No Place to Hide: An Efficient and Accurate Backdoor Detection Tool for Ethereum ERC-20 Smart Contracts
摘要
Ethereum ERC-20 smart contracts are now widely utilized in various domains for trust and transparent transaction process. However, ERC-20 contracts face significant security risks, particularly backdoors that can lead to severe incidents. In backdoor attacks, malicious actors can exploit these vulnerabilities to perform unauthorized transactions, steal funds, or manipulate token balances, resulting in substantial financial losses and damaging trust of blockchain system. This paper introduces MDetector, a tool for efficiently detecting backdoors in ERC-20 contracts through static analysis. Firstly, MDetector defines 9 basic and 3 complex types of backdoors, covering existing potential risks. Based on these definitions, MDetector runs corresponding detection logic via datalog analysis. Secondly, MDetector is compatible with Solidity versions 0.4 to 0.8.24 and can be deployed on Linux, Windows and Android. Thirdly, MDetector initiates a high-performance decompilation engine to disassemble and convert contract bytecode into intermediate code. The experimental results demonstrate its high precision and reliability, achieving an accuracy of 94.0% in an average of just 1.3 s. This represents a significant improvement over the most advanced scientific tools currently available, achieving approximately 1.55 \(\times \) greater accuracy and 6.17 \(\times \) faster processing speed.