Detecting Rug-Pull: Analyzing Smart Contract Backdoor Codes in Ethereum
Smart contracts enable autonomous execution between contracting parties without a centralized authority, thereby reducing contract management costs and enhancing the transparency and reliability of contracts. However, the absence of such a certification authority increases the risk of fraud. Rug-pul...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-01-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/15/1/450 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841549375544754176 |
|---|---|
| author | Kwan Woo Yu Byung Mun Lee |
| author_facet | Kwan Woo Yu Byung Mun Lee |
| author_sort | Kwan Woo Yu |
| collection | DOAJ |
| description | Smart contracts enable autonomous execution between contracting parties without a centralized authority, thereby reducing contract management costs and enhancing the transparency and reliability of contracts. However, the absence of such a certification authority increases the risk of fraud. Rug-pull, a typical form of fraud, involves developers hiding backdoor codes in smart contracts to steal funds under certain conditions, causing significant damage to users. A Rug-pull list warns users of potential fraud, but it only identifies risks after damage has occurred. Additionally, existing backdoor code analysis tools are limited in their ability to detect backdoor codes hidden through modifications to existing patterns or suffer from low accuracy because they rely on comparisons with predefined backdoor codes. Therefore, this paper proposes a balance-tracking-based backdoor code detection model to identify backdoor codes in smart contracts. The proposed model detects backdoor codes by extracting functions from Ethereum bytecodes and inspecting the extracted functions to track balance changes. This approach allows for the detection of balance changes even when backdoor codes are concealed. Experimental results verifying the effectiveness of this model demonstrate 98% accuracy, 0.96 recall, and 0.98 precision. These results are expected to contribute significantly to effectively reducing fraud risks such as Rug-pull. |
| format | Article |
| id | doaj-art-be1d18b3585a43ab8c06173818c135c4 |
| institution | Kabale University |
| issn | 2076-3417 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj-art-be1d18b3585a43ab8c06173818c135c42025-01-10T13:15:36ZengMDPI AGApplied Sciences2076-34172025-01-0115145010.3390/app15010450Detecting Rug-Pull: Analyzing Smart Contract Backdoor Codes in EthereumKwan Woo Yu0Byung Mun Lee1Department of IT Convergence, Gachon University, Seongnam-si 13120, Republic of KoreaDepartment of Computer Engineering, Gachon University, Seongnam-si 13120, Republic of KoreaSmart contracts enable autonomous execution between contracting parties without a centralized authority, thereby reducing contract management costs and enhancing the transparency and reliability of contracts. However, the absence of such a certification authority increases the risk of fraud. Rug-pull, a typical form of fraud, involves developers hiding backdoor codes in smart contracts to steal funds under certain conditions, causing significant damage to users. A Rug-pull list warns users of potential fraud, but it only identifies risks after damage has occurred. Additionally, existing backdoor code analysis tools are limited in their ability to detect backdoor codes hidden through modifications to existing patterns or suffer from low accuracy because they rely on comparisons with predefined backdoor codes. Therefore, this paper proposes a balance-tracking-based backdoor code detection model to identify backdoor codes in smart contracts. The proposed model detects backdoor codes by extracting functions from Ethereum bytecodes and inspecting the extracted functions to track balance changes. This approach allows for the detection of balance changes even when backdoor codes are concealed. Experimental results verifying the effectiveness of this model demonstrate 98% accuracy, 0.96 recall, and 0.98 precision. These results are expected to contribute significantly to effectively reducing fraud risks such as Rug-pull.https://www.mdpi.com/2076-3417/15/1/450rug-pull detectionEthereum smart contractsEthereum blockchainDeFi |
| spellingShingle | Kwan Woo Yu Byung Mun Lee Detecting Rug-Pull: Analyzing Smart Contract Backdoor Codes in Ethereum Applied Sciences rug-pull detection Ethereum smart contracts Ethereum blockchain DeFi |
| title | Detecting Rug-Pull: Analyzing Smart Contract Backdoor Codes in Ethereum |
| title_full | Detecting Rug-Pull: Analyzing Smart Contract Backdoor Codes in Ethereum |
| title_fullStr | Detecting Rug-Pull: Analyzing Smart Contract Backdoor Codes in Ethereum |
| title_full_unstemmed | Detecting Rug-Pull: Analyzing Smart Contract Backdoor Codes in Ethereum |
| title_short | Detecting Rug-Pull: Analyzing Smart Contract Backdoor Codes in Ethereum |
| title_sort | detecting rug pull analyzing smart contract backdoor codes in ethereum |
| topic | rug-pull detection Ethereum smart contracts Ethereum blockchain DeFi |
| url | https://www.mdpi.com/2076-3417/15/1/450 |
| work_keys_str_mv | AT kwanwooyu detectingrugpullanalyzingsmartcontractbackdoorcodesinethereum AT byungmunlee detectingrugpullanalyzingsmartcontractbackdoorcodesinethereum |