Why Is My Transaction Risky? Understanding Smart Contract Semantics and Interactions in the NFT Ecosystem
This program is tentative and subject to change.
The NFT ecosystem represents an interconnected, decentralized environment that encompasses the creation, distribution, and trading of Non-Fungible Tokens (NFTs), where key actors, such as marketplaces, sellers, and buyers, utilize smart contracts to facilitate secure, transparent, and trustless transactions. Scam tokens are deliberately created to mislead users and facilitate financial exploitation, posing significant risks in the NFT ecosystem. Prior work has explored the NFT ecosystem from various perspectives, including security challenges, actor behaviors, and risks from scams and wash trading, leaving a gap in understanding the semantics and interactions of smart contracts during transactions, and how the risks associated with scam tokens manifest in relation to the semantics and interactions of contracts. To bridge this gap, we conducted a large-scale empirical study on smart contract semantics and interactions in the NFT ecosystem, using a curated dataset of nearly 100 million transactions across 20 million blocks on Ethereum. We observe a limited semantic diversity among smart contracts in the NFT ecosystem, dominated by proxy, token, and DeFi contracts. Marketplace and proxy registry contracts are the most frequently involved in smart contract interactions during transactions, engaging with a broad spectrum of contracts in the ecosystem. Token contracts exhibit bytecode-level diversity, whereas scam tokens exhibit bytecode convergence. Certain interaction patterns between smart contracts are common to both risky and non-risky transactions, while others are predominantly associated with risky transactions. Based on our findings, we provide recommendations to mitigate risks in the blockchain ecosystem, and outline future research directions.
This program is tentative and subject to change.
Tue 18 NovDisplayed time zone: Seoul change
14:00 - 15:30 | |||
14:00 10mTalk | Leveraging Mixture-of-Experts Framework for Smart Contract Vulnerability Repair with Large Language Model Research Papers Hang Yuan Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, China, Xizhi Hou Institute of Software, Chinese Academy of Sciences; University of Chinese Academy of Sciences, Lei Yu Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, China, Li Yang Institute of Software, Chinese Academy of Sciences, Jiayue Tang Institute of Software, CAS, Univ. of Chinese Academy of Sciences, Jiadong Xu Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, Yifei Liu Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, Fengjun Zhang Institute of Software, Chinese Academy of Sciences, China, Chun Zuo Sinosoft | ||
14:10 10mTalk | Why Is My Transaction Risky? Understanding Smart Contract Semantics and Interactions in the NFT Ecosystem Research Papers Yujing Chen Zhejiang University, Xuanming Liu Zhejiang University, Zhiyuan Wan Zhejiang University, Zuobin Wang Zhejiang University, David Lo Singapore Management University, Difan Xie Hangzhou High-Tech Zone (Binjiang) Institute of Blockchain and Data Security, Xiaohu Yang Zhejiang University | ||
14:20 10mTalk | Demystifying OpenZeppelin's Own Vulnerabilities and Analyzing Their Propagation in Smart Contracts Research Papers Han Liu The Hong Kong University of Science and Technology, Daoyuan Wu Lingnan University, Yuqiang Sun Nanyang Technological University, Shuai Wang Hong Kong University of Science and Technology, Yang Liu Nanyang Technological University, Yixiang Chen East China Normal University | ||
14:30 10mTalk | PROMFUZZ: Leveraging LLM-Driven and Bug-Oriented Composite Analysis for Detecting Functional Bugs in Smart Contracts Research Papers Xingshuang Lin Zhejiang University, Qinge Xie Georgia Institute of Technology, Binbin Zhao Zhejiang University, Yuan Tian , Saman Zonouz Georgia Institute of Technology, Na Ruan Shanghai Jiaotong University, Jiliang Li Xi'an Jiaotong University, Raheem Beyah Georgia Institute of Technology, Shouling Ji Zhejiang University | ||
14:40 10mTalk | VeriExploit: Automatic Bug Reproduction in Smart Contracts via LLMs and Formal Methods Research Papers Chenfeng Wei The University of Manchester, Shiyu Cai The University of Manchester, Yiannis Charalambous The University of Manchester, Tong Wu , Sangharatna Godboley NIT Warangal, Lucas C. Cordeiro University of Manchester, UK and Federal University of Amazonas, Brazil | ||
14:50 10mTalk | SolContractEval: A Benchmark for Evaluating Contract-Level Solidity Code Generation Research Papers Zhifan Ye Zhejiang University, Jiachi Chen Sun Yat-sen University, Zhenzhe Shao Sun Yat-sen University, Lingfeng Bao Zhejiang University, Xiaohu Yang Zhejiang University, Zhongxin Liu Zhejiang University | ||
15:00 10mTalk | PrefGen: A Preference-Driven Methodology for Secure Yet Gas-Efficient Smart Contract Generation Research Papers Zhiyuan Peng Shanghai Jiao Tong University, Xin Yin Zhejiang University, Zijie Zhou China University of Petroleum (Beijing), Chenhao Ying Shanghai Jiao Tong University, Chao Ni Zhejiang University, Yuan Luo Shanghai Jiao Tong University Pre-print | ||
15:10 10mTalk | Soleker: Uncovering Vulnerabilities in Solana Smart Contracts Research Papers Kunsong Zhao The Hong Kong Polytechnic University, Yunpeng Tian The Hong Kong Polytechnic University, Zuchao Ma The Hong Kong Polytechnic University, Xiapu Luo Hong Kong Polytechnic University | ||
15:20 10mTalk | Have We Solved Access Control Vulnerability Detection in Smart Contracts? A Benchmark Study Research Papers Han Liu The Hong Kong University of Science and Technology, Daoyuan Wu Lingnan University, Yuqiang Sun Nanyang Technological University, Shuai Wang Hong Kong University of Science and Technology, Yang Liu Nanyang Technological University | ||