Efficient Runtime Protection for Smart Contracts

Abstract

Runtime Verification (RV) of smart contracts ensures the absence of exploitations within a transaction during execution. It is a crucial security aspect that is often omitted due to its high onchain overhead. The lack of RV in public blockchains allowed attackers to compromise vulnerable contracts and cause significant monetary losses. Existing runtime protection solutions fail to address the onchain overhead limitation, which may hinder their deployment and undermine their effectiveness. To address this problem, we propose SRP (Smart contract Runtime Protection), an efficient framework that integrates an off-chain mechanism with onchain contract execution to minimize the burden of RV. Our hybrid architecture aims to protect deployed smart contracts from real-time attacks while maintaining blockchain scalability. We first present SRP from a design perspective proposing a protocol customized for off-chain RV interoperability. Then, we evaluate our approach empirically and demonstrate the applicability of SRP using a proof-of-concept implementation on a local Ethereum network. We further generalize our evaluation results using a queue-theoretic approach. We present a discrete-time queuing network model of SRP and the block creation process. The model is then used to conduct an extensive data-driven parametric evaluation of SRP compared to onchain-only RV. Our empirical, experimental, and quantitative results indicate the feasibility and efficiency of our approach, where SRP outperforms the onchain-only mechanism in terms of service time and throughput, for increasing workloads. Lastly, we introduce a game-theoretic incentive mechanism enhancing the robustness and security of SRP. We analyze the security of SRP and demonstrate that the presence of at least one honest validator serves as a deterrent to RV forging attacks.

Date of Award	2023
Original language	American English
Awarding Institution	HBKU College of Science and Engineering