The Backdoor Injures Its Cryptocurrency: An Empirical Study of Backdoor Attacks on Ethereum Smart Contracts
Naoto Yanai, Naohisa Nishida, Yuji UnagamiBackdoor attacks on Ethereum smart contracts are a kind of attack in which an adversary exploits the privileges of his/her developed smart contract to manipulate the cryptoassets generated by that contract. Although there are several countermeasures against backdoor attacks, to the best of our knowledge, no empirical study based on the source code of the backdoor attacks has been conducted so far. In this paper, we conduct an empirical study to understand how backdoor attacks on Ethereum smart contracts are performed in the real world by analyzing all smart contracts with source code. To this end, we also propose a new investigation tool for the empirical study, named BACCA. We then identify several key insights. First, we totally found 288,440 contracts for backdoors attacked, called contract backdoors, including potential ones. The most significant backdoor attack is DisableTransfer, which disables transfers of assets to other addresses, and we identify 211,687 smart contracts affected by this attack. Second, several backdoor attacks are combined with other types of backdoor attacks, called combination contract backdoors, and 90.9% of DisableTransfer are combination contract backdoors. Third, GenerateToken, which enables an adversary to generate new cryptoassets, is the largest as a backdoor without any combinations, i.e., unique contract backdoors, and 23.8% of GenerateToken are the unique contract backdoors. Fourth, when we analyze the number of transactions sent to the above contract backdoors to identify their gas consumption in the real world, we identify that about 9 trillion dollars have been consumed by them. We also found a remarkable contract backdoor that receives more than a million transactions, resulting in gas consumption of about two billion dollars. We further discuss implications for the design of analysis tools for subsequent work and the impact of compiler updates on the above backdoor attacks.