TxMirror: When the Dynamic EVM Stack Meets Transactions for Smart Contract Vulnerability Detection

Smart contract vulnerability can be exploited to cause serious financial loss. While there are many logic-based techniques for detecting vulnerabilities, few have focused on the dynamic stack of the Ethereum virtual machine (EVM) in the process of transactions. This motivates us to raise an intriguing question: What will happen when the dynamic EVM stack meets a transaction for smart contract vulnerability detection? To answer it, we propose a novel data-driven framework, dubbed TxMirror, to detect smart contract vulnerability at the bytecode level by simulating transactions symmetrically. Beyond logic-based wisdom, TxMirror customizes EVM for smart contract vulnerability detection, and stores its dependency between the stack data and logic relation in a new manner, that is, all the data are stored in a double link forest and can index the logic that creates them; it directly inspects customized EVM stack data in a transaction without replaying history transactions repeatedly or recording EVM bytecode-level traces. Furthermore, it extends detection rules defined by user interests, possessing good adaptability for developers. Extensive experiments demonstrate that TxMirror effectively detects attacks and vulnerabilities in unpredictable smart contracts.