/RNVulDet

Demystifying Random Number in Ethereum Smart Contract: Taxonomy, Vulnerability Identification, and Attack Detection (TSE Accepted)

Primary LanguagePython

RNVulDet

This repo is a python implementation of our RNVulDet – a tool that incorporates taint analysis techniques to automatically unearth random number vulnerabilities and detect attack transactions.

Overview

*RNVulDet* comprises preprocessing and simulated execution. This Figure depicts the overall architecture of our proposed *RNVulDet*. In particular, RNVulDet engages in four main components to perform taint analysis, i.e., stack state examination, memory segmentation, storage key-value pair comparison, and transaction replay.

Usage

python3.10 main.py BYTECODE_FILE [-o OUTPUT_FILE]

Dataset

Dataset_1 contains 34 smart contracts reported to possess the random number bug.

Dataset_2 includes a total of 214 smart contracts that do not have random number vulnerabilities.

Dataset_3 consists of 4,617 potential victim contracts, 43,051 potential malicious contracts, and 49,951 suspicious transactions for experiments.