TokenScope: Automatically detecting inconsistent behaviors of cryptocurrency tokens in ethereum

Ting Chen, Xiapu Luo, Yufei Zhang, Ting Wang, Zihao Li, Rong Cao, Xiuzhuo Xiao, Xiaosong Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Motivated by the success of Bitcoin, lots of cryptocurrencies have been created, the majority of which were implemented as smart contracts running on Ethereum and called tokens. To regulate the interaction between these tokens and users as well as third-party tools (e.g., wallets, exchange markets, etc.), several standards have been proposed for the implementation of token contracts. Although existing tokens involve lots of money, little is known whether or not their behaviors are consistent with the standards. Inconsistent behaviors can lead to user confusion and financial loss, because users/third-party tools interact with token contracts by invoking standard interfaces and listening to standard events. In this work, we take the first step to investigate such inconsistent token behaviors with regard to ERC-20, the most popular token standard. We propose a novel approach to automatically detect such inconsistency by contrasting the behaviors derived from three different sources, including the manipulations of core data structures recording the token holders and their shares, the actions indicated by standard interfaces, and the behaviors suggested by standard events. We implement our approach in a new tool named TokenScope and use it to inspect all transactions sent to the deployed tokens. We detected 3,259,001 transactions that trigger inconsistent behaviors, and these behaviors resulted from 7,472 tokens. By manually examining all (2,353) open-source tokens having inconsistent behaviors, we found that the precision of TokenScope is above 99.9%. Moreover, we revealed 11 major reasons behind the inconsistency, e.g., flawed tokens, standard methods missing, lack of standard events, etc. In particular, we discovered 50 unreported flawed tokens.

Original languageEnglish (US)
Title of host publicationCCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages1503-1520
Number of pages18
ISBN (Electronic)9781450367479
DOIs
StatePublished - Nov 6 2019
Event26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019 - London, United Kingdom
Duration: Nov 11 2019Nov 15 2019

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019
CountryUnited Kingdom
CityLondon
Period11/11/1911/15/19

Fingerprint

Electronic money
Data structures

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Cite this

Chen, T., Luo, X., Zhang, Y., Wang, T., Li, Z., Cao, R., ... Zhang, X. (2019). TokenScope: Automatically detecting inconsistent behaviors of cryptocurrency tokens in ethereum. In CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (pp. 1503-1520). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3319535.3345664
Chen, Ting ; Luo, Xiapu ; Zhang, Yufei ; Wang, Ting ; Li, Zihao ; Cao, Rong ; Xiao, Xiuzhuo ; Zhang, Xiaosong. / TokenScope : Automatically detecting inconsistent behaviors of cryptocurrency tokens in ethereum. CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2019. pp. 1503-1520 (Proceedings of the ACM Conference on Computer and Communications Security).
@inproceedings{7cd7fdcc4b0a495e8adb6077c688f559,
title = "TokenScope: Automatically detecting inconsistent behaviors of cryptocurrency tokens in ethereum",
abstract = "Motivated by the success of Bitcoin, lots of cryptocurrencies have been created, the majority of which were implemented as smart contracts running on Ethereum and called tokens. To regulate the interaction between these tokens and users as well as third-party tools (e.g., wallets, exchange markets, etc.), several standards have been proposed for the implementation of token contracts. Although existing tokens involve lots of money, little is known whether or not their behaviors are consistent with the standards. Inconsistent behaviors can lead to user confusion and financial loss, because users/third-party tools interact with token contracts by invoking standard interfaces and listening to standard events. In this work, we take the first step to investigate such inconsistent token behaviors with regard to ERC-20, the most popular token standard. We propose a novel approach to automatically detect such inconsistency by contrasting the behaviors derived from three different sources, including the manipulations of core data structures recording the token holders and their shares, the actions indicated by standard interfaces, and the behaviors suggested by standard events. We implement our approach in a new tool named TokenScope and use it to inspect all transactions sent to the deployed tokens. We detected 3,259,001 transactions that trigger inconsistent behaviors, and these behaviors resulted from 7,472 tokens. By manually examining all (2,353) open-source tokens having inconsistent behaviors, we found that the precision of TokenScope is above 99.9{\%}. Moreover, we revealed 11 major reasons behind the inconsistency, e.g., flawed tokens, standard methods missing, lack of standard events, etc. In particular, we discovered 50 unreported flawed tokens.",
author = "Ting Chen and Xiapu Luo and Yufei Zhang and Ting Wang and Zihao Li and Rong Cao and Xiuzhuo Xiao and Xiaosong Zhang",
year = "2019",
month = "11",
day = "6",
doi = "10.1145/3319535.3345664",
language = "English (US)",
series = "Proceedings of the ACM Conference on Computer and Communications Security",
publisher = "Association for Computing Machinery",
pages = "1503--1520",
booktitle = "CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security",

}

Chen, T, Luo, X, Zhang, Y, Wang, T, Li, Z, Cao, R, Xiao, X & Zhang, X 2019, TokenScope: Automatically detecting inconsistent behaviors of cryptocurrency tokens in ethereum. in CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 1503-1520, 26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, United Kingdom, 11/11/19. https://doi.org/10.1145/3319535.3345664

TokenScope : Automatically detecting inconsistent behaviors of cryptocurrency tokens in ethereum. / Chen, Ting; Luo, Xiapu; Zhang, Yufei; Wang, Ting; Li, Zihao; Cao, Rong; Xiao, Xiuzhuo; Zhang, Xiaosong.

CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2019. p. 1503-1520 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - TokenScope

T2 - Automatically detecting inconsistent behaviors of cryptocurrency tokens in ethereum

AU - Chen, Ting

AU - Luo, Xiapu

AU - Zhang, Yufei

AU - Wang, Ting

AU - Li, Zihao

AU - Cao, Rong

AU - Xiao, Xiuzhuo

AU - Zhang, Xiaosong

PY - 2019/11/6

Y1 - 2019/11/6

N2 - Motivated by the success of Bitcoin, lots of cryptocurrencies have been created, the majority of which were implemented as smart contracts running on Ethereum and called tokens. To regulate the interaction between these tokens and users as well as third-party tools (e.g., wallets, exchange markets, etc.), several standards have been proposed for the implementation of token contracts. Although existing tokens involve lots of money, little is known whether or not their behaviors are consistent with the standards. Inconsistent behaviors can lead to user confusion and financial loss, because users/third-party tools interact with token contracts by invoking standard interfaces and listening to standard events. In this work, we take the first step to investigate such inconsistent token behaviors with regard to ERC-20, the most popular token standard. We propose a novel approach to automatically detect such inconsistency by contrasting the behaviors derived from three different sources, including the manipulations of core data structures recording the token holders and their shares, the actions indicated by standard interfaces, and the behaviors suggested by standard events. We implement our approach in a new tool named TokenScope and use it to inspect all transactions sent to the deployed tokens. We detected 3,259,001 transactions that trigger inconsistent behaviors, and these behaviors resulted from 7,472 tokens. By manually examining all (2,353) open-source tokens having inconsistent behaviors, we found that the precision of TokenScope is above 99.9%. Moreover, we revealed 11 major reasons behind the inconsistency, e.g., flawed tokens, standard methods missing, lack of standard events, etc. In particular, we discovered 50 unreported flawed tokens.

AB - Motivated by the success of Bitcoin, lots of cryptocurrencies have been created, the majority of which were implemented as smart contracts running on Ethereum and called tokens. To regulate the interaction between these tokens and users as well as third-party tools (e.g., wallets, exchange markets, etc.), several standards have been proposed for the implementation of token contracts. Although existing tokens involve lots of money, little is known whether or not their behaviors are consistent with the standards. Inconsistent behaviors can lead to user confusion and financial loss, because users/third-party tools interact with token contracts by invoking standard interfaces and listening to standard events. In this work, we take the first step to investigate such inconsistent token behaviors with regard to ERC-20, the most popular token standard. We propose a novel approach to automatically detect such inconsistency by contrasting the behaviors derived from three different sources, including the manipulations of core data structures recording the token holders and their shares, the actions indicated by standard interfaces, and the behaviors suggested by standard events. We implement our approach in a new tool named TokenScope and use it to inspect all transactions sent to the deployed tokens. We detected 3,259,001 transactions that trigger inconsistent behaviors, and these behaviors resulted from 7,472 tokens. By manually examining all (2,353) open-source tokens having inconsistent behaviors, we found that the precision of TokenScope is above 99.9%. Moreover, we revealed 11 major reasons behind the inconsistency, e.g., flawed tokens, standard methods missing, lack of standard events, etc. In particular, we discovered 50 unreported flawed tokens.

UR - http://www.scopus.com/inward/record.url?scp=85075952865&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85075952865&partnerID=8YFLogxK

U2 - 10.1145/3319535.3345664

DO - 10.1145/3319535.3345664

M3 - Conference contribution

AN - SCOPUS:85075952865

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 1503

EP - 1520

BT - CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

ER -

Chen T, Luo X, Zhang Y, Wang T, Li Z, Cao R et al. TokenScope: Automatically detecting inconsistent behaviors of cryptocurrency tokens in ethereum. In CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery. 2019. p. 1503-1520. (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/3319535.3345664