Research on Price Oracle Manipulation Source Code Detection Method Based on Static Analysis

doi:10.3969/j.issn.1671-1122.2025.05.006

Abstract

Abstract:

Aiming at the problem of price oracle manipulation attacks on smart contracts, this paper proposed a price oracle manipulation source code detection method based on static analysis. This approach first established correspondences between caller function variables and called function parameters, as well as between callee function return values and caller variables based on user-input function call relationships. Subsequently, static analysis was applied to the source code of the tested function and other contracts involved during runtime to obtain data flow and controled flow information for each contract. Then, utilized the data flow and controled flow information for individual contracts, along with function call relationships, cross-contract data flow graphs and control flow graphs were constructed to ascertain variable data dependencies and controled dependencies. Finally, the method detected whether the transfer amount in transfer operations and controled statements which the transfer operations controled depend involve manipulation-prone information to determine the existence of price oracle manipulation risk in the tested contract. Experimental results demonstrate that this method effectively detects price oracle manipulation attacks in smart contracts with high precision and recall rates.

Key words: smart contract, static analysis, price oracle manipulation attack, blockchain security

CLC Number:

TP309

YE Jiajun, GAO Cuifeng, XUE Yinxing. Research on Price Oracle Manipulation Source Code Detection Method Based on Static Analysis[J]. Netinfo Security, 2025, 25(5): 732-746.

Figures/Tables 17

References 25

[1]	BUTERIN V. A Next-Generation Smart Contract and Decentralized Application Platform[J]. White Paper, 2014, 3(37): 1-36.
[2]	NAKAMOTO S. Bitcoin: A Peer-to-Peer Electronic Cash System[EB/OL]. [2024-04-10]. https://bitcoin.org/en/bitcoin-paper.
[3]	DefiLlama. DeFi Dashboard[EB/OL]. (2024-03-20)[2024-04-10]. https://defillama.com/.
[4]	SZABO N. Formalizing and Securing Relationships on Public Networks[J]. First Monday, 1997, 2(9): 1-25.
[5]	BARTOLETTI M, POMPIANU L. An Empirical Analysis of Smart Contracts:Platforms, Applications, and Design Patterns[C]// Springer. Financial Cryptography and Data Security. Heidelberg: Springer, 2017: 494-509.
[6]	MEHAR M I, SHIER C L, GIAMBATTISTA A, et al. Understanding a Revolutionary and Flawed Grand Experiment in Blockchain[J]. Journal of Cases on Information Technology, 2019, 21(1): 19-32.
[7]	QIAN Peng, LIU Zhenguang, HE Qinming, et al. Smart Contract Vulnerability Detection Technique: A Survey[J]. Journal of Software, 2022, 33(8): 3059-3085.
	钱鹏, 刘振广, 何钦铭, 等. 智能合约安全漏洞检测技术研究综述[J]. 软件学报, 2022, 33(8):3059-3085.
[8]	ZHANG Zhuo, ZHANG B, XU Wen, et al. Demystifying Exploitable Bugs in Smart Contracts[C]// IEEE. 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE). New York: IEEE, 2023: 615-627.
[9]	WU Siwei, WANG Dabao, HE Jianting, et al. DeFiRanger: Detecting Price Manipulation Attacks on DeFi Applications[EB/OL]. (2021-04-30)[2024-04-10]. https://arxiv.org/abs/2104.15068v1.
[10]	ZHANG Wuqi, WEI Lili, CHEUNG S C, et al. Combatting Front-Running in Smart Contracts: Attack Mining, Benchmark Construction and Vulnerability Detector Evaluation[J]. IEEE Transactions on Software Engineering, 2023, 49(6): 3630-3646.
[11]	QIN Kaihua, ZHOU Liyi, LIVSHITS B, et al. Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit[C]// Springer. Financial Cryptography and Data Security. Heidelberg: Springer, 2021: 3-32.
[12]	DONG Weiliang, LIU Zhe, LIU Kui, et al. Survey on Vulnerability Detection Technology of Smart Contracts[J]. Journal of Software, 2024, 35(1): 38-62.
	董伟良, 刘哲, 刘逵, 等. 智能合约漏洞检测技术综述[J]. 软件学报, 2024, 35(1): 38-62.
[13]	ALMAKHOUR M, SLIMAN L, SAMHAT A E, et al. Verification of Smart Contracts: A Survey[EB/OL]. (2019-06-10)[2024-04-10]. https://doi.org/10.1016/j.pmcj.2020.101227.
[14]	LUU L, CHU D H, OLICKEL H, et al. Making Smart Contracts Smarter[C]// ACM. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2016: 254-269.
[15]	GRIECO G, SONG W, CYGAN A, et al. Echidna:Effective, Usable, and Fast Fuzzing for Smart Contracts[C]// ACM. Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. New York: ACM, 2020: 557-560.
[16]	CHESS B, MCGRAW G. Static Analysis for Security[J]. IEEE Security & Privacy, 2004, 2(6): 76-79.
[17]	SCHNEIDEWIND C, GRISHCHENKO I, SCHERER M, et al. EThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts[C]// ACM. Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2020: 621-640.
[18]	TIKHOMIROV S, VOSKRESENSKAYA E, IVANITSKIY I, et al. SmartCheck: Static Analysis of Ethereum Smart Contracts[C]// IEEE. 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). New York: IEEE, 2018: 9-16.
[19]	FEIST J, GRIECO G, GROCE A. Slither: A Static Analysis Framework for Smart Contracts[C]// IEEE. 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). New York: IEEE, 2019: 8-15.
[20]	CYTRON R, FERRANTE J, ROSEN B K, et al. Efficiently Computing Static Single Assignment Form and the Control Dependence Graph[J]. ACM Transactions on Programming Languages and Systems, 1991, 13(4): 451-490.
[21]	ABDELAZIZ T, HOBOR A. Smart Learning to Find Dumb Contracts (Extended Version)[EB/OL]. (2023-06-27)[2024-04-10]. https://arxiv.org/abs/2304.10726v2.
[22]	TJIAM K, WANG Rui, CHEN Huanhuan, et al. Your Smart Contracts are Not Secure: Investigating Arbitrageurs and Oracle Manipulators in Ethereum[C]// ACM. Proceedings of the 3rd Workshop on Cyber-Security Arms Race. New York: ACM, 2021: 25-35.
[23]	WANG S H, WU C C, LIANG Yuchuan, et al. ProMutator: Detecting Vulnerable Price Oracles in DeFi by Mutated Transactions[C]// IEEE. 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). New York: IEEE, 2021: 380-385.
[24]	DENG Xun, BEILLAHI S M, MINWALLA C, et al. Safeguarding DeFi Smart Contracts against Oracle Deviations[C]// ACM. Proceedings of the IEEE/ACM 46th International Conference on Software Engineering. New York: ACM, 2024: 1-12.
[25]	Tintinweb. Smart Contract Sanctuary[EB/OL]. (2024-03-20)[2024-04-10]. https://github.com/tintinweb/smart-contract-sanctuary.git/.

符号	定义
A_x	用户转出或接收类型为x的token数量
O_i	价格预言机i
Manipulate(O_i)	对价格预言机i进行操纵
Value(A_x)	A_x的实际价值
Exchange(A_a, A_b,O_i)	用户进行货币交换，将A_a个token a交换为A_b个token b，A_b的数量计算依赖于O_i
Borrow(A_a, A_b,O_i)	用户将A_a个token a作为抵押，借贷A_b个token b，借贷是否成功的依据为O_i

符号	描述
DataDependentcy(a,b)	变量b数据依赖于变量a
DataFlow_Edge(a,b)	在数据流图中变量a和变量b之间存在一条从a到b的有向边
ControlDependency(c,d)	语句d的执行受到控制语句c的控制
PostDominate(c,d)	语句c被语句d后支配
ControlStmt(c)	语句c是一个控制语句
ControlFlow_Path(c,d)	在控制流图中语句c到语句d的路径

名称	配置信息
操作系统	Ubuntu 18.04
CPU	Intel(R) Xeon(R) Platinum 8160 CPU @2.10 GHz
内存	376 GB

合约名称	合约地址
Comptroller	0xbd193db8a909cAC57Cdb981Ea81B5dc270287F19
Comptroller	0xEA4b8dDb3aE257224dFD8C6aFc035204Eea75539

代码行数/行	合约数量/个	平均检测时间/s
小于6000	63	1693/63=26.87
大于6000	29	1434/29=49.44