Smart contract transactions associated with security attacks often exhibit distinct behavioral patterns compared with historical benign transactions before the attacking events. While many runtime monitoring and guarding mechanisms have been proposed to validate invariants and stop anomalous transactions on the fly, the empirical effectiveness of the invariants used remains largely unexplored. In this paper, we studied 23 prevalent invariants of 8 categories, which are either deployed in high-profile protocols or endorsed by leading auditing firms and security experts. Using these well-established invariants as templates, we developed a tool Trace2Inv which dynamically generates new invariants customized for a given contract based on its historical transaction data. We evaluated Trace2Inv on 42 smart contracts that fell victim to 27 distinct exploits on the Ethereum blockchain. Our findings reveal that the most effective invariant guard alone can successfully block 18 of the 27 identified exploits with minimal gas overhead. Our analysis also shows that most of the invariants remain effective even when the experienced attackers attempt to bypass them. Additionally, we studied the possibility of combining multiple invariant guards, resulting in blocking up to 23 of the 27 benchmark exploits and achieving false positive rates as low as 0.32%. Trace2Inv outperforms current state-of-the-art works on smart contract invariant mining and transaction attack detection in terms of both practicality and accuracy. Though Trace2Inv is not primarily designed for transaction attack detection, it surprisingly found two previously unreported exploit transactions, earlier than any reported exploit transactions against the same victim contracts.

翻译：与安全攻击相关的智能合约交易，相较于攻击事件发生前的历史良性交易，往往表现出明显不同的行为模式。尽管已有许多运行时监控与防护机制被提出，用于验证不变式并实时拦截异常交易，但这些所采用不变式的实证有效性在很大程度上仍未得到充分探索。本文研究了8个类别共23种普遍使用的不变式，这些不变式或已部署于知名协议，或获得了领先审计公司及安全专家的认可。以这些成熟不变式为模板，我们开发了工具Trace2Inv，该工具能够基于给定合约的历史交易数据，动态生成为其定制的新的不变式。我们在以太坊区块链上42个遭受27种不同攻击的智能合约上对Trace2Inv进行了评估。我们的研究结果表明，仅使用最有效的不变式防护即可成功拦截27种已识别攻击中的18种，且仅产生极小的Gas开销。分析还表明，即使经验丰富的攻击者试图绕过这些不变式，其中大多数依然保持有效。此外，我们研究了组合多个不变式防护的可能性，结果成功拦截了27个基准攻击中的多达23个，并将误报率降至最低0.32%。Trace2Inv在实用性与准确性方面均优于当前最先进的智能合约不变式挖掘与交易攻击检测相关工作。尽管Trace2Inv并非主要为交易攻击检测而设计，但它意外地发现了两个先前未报告的攻击交易，其发生时间早于针对相同受害合约的任何已报告攻击交易。