JANUS: A Difference-Oriented Analyzer For Financial Centralization Risks in Smart Contracts
Some smart contracts violate decentralization principles by defining privileged accounts that manage other users' assets without permission, introducing centralization risks that have caused financial losses. Existing methods, however, face challenges in accurately detecting diverse centralizat...
Gespeichert in:
| Hauptverfasser: | , , , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Wang, Wansen Zhang, Pu Ji, Renjie Huang, Wenchao Meng, Zhaoyi Xiong, Yan |
| description | Some smart contracts violate decentralization principles by defining
privileged accounts that manage other users' assets without permission,
introducing centralization risks that have caused financial losses. Existing
methods, however, face challenges in accurately detecting diverse
centralization risks due to their dependence on predefined behavior patterns.
In this paper, we propose JANUS, an automated analyzer for Solidity smart
contracts that detects financial centralization risks independently of their
specific behaviors. JANUS identifies differences between states reached by
privileged and ordinary accounts, and analyzes whether these differences are
finance-related. Focusing on the impact of risks rather than behaviors, JANUS
achieves improved accuracy compared to existing tools and can uncover
centralization risks with unknown patterns.
To evaluate JANUS's performance, we compare it with other tools using a
dataset of 540 contracts. Our evaluation demonstrates that JANUS outperforms
representative tools in terms of detection accuracy for financial
centralization risks . Additionally, we evaluate JANUS on a real-world dataset
of 33,151 contracts, successfully identifying two types of risks that other
tools fail to detect. We also prove that the state traversal method and
variable summaries, which are used in JANUS to reduce the number of states to
be compared, do not introduce false alarms or omissions in detection. |
| doi_str_mv | 10.48550/arxiv.2412.03938 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2412_03938</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2412_03938</sourcerecordid><originalsourceid>FETCH-arxiv_primary_2412_039383</originalsourceid><addsrcrecordid>eNpjYJA0NNAzsTA1NdBPLKrILNMzMjE00jMwtjS24GSI9nL0Cw22UnBUcMlMS0stSs1LTtX1L8pMzStJTVFwzEvMqaxKLVJwywfizLzEvOTMxBwFZ6BsUWJOZlViSWZ-nkJQZnF2sUJmnkJwbmJRiYJzPkg2uaSYh4E1LTGnOJUXSnMzyLu5hjh76IKdEV9QlAlUXxkPck482DnGhFUAAFnmP9E</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>JANUS: A Difference-Oriented Analyzer For Financial Centralization Risks in Smart Contracts</title><source>arXiv.org</source><creator>Wang, Wansen ; Zhang, Pu ; Ji, Renjie ; Huang, Wenchao ; Meng, Zhaoyi ; Xiong, Yan</creator><creatorcontrib>Wang, Wansen ; Zhang, Pu ; Ji, Renjie ; Huang, Wenchao ; Meng, Zhaoyi ; Xiong, Yan</creatorcontrib><description>Some smart contracts violate decentralization principles by defining
privileged accounts that manage other users' assets without permission,
introducing centralization risks that have caused financial losses. Existing
methods, however, face challenges in accurately detecting diverse
centralization risks due to their dependence on predefined behavior patterns.
In this paper, we propose JANUS, an automated analyzer for Solidity smart
contracts that detects financial centralization risks independently of their
specific behaviors. JANUS identifies differences between states reached by
privileged and ordinary accounts, and analyzes whether these differences are
finance-related. Focusing on the impact of risks rather than behaviors, JANUS
achieves improved accuracy compared to existing tools and can uncover
centralization risks with unknown patterns.
To evaluate JANUS's performance, we compare it with other tools using a
dataset of 540 contracts. Our evaluation demonstrates that JANUS outperforms
representative tools in terms of detection accuracy for financial
centralization risks . Additionally, we evaluate JANUS on a real-world dataset
of 33,151 contracts, successfully identifying two types of risks that other
tools fail to detect. We also prove that the state traversal method and
variable summaries, which are used in JANUS to reduce the number of states to
be compared, do not introduce false alarms or omissions in detection.</description><identifier>DOI: 10.48550/arxiv.2412.03938</identifier><language>eng</language><subject>Computer Science - Cryptography and Security ; Computer Science - Learning</subject><creationdate>2024-12</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,781,886</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2412.03938$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2412.03938$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Wang, Wansen</creatorcontrib><creatorcontrib>Zhang, Pu</creatorcontrib><creatorcontrib>Ji, Renjie</creatorcontrib><creatorcontrib>Huang, Wenchao</creatorcontrib><creatorcontrib>Meng, Zhaoyi</creatorcontrib><creatorcontrib>Xiong, Yan</creatorcontrib><title>JANUS: A Difference-Oriented Analyzer For Financial Centralization Risks in Smart Contracts</title><description>Some smart contracts violate decentralization principles by defining
privileged accounts that manage other users' assets without permission,
introducing centralization risks that have caused financial losses. Existing
methods, however, face challenges in accurately detecting diverse
centralization risks due to their dependence on predefined behavior patterns.
In this paper, we propose JANUS, an automated analyzer for Solidity smart
contracts that detects financial centralization risks independently of their
specific behaviors. JANUS identifies differences between states reached by
privileged and ordinary accounts, and analyzes whether these differences are
finance-related. Focusing on the impact of risks rather than behaviors, JANUS
achieves improved accuracy compared to existing tools and can uncover
centralization risks with unknown patterns.
To evaluate JANUS's performance, we compare it with other tools using a
dataset of 540 contracts. Our evaluation demonstrates that JANUS outperforms
representative tools in terms of detection accuracy for financial
centralization risks . Additionally, we evaluate JANUS on a real-world dataset
of 33,151 contracts, successfully identifying two types of risks that other
tools fail to detect. We also prove that the state traversal method and
variable summaries, which are used in JANUS to reduce the number of states to
be compared, do not introduce false alarms or omissions in detection.</description><subject>Computer Science - Cryptography and Security</subject><subject>Computer Science - Learning</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNpjYJA0NNAzsTA1NdBPLKrILNMzMjE00jMwtjS24GSI9nL0Cw22UnBUcMlMS0stSs1LTtX1L8pMzStJTVFwzEvMqaxKLVJwywfizLzEvOTMxBwFZ6BsUWJOZlViSWZ-nkJQZnF2sUJmnkJwbmJRiYJzPkg2uaSYh4E1LTGnOJUXSnMzyLu5hjh76IKdEV9QlAlUXxkPck482DnGhFUAAFnmP9E</recordid><startdate>20241205</startdate><enddate>20241205</enddate><creator>Wang, Wansen</creator><creator>Zhang, Pu</creator><creator>Ji, Renjie</creator><creator>Huang, Wenchao</creator><creator>Meng, Zhaoyi</creator><creator>Xiong, Yan</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20241205</creationdate><title>JANUS: A Difference-Oriented Analyzer For Financial Centralization Risks in Smart Contracts</title><author>Wang, Wansen ; Zhang, Pu ; Ji, Renjie ; Huang, Wenchao ; Meng, Zhaoyi ; Xiong, Yan</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-arxiv_primary_2412_039383</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Computer Science - Cryptography and Security</topic><topic>Computer Science - Learning</topic><toplevel>online_resources</toplevel><creatorcontrib>Wang, Wansen</creatorcontrib><creatorcontrib>Zhang, Pu</creatorcontrib><creatorcontrib>Ji, Renjie</creatorcontrib><creatorcontrib>Huang, Wenchao</creatorcontrib><creatorcontrib>Meng, Zhaoyi</creatorcontrib><creatorcontrib>Xiong, Yan</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Wang, Wansen</au><au>Zhang, Pu</au><au>Ji, Renjie</au><au>Huang, Wenchao</au><au>Meng, Zhaoyi</au><au>Xiong, Yan</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>JANUS: A Difference-Oriented Analyzer For Financial Centralization Risks in Smart Contracts</atitle><date>2024-12-05</date><risdate>2024</risdate><abstract>Some smart contracts violate decentralization principles by defining
privileged accounts that manage other users' assets without permission,
introducing centralization risks that have caused financial losses. Existing
methods, however, face challenges in accurately detecting diverse
centralization risks due to their dependence on predefined behavior patterns.
In this paper, we propose JANUS, an automated analyzer for Solidity smart
contracts that detects financial centralization risks independently of their
specific behaviors. JANUS identifies differences between states reached by
privileged and ordinary accounts, and analyzes whether these differences are
finance-related. Focusing on the impact of risks rather than behaviors, JANUS
achieves improved accuracy compared to existing tools and can uncover
centralization risks with unknown patterns.
To evaluate JANUS's performance, we compare it with other tools using a
dataset of 540 contracts. Our evaluation demonstrates that JANUS outperforms
representative tools in terms of detection accuracy for financial
centralization risks . Additionally, we evaluate JANUS on a real-world dataset
of 33,151 contracts, successfully identifying two types of risks that other
tools fail to detect. We also prove that the state traversal method and
variable summaries, which are used in JANUS to reduce the number of states to
be compared, do not introduce false alarms or omissions in detection.</abstract><doi>10.48550/arxiv.2412.03938</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.2412.03938 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_2412_03938 |
| source | arXiv.org |
| subjects | Computer Science - Cryptography and Security Computer Science - Learning |
| title | JANUS: A Difference-Oriented Analyzer For Financial Centralization Risks in Smart Contracts |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-16T14%3A07%3A17IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=JANUS:%20A%20Difference-Oriented%20Analyzer%20For%20Financial%20Centralization%20Risks%20in%20Smart%20Contracts&rft.au=Wang,%20Wansen&rft.date=2024-12-05&rft_id=info:doi/10.48550/arxiv.2412.03938&rft_dat=%3Carxiv_GOX%3E2412_03938%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |