Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor | Department of Computing | en_US |
| dc.contributor.advisor | Luo, Xiapu (COMP) | en_US |
| dc.creator | Li, Zihao | - |
| dc.identifier.uri | https://theses.lib.polyu.edu.hk/handle/200/13805 | - |
| dc.language | English | en_US |
| dc.publisher | Hong Kong Polytechnic University | en_US |
| dc.rights | All rights reserved | en_US |
| dc.title | Security assessment of blockchain infrastructure and applications | en_US |
| dcterms.abstract | The rise of blockchain technology has been reshaping various traditional industries, such as financial services, voting governance, and risk management. Due to the unique characteristics of blockchain technology, including its capital-intensive nature and immutable persistency, ensuring the security of the blockchain infrastructure and applications is crucial. This thesis aims to conduct a systematic and comprehensive assessment on the security of blockchain infrastructure and applications. Although several studies have been proposed for the security analysis of blockchain infrastructure and applications, existing security research on them still lacks practical studies on: (1) unveiling Denial-of-Service (DoS) vulnerability of blockchain state storage; (2) finding finalization failure bugs in zero-knowledge layer 2 protocols; (3) demystifying Decentralized Finance (DeFi) Miner Extractable Value (MEV) activities in Flashbots bundle; and (4) recovering function signatures in smart contracts. | en_US |
| dcterms.abstract | To unveil DoS vulnerability of blockchain state storage, we reveal a new DoS attack surface in blockchain state storage. Targeting this newly introduced attack surface, we design NURGLE, the first Denial-of-Service attack aimed at blockchain state storage. NURGLE strategically proliferates intermediate nodes within the state storage to raise the depth of MPT. When the depth of MPT increases, blockchain consumes more resources to maintain expanded intermediate nodes in MPT. Therefore, NURGLE can persistently force blockchains to expend additional resources on state maintenance and verification, thereby impairing their performance. Our attack is inspired by our two observations, i.e., the heavy burden of state maintenance and the flaw of gas mechanism. According to the two observations, NURGLE can proliferate intermediate nodes with few cost to increase extra resource consumption for maintaining the intermediate nodes, thereby degrading overall blockchain performance. | en_US |
| dcterms.abstract | To detect finalization failure bugs in zero-knowledge layer 2 protocols, we propose FAMULET, the first testing tool for detecting finalization failure bugs in Polygon zkRollup by leveraging behavior-guided fuzzing. FAMULET employs a finalization behavior model that records runtime data to depict runtime behaviors of each component involved in the finalization process. This model augments FAMULET to continuously and efficiently mutate inputs to explore diverse behaviors within the finalization process, aiming to expose the finalization failure bugs. Besides, FAMULET integrates a behavior-guided transaction fuzzer equipped with several mutation strategies to generate and mutate transactions with varied execution contexts, enhancing the potential to trigger finalization failure bugs. In addition, FAMULET incorporates a logic injection technique to conceal code logic within test transactions during the pre-execution phases, ensuring that these transactions will be processed on the L2 blockchain. Moreover, we design bug oracles tailored to detect two kinds of finalization failure bugs, derived from the two stages of the finalization process. | en_US |
| dcterms.abstract | To demystify DeFi MEV activities performed through Flashbots bundle, we develop ACTLIFTER, a novel automated tool for accurately identifying DeFi actions in transactions of each bundle, and ACTCLUSTER, a new approach that leverages iterative clustering to facilitate us to discover known/unknown DeFi MEV activities. ACTLIFTER first recognizes the contracts that operate the DeFi actions, the type of the DeFi actions, and the asset transfers involved in the DeFi actions according to the captured events, then identifies DeFi actions according to the asset transfer patterns of DeFi actions. Besides, ACTCLUSTER uses representation learning to derive distinguishable feature vectors of bundles according to DeFi actions recognized by ACTLIFTER, and leverages iterative clustering analysis and our pruning strategies to facilitate us in reducing manual efforts for discovering new DeFi MEV activities with unknown patterns of DeFi actions. | en_US |
| dcterms.abstract | To recover function signatures in smart contracts, we SigRec, a new tool for automatically recovering function signatures from EVM bytecode compiled from two mainstream compilers (i.e., Solidity and Vyper) for smart contracts without the need of source code and other databases. Our key observation is that even in the absence of type information, the way EVM bytecode handles a function call and its inputs uniquely characterizes different parameter types. Based upon this observation, we first generalize the semantics of such type-related operations into rules. Then, we design type-aware symbolic execution (TASE) to explore the EVM instructions that manipulate parameters, and use the rules for inferring the types of parameters. To further explore the usefulness of our recovered function signatures, we demonstrate that the recovered function signatures can enhance the existing smart contract studies in attack detection, fuzzing and reverse engineering of EVM bytecode. | en_US |
| dcterms.extent | xxiii, 287 pages : color illustrations | en_US |
| dcterms.isPartOf | PolyU Electronic Theses | en_US |
| dcterms.issued | 2025 | en_US |
| dcterms.educationalLevel | Ph.D. | en_US |
| dcterms.educationalLevel | All Doctorate | en_US |
| dcterms.accessRights | open access | en_US |
Copyright Undertaking
As a bona fide Library user, I declare that:
- I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
- I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
- I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.
By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.
Please use this identifier to cite or link to this item:
https://theses.lib.polyu.edu.hk/handle/200/13805