DAppHunter: Identifying Inconsistent Behaviors of Blockchain-based Decentralized Applications

Jianfei Zhou; Tianxing Jiang; Haijun Wang; Meng Wu; Ting Chen

doi:10.1109/ICSE-SEIP58684.2023.00008

DAppHunter: Identifying Inconsistent Behaviors of Blockchain-based Decentralized Applications

Jianfei Zhou
, Tianxing Jiang
, Haijun Wang
, Meng Wu
, Ting Chen

University of Electronic Science and Technology of China
Ant Group

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

9 Scopus citations

Abstract

A blockchain-based decentralized application (DApp) refers to an application typically using web pages or mobile applications as the front-end and smart contracts as the back-end. The front-end of the DApp helps users generate transactions and send them to the user's blockchain wallet. After the user signs and confirms the transaction using the blockchain wallet, the transaction will invoke the smart contract of the DApp. However, users bear the following risks when using DApps because of the potential inconsistent behaviors in DApps. First, the DApp front-end may generate incorrect transactions inconsistent with users' intentions. Second, the smart contract may have misbehaviors when executing the transactions. Inconsistent behaviors of DApps not only lead to user confusion but also cause significant financial losses. In this paper, we proposed a novel approach to identify inconsistent behaviors of DApps on EVM-compatible blockchains by contrasting the behaviors of DApps that derived from the front-end, blockchain wallet, and smart contracts, respectively. We implemented our approach into a prototype named DAppHunter. We have applied DAppHunter on 92 real-world DApps of Ethereum and Binance Smart Chain and successfully identified 37 DApps with inconsistent behaviors. We confirmed that 35 of them are scam DApps and over 5 million blockchain addresses are at risk of becoming victims of these inconsistent DApps.

Original language	English
Title of host publication	Proceedings - 2023 IEEE/ACM 45th International Conference on Software Engineering
Subtitle of host publication	Software Engineering in Practice, ICSE-SEIP 2023
Publisher	IEEE Computer Society
Pages	24-35
Number of pages	12
ISBN (Electronic)	9798350300376
DOIs	https://doi.org/10.1109/ICSE-SEIP58684.2023.00008
State	Published - 20 Sep 2023
Externally published	Yes
Event	45th IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice, ICSE-SEIP 2023 - Melbourne, Australia Duration: 14 May 2023 → 20 May 2023

Publication series

Name	Proceedings - International Conference on Software Engineering
ISSN (Print)	0270-5257

Conference

Conference	45th IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice, ICSE-SEIP 2023
Country/Territory	Australia
City	Melbourne
Period	14/05/23 → 20/05/23

Keywords

DApp testing
blockchain
inconsistent behavior
smart contract

Access to Document

10.1109/ICSE-SEIP58684.2023.00008

Cite this

Zhou, J., Jiang, T., Wang, H., Wu, M., & Chen, T. (2023). DAppHunter: Identifying Inconsistent Behaviors of Blockchain-based Decentralized Applications. In Proceedings - 2023 IEEE/ACM 45th International Conference on Software Engineering: Software Engineering in Practice, ICSE-SEIP 2023 (pp. 24-35). (Proceedings - International Conference on Software Engineering). IEEE Computer Society. https://doi.org/10.1109/ICSE-SEIP58684.2023.00008

Zhou, Jianfei ; Jiang, Tianxing ; Wang, Haijun et al. / DAppHunter : Identifying Inconsistent Behaviors of Blockchain-based Decentralized Applications. Proceedings - 2023 IEEE/ACM 45th International Conference on Software Engineering: Software Engineering in Practice, ICSE-SEIP 2023. IEEE Computer Society, 2023. pp. 24-35 (Proceedings - International Conference on Software Engineering).

@inproceedings{69a085a0fc7f4b599145de3e897ec79a,

title = "DAppHunter: Identifying Inconsistent Behaviors of Blockchain-based Decentralized Applications",

abstract = "A blockchain-based decentralized application (DApp) refers to an application typically using web pages or mobile applications as the front-end and smart contracts as the back-end. The front-end of the DApp helps users generate transactions and send them to the user's blockchain wallet. After the user signs and confirms the transaction using the blockchain wallet, the transaction will invoke the smart contract of the DApp. However, users bear the following risks when using DApps because of the potential inconsistent behaviors in DApps. First, the DApp front-end may generate incorrect transactions inconsistent with users' intentions. Second, the smart contract may have misbehaviors when executing the transactions. Inconsistent behaviors of DApps not only lead to user confusion but also cause significant financial losses. In this paper, we proposed a novel approach to identify inconsistent behaviors of DApps on EVM-compatible blockchains by contrasting the behaviors of DApps that derived from the front-end, blockchain wallet, and smart contracts, respectively. We implemented our approach into a prototype named DAppHunter. We have applied DAppHunter on 92 real-world DApps of Ethereum and Binance Smart Chain and successfully identified 37 DApps with inconsistent behaviors. We confirmed that 35 of them are scam DApps and over 5 million blockchain addresses are at risk of becoming victims of these inconsistent DApps.",

keywords = "DApp testing, blockchain, inconsistent behavior, smart contract",

author = "Jianfei Zhou and Tianxing Jiang and Haijun Wang and Meng Wu and Ting Chen",

note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 45th IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice, ICSE-SEIP 2023 ; Conference date: 14-05-2023 Through 20-05-2023",

year = "2023",

month = sep,

day = "20",

doi = "10.1109/ICSE-SEIP58684.2023.00008",

language = "英语",

series = "Proceedings - International Conference on Software Engineering",

publisher = "IEEE Computer Society",

pages = "24--35",

booktitle = "Proceedings - 2023 IEEE/ACM 45th International Conference on Software Engineering",

}

Zhou, J, Jiang, T, Wang, H, Wu, M & Chen, T 2023, DAppHunter: Identifying Inconsistent Behaviors of Blockchain-based Decentralized Applications. in Proceedings - 2023 IEEE/ACM 45th International Conference on Software Engineering: Software Engineering in Practice, ICSE-SEIP 2023. Proceedings - International Conference on Software Engineering, IEEE Computer Society, pp. 24-35, 45th IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice, ICSE-SEIP 2023, Melbourne, Australia, 14/05/23. https://doi.org/10.1109/ICSE-SEIP58684.2023.00008

DAppHunter: Identifying Inconsistent Behaviors of Blockchain-based Decentralized Applications. / Zhou, Jianfei; Jiang, Tianxing; Wang, Haijun et al.
Proceedings - 2023 IEEE/ACM 45th International Conference on Software Engineering: Software Engineering in Practice, ICSE-SEIP 2023. IEEE Computer Society, 2023. p. 24-35 (Proceedings - International Conference on Software Engineering).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - DAppHunter

T2 - 45th IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice, ICSE-SEIP 2023

AU - Zhou, Jianfei

AU - Jiang, Tianxing

AU - Wang, Haijun

AU - Wu, Meng

AU - Chen, Ting

PY - 2023/9/20

Y1 - 2023/9/20

N2 - A blockchain-based decentralized application (DApp) refers to an application typically using web pages or mobile applications as the front-end and smart contracts as the back-end. The front-end of the DApp helps users generate transactions and send them to the user's blockchain wallet. After the user signs and confirms the transaction using the blockchain wallet, the transaction will invoke the smart contract of the DApp. However, users bear the following risks when using DApps because of the potential inconsistent behaviors in DApps. First, the DApp front-end may generate incorrect transactions inconsistent with users' intentions. Second, the smart contract may have misbehaviors when executing the transactions. Inconsistent behaviors of DApps not only lead to user confusion but also cause significant financial losses. In this paper, we proposed a novel approach to identify inconsistent behaviors of DApps on EVM-compatible blockchains by contrasting the behaviors of DApps that derived from the front-end, blockchain wallet, and smart contracts, respectively. We implemented our approach into a prototype named DAppHunter. We have applied DAppHunter on 92 real-world DApps of Ethereum and Binance Smart Chain and successfully identified 37 DApps with inconsistent behaviors. We confirmed that 35 of them are scam DApps and over 5 million blockchain addresses are at risk of becoming victims of these inconsistent DApps.

AB - A blockchain-based decentralized application (DApp) refers to an application typically using web pages or mobile applications as the front-end and smart contracts as the back-end. The front-end of the DApp helps users generate transactions and send them to the user's blockchain wallet. After the user signs and confirms the transaction using the blockchain wallet, the transaction will invoke the smart contract of the DApp. However, users bear the following risks when using DApps because of the potential inconsistent behaviors in DApps. First, the DApp front-end may generate incorrect transactions inconsistent with users' intentions. Second, the smart contract may have misbehaviors when executing the transactions. Inconsistent behaviors of DApps not only lead to user confusion but also cause significant financial losses. In this paper, we proposed a novel approach to identify inconsistent behaviors of DApps on EVM-compatible blockchains by contrasting the behaviors of DApps that derived from the front-end, blockchain wallet, and smart contracts, respectively. We implemented our approach into a prototype named DAppHunter. We have applied DAppHunter on 92 real-world DApps of Ethereum and Binance Smart Chain and successfully identified 37 DApps with inconsistent behaviors. We confirmed that 35 of them are scam DApps and over 5 million blockchain addresses are at risk of becoming victims of these inconsistent DApps.

KW - DApp testing

KW - blockchain

KW - inconsistent behavior

KW - smart contract

UR - https://www.scopus.com/pages/publications/85171794765

U2 - 10.1109/ICSE-SEIP58684.2023.00008

DO - 10.1109/ICSE-SEIP58684.2023.00008

M3 - 会议稿件

AN - SCOPUS:85171794765

T3 - Proceedings - International Conference on Software Engineering

SP - 24

EP - 35

BT - Proceedings - 2023 IEEE/ACM 45th International Conference on Software Engineering

PB - IEEE Computer Society

Y2 - 14 May 2023 through 20 May 2023

ER -

Zhou J, Jiang T, Wang H, Wu M, Chen T. DAppHunter: Identifying Inconsistent Behaviors of Blockchain-based Decentralized Applications. In Proceedings - 2023 IEEE/ACM 45th International Conference on Software Engineering: Software Engineering in Practice, ICSE-SEIP 2023. IEEE Computer Society. 2023. p. 24-35. (Proceedings - International Conference on Software Engineering). doi: 10.1109/ICSE-SEIP58684.2023.00008

DAppHunter: Identifying Inconsistent Behaviors of Blockchain-based Decentralized Applications

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this