Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

HighGuard: Cross-Chain Business Logic Monitoring of Smart Contracts

Mojtaba Eshghie, Wolfgang Ahrendt, Cyrille Artho, Thomas Troels Hildebrandt, Gerardo Schneider

TL;DR

HighGuard tackles the problem of business-logic flaws in smart contracts by using dynamic condition response (DCR) graphs as formal specifications and running an off-chain runtime monitor that observes transactions in near real-time. By translating contract events into DCR activities and leveraging the DCR execution engine as an oracle, HighGuard detects deviations from intended behavior across both single-chain and cross-chain environments without instrumenting contract code and without gas overhead. The evaluation on $54$ exploits demonstrates zero false positives and negatives, validating the approach for pre- and post-deployment monitoring and cross-chain transaction integrity through a bridge-based execution ecosystem. This work offers a practical, scalable means to enforce contract intent in multi-chain deployments, with open-source tooling to facilitate adoption and further development.

Abstract

Logical flaws in smart contracts are often exploited, leading to significant financial losses. Our tool, HighGuard, detects transactions that violate business logic specifications of smart contracts. HighGuard employs dynamic condition response (DCR) graph models as formal specifications to verify contract execution against these models. It is capable of operating in a cross-chain environment for detecting business logic flaws across different blockchain platforms. We demonstrate HighGuard's effectiveness in identifying deviations from specified behaviors in smart contracts without requiring code instrumentation or incurring additional gas costs. By using precise specifications in the monitor, HighGuard achieves detection without false positives. Our evaluation, involving 54 exploits, confirms HighGuard's effectiveness in detecting business logic vulnerabilities. Our open-source implementation of HighGuard and a screencast of its usage are available at: https://github.com/mojtaba-eshghie/HighGuard https://www.youtube.com/watch?v=sZYVV-slDaY

HighGuard: Cross-Chain Business Logic Monitoring of Smart Contracts

TL;DR

HighGuard tackles the problem of business-logic flaws in smart contracts by using dynamic condition response (DCR) graphs as formal specifications and running an off-chain runtime monitor that observes transactions in near real-time. By translating contract events into DCR activities and leveraging the DCR execution engine as an oracle, HighGuard detects deviations from intended behavior across both single-chain and cross-chain environments without instrumenting contract code and without gas overhead. The evaluation on exploits demonstrates zero false positives and negatives, validating the approach for pre- and post-deployment monitoring and cross-chain transaction integrity through a bridge-based execution ecosystem. This work offers a practical, scalable means to enforce contract intent in multi-chain deployments, with open-source tooling to facilitate adoption and further development.

Abstract

Logical flaws in smart contracts are often exploited, leading to significant financial losses. Our tool, HighGuard, detects transactions that violate business logic specifications of smart contracts. HighGuard employs dynamic condition response (DCR) graph models as formal specifications to verify contract execution against these models. It is capable of operating in a cross-chain environment for detecting business logic flaws across different blockchain platforms. We demonstrate HighGuard's effectiveness in identifying deviations from specified behaviors in smart contracts without requiring code instrumentation or incurring additional gas costs. By using precise specifications in the monitor, HighGuard achieves detection without false positives. Our evaluation, involving 54 exploits, confirms HighGuard's effectiveness in detecting business logic vulnerabilities. Our open-source implementation of HighGuard and a screencast of its usage are available at: https://github.com/mojtaba-eshghie/HighGuard https://www.youtube.com/watch?v=sZYVV-slDaY
Paper Structure (12 sections, 5 figures, 2 tables)

This paper contains 12 sections, 5 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Static Analysis.
  4. Dynamic Analysis.
  5. Chain Interoperability.
  6. HighGuard Architecture
  7. DCR Graph Modeling
  8. Evaluating HighGuard
  9. Single-Chain Evaluation.
  10. Cross-Chain Evaluation.
  11. Resource Usage.
  12. Conclusion

Figures (5)

  • Figure 1: Software maintenance ecosystem of smart contracts (bottom blue row: HighGuard's approach)
  • Figure 2: HighGuard system architecture
  • Figure 3: CLI Termination output for Escrow contract.
  • Figure 4: Report generated for Escrow contract
  • Figure 5: DCR model of the Escrow contract.