HighGuard: Cross-Chain Business Logic Monitoring of Smart Contracts
Paper in proceeding, 2024
Logical flaws in smart contracts are often exploited, leading to significant financial losses. Our tool, HighGuard, detects transactions that violate business logic specifications of smart contracts. HighGuard employs dynamic condition response (DCR) graph models as formal specifications to verify contract execution against these models. It is capable of operating in a cross-chain environment for detecting business logic flaws across different blockchain platforms. We demonstrate HighGuard's effectiveness in identifying deviations from specified behaviors in smart contracts without requiring code instrumentation or incurring additional gas costs. By using precise specifications in the monitor, HighGuard achieves detection without false positives. Our evaluation, involving 54 exploits, confirms HighGuard's effectiveness in detecting business logic vulnerabilities.Our open-source implementation of HighGuard and a screencast of its usage are available at: https://github.com/mojtaba-eshghie/HighGuardhttps://www.youtube.com/watch?v=sZYVV-slDaY.
blockchain security
runtime monitoring
smart contracts
DCR graphs
Author
Mojtaba Eshghie
Royal Institute of Technology (KTH)
Cyrille Artho
Royal Institute of Technology (KTH)
Hans Stammler
Royal Institute of Technology (KTH)
Wolfgang Ahrendt
Chalmers, Computer Science and Engineering (Chalmers), Formal methods
Thomas Troels Hildebrandt
University of Copenhagen
Gerardo Schneider
University of Gothenburg
Proceedings - 2024 39th ACM/IEEE International Conference on Automated Software Engineering, ASE 2024
2378-2381
9798400712487 (ISBN)
39th ACM/IEEE International Conference on Automated Software Engineering, ASE 2024
Sacramento, USA,
Sacramento, USA,
Subject Categories (SSIF 2011)
Robotics
Computer Science
Computer Systems
DOI
10.1145/3691620.3695356