Quantitative runtime monitoring of Ethereum transaction attacks

Author

Xinyao XU
Ziyu MAO
Jianzhong SU
Xingwei LIN
David BASIN
Jun SUN, Singapore Management UniversityFollow
Jingyi WANG

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

5-2025

Abstract

The rapid growth of decentralized applications, while revolutionizing financial transactions, has created an attractive target for malicious attacks. Existing approaches to detecting attacks often rely on predefined rules or simplistic and overly-specialized models, which lack the flexibility to handle the wide spectrum of diverse and dynamically changing attack types. To address this challenge, we present a general and extensible framework, MoE (Monitoring Ethereum), that leverages runtime verification to detect a wide range of attacks on Ethereum. MoE features an expressive attack modeling language, based on Metric First-order Temporal Logic (MFOTL), that can formalize a wide range of attacks. We integrate a novel semantic lifting approach that extracts system behaviors relevant for various attacks, which can be analyzed using the monitoring tool MonPoly. Furthermore, we also equip MoE with quantitative capabilities to evaluate the similarity between a transaction and an attack formula to enhance its performance in identifying attacks, including near-miss attacks. We carry out extensive experiments with MoE on a labeled benchmark and a large-scale dataset containing over one million transactions. On the labeled benchmark, MoE successfully detects 92.0% attacks and achieves a 45.0% higher recall rate than competing state-of-the-art tool. MoE finds 3,319 attacks with 95.4% precision on the large dataset. Furthermore, MoE uses quantitative analysis to uncover 8% additional attacks. Finally, the average time for monitoring a transaction is less than 23 ms, positioning MoE as a promising practical solution for real-time attack detection for Ethereum.

Keywords

Ethereum, Runtime Monitoring, Ethereum Attack Detection

Discipline

Numerical Analysis and Computation | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Areas of Excellence

Digital transformation

Publication

WWW '25: Proceedings of the ACM on Web Conference 2025, Sydney, Australia, April 28 - May 2

First Page

4146

Last Page

4159

ISBN

9798400712746

Identifier

10.1145/3696410.37146

Publisher

ACM

City or Country

New York

Citation

XU, Xinyao; MAO, Ziyu; SU, Jianzhong; LIN, Xingwei; BASIN, David; SUN, Jun; and WANG, Jingyi. Quantitative runtime monitoring of Ethereum transaction attacks. (2025). WWW '25: Proceedings of the ACM on Web Conference 2025, Sydney, Australia, April 28 - May 2. 4146-4159.
Available at: https://ink.library.smu.edu.sg/sis_research/10287

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1145/3696410.3714682