CRPWarner: Warning the Risk of Contract-related Rug Pull in DeFi Smart Contracts
In recent years, Decentralized Finance (DeFi) grows rapidly due to the development of blockchain technology and smart contracts. As of March 2023, the estimated global cryptocurrency market cap has reached approximately $949 billion. However, security incidents continue to plague the DeFi ecosystem, and one of the most notorious examples is the ``Rug Pull" scam. This type of cryptocurrency scam occurs when the developer of a particular token project intentionally abandons the project and disappears with investors' funds. Despite it only emerging in recent years, Rug Pull events have already caused significant financial losses. In this work, we manually collected and analyzed 103 real-world rug pull events, categorizing them based on their scam methods. Two primary categories were identified: Contract-related Rug Pull (through malicious functions in smart contracts) and Transaction-related Rug Pull (through cryptocurrency trading without utilizing malicious functions). Based on the analysis of rug pull events, we propose CRPWarner (short for Contract-related Rug Pull Risk Warner) to identify malicious functions in smart contracts and issue warnings regarding potential rug pulls. We evaluated CRPWarner on 69 open-source smart contracts related to rug pull events and achieved a 91.8% precision, 85.9% recall and 88.7% F1-score. Additionally, when evaluating CRPWarner on 13,484 real token contracts on Ethereum, it successfully detected 4168 smart contracts with malicious functions, including zero-day examples. The precision of large-scale experiment reach 84.9%..
Medienart: |
Preprint |
---|
Erscheinungsjahr: |
2024 |
---|---|
Erschienen: |
2024 |
Enthalten in: |
arXiv.org - (2024) vom: 03. März Zur Gesamtaufnahme - year:2024 |
---|
Sprache: |
Englisch |
---|
Beteiligte Personen: |
Lin, Zewei [VerfasserIn] |
---|
Links: |
Volltext [kostenfrei] |
---|
Themen: |
---|
Förderinstitution / Projekttitel: |
|
---|
PPN (Katalog-ID): |
XCH042797861 |
---|
LEADER | 01000naa a22002652 4500 | ||
---|---|---|---|
001 | XCH042797861 | ||
003 | DE-627 | ||
005 | 20240306114522.0 | ||
007 | cr uuu---uuuuu | ||
008 | 240306s2024 xx |||||o 00| ||eng c | ||
035 | |a (DE-627)XCH042797861 | ||
035 | |a (chemrXiv)2403.01425 | ||
040 | |a DE-627 |b ger |c DE-627 |e rakwb | ||
041 | |a eng | ||
100 | 1 | |a Lin, Zewei |e verfasserin |4 aut | |
245 | 1 | 0 | |a CRPWarner: Warning the Risk of Contract-related Rug Pull in DeFi Smart Contracts |
264 | 1 | |c 2024 | |
336 | |a Text |b txt |2 rdacontent | ||
337 | |a Computermedien |b c |2 rdamedia | ||
338 | |a Online-Ressource |b cr |2 rdacarrier | ||
520 | |a In recent years, Decentralized Finance (DeFi) grows rapidly due to the development of blockchain technology and smart contracts. As of March 2023, the estimated global cryptocurrency market cap has reached approximately $949 billion. However, security incidents continue to plague the DeFi ecosystem, and one of the most notorious examples is the ``Rug Pull" scam. This type of cryptocurrency scam occurs when the developer of a particular token project intentionally abandons the project and disappears with investors' funds. Despite it only emerging in recent years, Rug Pull events have already caused significant financial losses. In this work, we manually collected and analyzed 103 real-world rug pull events, categorizing them based on their scam methods. Two primary categories were identified: Contract-related Rug Pull (through malicious functions in smart contracts) and Transaction-related Rug Pull (through cryptocurrency trading without utilizing malicious functions). Based on the analysis of rug pull events, we propose CRPWarner (short for Contract-related Rug Pull Risk Warner) to identify malicious functions in smart contracts and issue warnings regarding potential rug pulls. We evaluated CRPWarner on 69 open-source smart contracts related to rug pull events and achieved a 91.8% precision, 85.9% recall and 88.7% F1-score. Additionally, when evaluating CRPWarner on 13,484 real token contracts on Ethereum, it successfully detected 4168 smart contracts with malicious functions, including zero-day examples. The precision of large-scale experiment reach 84.9%. | ||
650 | 4 | |a Computer Science - Software Engineering |7 (dpeaa)DE-84 | |
650 | 4 | |a 000 |7 (dpeaa)DE-84 | |
700 | 1 | |a Chen, Jiachi |4 aut | |
700 | 1 | |a Zheng, Zibin |4 aut | |
700 | 1 | |a Wu, Jiajing |4 aut | |
700 | 1 | |a Zhang, Weizhe |4 aut | |
700 | 1 | |a Wang, Yongjuan |4 aut | |
773 | 0 | 8 | |i Enthalten in |t arXiv.org |g (2024) vom: 03. März |
773 | 1 | 8 | |g year:2024 |g day:03 |g month:03 |
856 | 4 | 0 | |u https://arxiv.org/abs/2403.01425 |z kostenfrei |3 Volltext |
912 | |a GBV_XCH | ||
951 | |a AR | ||
952 | |j 2024 |b 03 |c 03 |