Security Analysis of Ponzi Schemes in Ethereum Smart Contracts
Chunyi Zhang, Qinghong Wei, Xiaoqi Li
TL;DR
Ponzi schemes embedded in Ethereum smart contracts pose significant investor losses and are challenging to detect with existing tools. The paper introduces a four-structure Ponzi classification, paired with a hybrid static-dynamic analysis using Mythril, and complements this with batch detection over 500 open-source contracts to identify common patterns and vulnerabilities. It highlights concrete examples (tree, chain, waterfall, transfer) and a case study on Fomo3D, showing both detectable weaknesses (e.g., integer overflows, state anomalies) and limitations of automated analysis. The work provides a practical framework for improved Ponzi detection and suggests integrating program analysis with machine learning to scale and enhance accuracy in real-world deployments.
Abstract
The rapid advancement of blockchain technology has precipitated the widespread adoption of Ethereum and smart contracts across a variety of sectors. However, this has also given rise to numerous fraudulent activities, with many speculators embedding Ponzi schemes within smart contracts, resulting in significant financial losses for investors. Currently, there is a lack of effective methods for identifying and analyzing such new types of fraudulent activities. This paper categorizes these scams into four structural types and explores the intrinsic characteristics of Ponzi scheme contract source code from a program analysis perspective. The Mythril tool is employed to conduct static and dynamic analyses of representative cases, thereby revealing their vulnerabilities and operational mechanisms. Furthermore, this paper employs shell scripts and command patterns to conduct batch detection of open-source smart contract code, thereby unveiling the common characteristics of Ponzi scheme smart contracts.