DeFort: Automatic Detection and Analysis of Price Manipulation Attacks in DeFi Applications
Although Decentralized Finance (DeFi) applications facilitate tamper-proof transactions among multiple anonymous users, since attackers can access the smart contract bytecode directly, vulnerabilities in the transaction mechanism, contract code, or third-party components can be easily exploited to manipulate token prices, leading to financial losses. Since price manipulation often relies on specific states and complex trading sequences, existing detection tools have limitations in addressing this problem. In addition, to swiftly identify the root cause of an attack and implement targeted defense and remediation measures, auditors typically prioritize understanding the methodology behind the attack, emphasizing 'how' it occurred rather than simply confirming its existence. To address these problems, this paper presents a novel automatic price manipulation detection and analysis framework, named DeFort, which contains a price manipulation behavior model to guide on-chain detection, multiple price monitoring strategies to detect pools with abnormal token prices, and various profit calculation mechanisms to confirm attacks. Based on behavioral models, DeFort can automatically locate transactions and functions that cause abnormal price fluctuations and identify attackers and victims. Experimental results demonstrate that DeFort can outperform state-of-the-art price manipulation detection methods. Furthermore, after monitoring 441 real-world projects for two months, DeFort successfully detected five price manipulation attacks.
Thu 19 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 11:50 | BlockchainTechnical Papers at EI 3 Sahulka Chair(s): Konstantinos (Kostis) Sagonas Uppsala University and Nat. Tech. Univ. of Athens | ||
10:30 20mTalk | DAppFL: Just-in-Time Fault Localization for Decentralized Applications in Web3 Technical Papers Zhiying Wu Sun Yat-sen University, Jiajing Wu Sun Yat-sen University, Hui Zhang Sun Yat-sen University, Ziwei Li Sun Yat-sen University, Jiachi Chen Sun Yat-sen University, Zibin Zheng Sun Yat-sen University, Qing Xia Institute of Software at Chinese Academy of Sciences, Gang Fan Ant Group, Yi Zhen Independent DOI | ||
10:50 20mTalk | LENT-SSE: Leveraging Executed and Near Transactions for Speculative Symbolic Execution of Smart Contracts Technical Papers Peilin Zheng Sun Yat-sen University, Bowei Su Sun Yat-sen University, Xiapu Luo Hong Kong Polytechnic University, Ting Chen University of Electronic Science and Technology of China, Neng Zhang Sun Yat-sen University, Zibin Zheng Sun Yat-sen University DOI File Attached | ||
11:10 20mTalk | Following the “Thread”: Toward Finding Manipulatable Bottlenecks in Blockchain Clients Technical Papers Shuohan Wu Hong Kong Polytechnic University, Zihao Li Hong Kong Polytechnic University, Hao Zhou Hong Kong Polytechnic University, Xiapu Luo Hong Kong Polytechnic University, Jianfeng Li Xi’an Jiaotong University, Haoyu Wang Huazhong University of Science and Technology DOI | ||
11:30 20mTalk | DeFort: Automatic Detection and Analysis of Price Manipulation Attacks in DeFi Applications Technical Papers Maoyi Xie Nanyang Technological University, Ming Hu Nanyang Technological University, Ziqiao Kong Nanyang Technological University, Cen Zhang Nanyang Technological University, Yebo Feng Nanyang Technological University, Haijun Wang Xi’an Jiaotong University, Yue Xue MetaTrust Labs, Hao Zhang MetaTrust Labs, Ye Liu Nanyang Technological University, Yang Liu Nanyang Technological University DOI |