial loss. Prior work on detecting POMAs only considers single-transaction attacks, in which the entire attack is contained within a single transaction. We systematically study POMAs in blockchain systems (Ethereum). We find that POMAs that span multiple transactions have become much more frequent than single-transaction POMAs. Thus, there is a compelling need for a framework that can detect POMAs spanning multiple transactions. Moreover, there is a need to come up with generic rules for detecting POMAs rather than rely on past attack patterns like prior work has done. We first devise first-principle rules for detecting POMAs based on traditional stock market manipulation attacks. We then propose POMABuster, which leverages these rules to detect POMAs spanning both single and multiple transactions. POMABuster leverages common characteristics of POMA attackers’ behavior to optimize its detection. We evaluate POMABuster on 2.5 years’ worth of transactions from the blockchain, as well as a dataset compiled from the Code4rena audit reports. Our results demonstrate that POMABuster detects nearly 6.5X more POMAs than prior work. Further, POMABuster has a 1% worst-case false positive rate, and zero false negative rate, both of which significantly outperform prior work.
-
Recent Papers
- POMABuster: Detecting Price Oracle Manipulation Attacks in Decentralized Finance
- Systematically Assessing the Security Risks of AI/ML-enabled Connected Healthcare Systems
- ImmunoPlane: Middleware for Providing Adaptivity to Distributed Internet-of-Things Applications
- Diagnosis-guided Attack Recovery for Securing Robotic Vehicles from Sensor Deception Attacks
- Overconfidence is a Dangerous Thing: Mitigating Membership Inference Attacks by Enforcing Less Confident Prediction
- Characterizing and Improving Resilience of Accelerators to Memory Errors in Autonomous Robots
- EdgeEngine: A Thermal-Aware Optimization Framework for Edge Inference
- Evaluating the Effect of Common Annotation Faults on Object Detection Techniques
- Resilience Assessment of Large Language Models under Transient Hardware Faults
- Mixed Precision Support in HPC Applications: What About Reliability?
Pages