Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Phantom Events: Demystifying the Issues of Log Forgery in Blockchain

Yixuan Liu, Yuxin Dong, Ye Liu, Xiapu Luo, Yi Li

TL;DR

This work introduces Phantom Events, a novel class of log-forgery vulnerabilities in EVM-based blockchains, and systematically classifies five attack vectors that exploit event emissions. It presents PEventCatcher, a multi-level detector combining bytecode analysis, source-code validation, and transaction-level monitoring to identify Event Counterfeiting, Inconsistent Logging, and Contract Imitation with high precision and recall. Through datasets, real-world audits, and cross-platform experiments, the authors demonstrate substantial prevalence of phantom events, reveal real-world attack feasibility across wallets, explorers, bridges, and NFT marketplaces, and report significant security incidents. The findings underscore the need for integrated mitigation strategies spanning smart-contract design, off-chain processing, and continuous security auditing to preserve trust in blockchain ecosystems.

Abstract

With the rapid development of blockchain technology, transaction logs play a central role in various applications, including decentralized exchanges, wallets, cross-chain bridges, and other third-party services. However, these logs, particularly those based on smart contract events, are highly susceptible to manipulation and forgery, creating substantial security risks across the ecosystem. To address this issue, we present the first in-depth security analysis of transaction log forgery in EVM-based blockchains, a phenomenon we term Phantom Events. We systematically model five types of attacks and propose a tool designed to detect event forgery vulnerabilities in smart contracts. Our evaluation demonstrates that our approach outperforms existing tools in identifying potential phantom events. Furthermore, we have successfully identified real-world instances for all five types of attacks across multiple decentralized applications. Finally, we call on community developers to take proactive steps to address these critical security vulnerabilities.

Phantom Events: Demystifying the Issues of Log Forgery in Blockchain

TL;DR

This work introduces Phantom Events, a novel class of log-forgery vulnerabilities in EVM-based blockchains, and systematically classifies five attack vectors that exploit event emissions. It presents PEventCatcher, a multi-level detector combining bytecode analysis, source-code validation, and transaction-level monitoring to identify Event Counterfeiting, Inconsistent Logging, and Contract Imitation with high precision and recall. Through datasets, real-world audits, and cross-platform experiments, the authors demonstrate substantial prevalence of phantom events, reveal real-world attack feasibility across wallets, explorers, bridges, and NFT marketplaces, and report significant security incidents. The findings underscore the need for integrated mitigation strategies spanning smart-contract design, off-chain processing, and continuous security auditing to preserve trust in blockchain ecosystems.

Abstract

With the rapid development of blockchain technology, transaction logs play a central role in various applications, including decentralized exchanges, wallets, cross-chain bridges, and other third-party services. However, these logs, particularly those based on smart contract events, are highly susceptible to manipulation and forgery, creating substantial security risks across the ecosystem. To address this issue, we present the first in-depth security analysis of transaction log forgery in EVM-based blockchains, a phenomenon we term Phantom Events. We systematically model five types of attacks and propose a tool designed to detect event forgery vulnerabilities in smart contracts. Our evaluation demonstrates that our approach outperforms existing tools in identifying potential phantom events. Furthermore, we have successfully identified real-world instances for all five types of attacks across multiple decentralized applications. Finally, we call on community developers to take proactive steps to address these critical security vulnerabilities.

Paper Structure

This paper contains 56 sections, 4 equations, 7 figures, 4 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Background
  3. Smart contract event and transaction log in EVM-based Blockchains
  4. Event
  5. Listener
  6. Transaction
  7. Sender
  8. Emitter
  9. Transaction Log
  10. Token
  11. Cross-Chain Brdiges
  12. Threat Model and Motivating Examples
  13. Trust Boundaries in Event Interactions
  14. Trust Boundary-Blockchain ($\bm{\mathcal{M}}_B$)
  15. Trust Boundary-DApp ($\bm{\mathcal{M}}_{D}$)
  16. ...and 41 more sections

Figures (7)

  • Figure 1: The basic architecture of a cross-chain bridge.
  • Figure 2: Trust Boundaries in Blockchain Interactions
  • Figure 3: Attack sequence of pNetwork Hack.
  • Figure 4: Proof of concept for the event counterfeiting attack, where deposit and depositETH could emit the same event.
  • Figure 5: Proof of concept for the inconsistent logging attack.
  • ...and 2 more figures