Abstract
Supporting the most popular cryptocurrency, the Bitcoin platform allows its transactions to be programmable via its scripts. Defects in Bitcoin scripts will make users lose their bitcoins. However, there are few studies on the defects of Bitcoin scripts. In this paper, we conduct the first systematic investigation on the defects of Bitcoin scripts through three steps, including defect definition, defect detection, and exploitation tracing. First, we define 6 typical defects of scripts in the Bitcoin history, namely unbinded-txid, useless-sig, uncertain-sig, simple-key, impossible-key, and never-true. Three are inspired by the community, and three are new from us. Second, we develop a tool to discover Bitcoin scripts with any of typical defects based on symbolic execution and enhanced by historical exact scripts. By analyzing all Bitcoin transactions from Oct. 2009 to Aug. 2022, we find that 383,544 transaction outputs are paid to the Bitcoin scripts with defects. The total amount of them is 3,115.43 BTC, which is around 60 million dollars at present. Third, in order to trace the exploitation of the defects, we instrument the Bitcoin VM to record the traces of the real-world spending transactions of the buggy scripts. We find that 84,130 output scripts are exploited. The implementation and non-harmful datasets are released.
Original language | English |
---|---|
Title of host publication | Proceedings of the 45th International Conference on Software Engineering (ICSE) |
Pages | 1-12 |
Publication status | Published - 17 May 2023 |
Event | 45th IEEE/ACM International Conference on Software Engineering (ICSE) 2023 - Melbourne Convention and Exhibition Centre, Melbourne, Australia Duration: 14 May 2023 → 20 May 2023 https://conf.researchr.org/home/icse-2023 |
Conference
Conference | 45th IEEE/ACM International Conference on Software Engineering (ICSE) 2023 |
---|---|
Country/Territory | Australia |
City | Melbourne |
Period | 14/05/23 → 20/05/23 |
Internet address |