BSHUNTER: Detecting and Tracing Defects of Bitcoin Scripts

Peilin Zheng, Xiapu Luo, Zibin Zheng

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

Abstract

Supporting the most popular cryptocurrency, the Bitcoin platform allows its transactions to be programmable via its scripts. Defects in Bitcoin scripts will make users lose their bitcoins. However, there are few studies on the defects of Bitcoin scripts. In this paper, we conduct the first systematic investigation on the defects of Bitcoin scripts through three steps, including defect definition, defect detection, and exploitation tracing. First, we define 6 typical defects of scripts in the Bitcoin history, namely unbinded-txid, useless-sig, uncertain-sig, simple-key, impossible-key, and never-true. Three are inspired by the community, and three are new from us. Second, we develop a tool to discover Bitcoin scripts with any of typical defects based on symbolic execution and enhanced by historical exact scripts. By analyzing all Bitcoin transactions from Oct. 2009 to Aug. 2022, we find that 383,544 transaction outputs are paid to the Bitcoin scripts with defects. The total amount of them is 3,115.43 BTC, which is around 60 million dollars at present. Third, in order to trace the exploitation of the defects, we instrument the Bitcoin VM to record the traces of the real-world spending transactions of the buggy scripts. We find that 84,130 output scripts are exploited. The implementation and non-harmful datasets are released.
Original languageEnglish
Title of host publicationProceedings of the 45th International Conference on Software Engineering (ICSE)
Pages1-12
Publication statusPublished - 17 May 2023
Event45th IEEE/ACM International Conference on Software Engineering (ICSE) 2023 - Melbourne Convention and Exhibition Centre, Melbourne, Australia
Duration: 14 May 202320 May 2023
https://conf.researchr.org/home/icse-2023

Conference

Conference45th IEEE/ACM International Conference on Software Engineering (ICSE) 2023
Country/TerritoryAustralia
CityMelbourne
Period14/05/2320/05/23
Internet address

Fingerprint

Dive into the research topics of 'BSHUNTER: Detecting and Tracing Defects of Bitcoin Scripts'. Together they form a unique fingerprint.

Cite this