Recent years have witnessed explosive growth in blockchain smart contract applications. As smart contracts become increasingly popular and carry trillion dollars worth of digital assets, they become more of an appealing target for attackers, who have exploited vulnerabilities in smart contracts to cause catastrophic economic losses. Notwithstanding a proliferation of work that has been developed to detect an impressive list of vulnerabilities, the bad randomness vulnerability is overlooked by many existing tools. In this paper, we make the first attempt to provide a systematic analysis of random numbers in Ethereum smart contracts, by investigating the principles behind pseudo-random number generation and organizing them into a taxonomy. We also lucubrate various attacks against bad random numbers and group them into four categories. Furthermore, we present RNVulDet - a tool that incorporates taint analysis techniques to automatically identify bad randomness vulnerabilities and detect corresponding attack transactions. To extensively verify the effectiveness of RNVulDet, we construct three new datasets: i) 34 well-known contracts that are reported to possess bad randomness vulnerabilities, ii) 214 popular contracts that have been rigorously audited before launch and are regarded as free of bad randomness vulnerabilities, and iii) a dataset consisting of 47,668 smart contracts and 49,951 suspicious transactions. We compare RNVulDet with three state-of-the-art smart contract vulnerability detectors, and our tool significantly outperforms them. Meanwhile, RNVulDet spends 2.98s per contract on average, in most cases orders-of-magnitude faster than other tools. RNVulDet successfully reveals 44,264 attack transactions. Our implementation and datasets are released, hoping to inspire others.

翻译：近年来，区块链智能合约应用呈现爆发式增长。随着智能合约日益普及并承载着价值万亿美元的数字资产，它们已成为攻击者更具吸引力的目标——攻击者通过利用智能合约漏洞造成灾难性经济损失。尽管已有大量研究工作成功检测了多种漏洞，但现有工具普遍忽视了不良随机数漏洞。本文首次系统性地分析了以太坊智能合约中的随机数问题：通过探究伪随机数生成原理并建立分类体系，深入研究了针对不良随机数的各类攻击并将其归纳为四类。我们进一步提出了RNVulDet——一种融合污点分析技术、可自动识别不良随机数漏洞并检测对应攻击交易的检测工具。为全面验证RNVulDet的有效性，我们构建了三个新数据集：i）34个已知存在不良随机数漏洞的知名合约，ii）214个上线前经过严格审计且被认为不存在不良随机数漏洞的热门合约，iii）包含47,668个智能合约和49,951笔可疑交易的数据集。与三种最新智能合约漏洞检测工具相比，RNVulDet的性能显著优于它们。同时，RNVulDet处理每个合约平均耗时2.98秒，在多数场景下比其他工具快数个数量级。该工具成功发现了44,264笔攻击交易。我们已开源实现代码与数据集，期望能启发后续研究。