research-article

Open access

Phoenix: Detect and Locate Resilience Issues in Blockchain via Context-Sensitive Chaos

Authors:

Yuanliang Chen,

Huizhong LiAuthors Info & Claims

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Pages 1182 - 1196

https://doi.org/10.1145/3576915.3623071

Published: 21 November 2023 Publication History

Abstract

Resilience is vital to blockchain systems and helps them automatically adapt and continue providing their service when adverse situations occur, e.g., node crashing and data discarding. However, due to the vulnerabilities in their implementation, blockchain systems may fail to recover from the error situations, resulting in permanent service disruptions. Such vulnerabilities are called resilience issues.

In this paper, we propose Phoenix, a system that helps detect and locate blockchain systems' resilience issues by context-sensitive chaos. First, we identify two typical types of resilience issues in blockchain systems: node unrecoverable and data unrecoverable. Then, we design three context-sensitive chaos strategies tailored to the blockchain feature. Additionally, we create a coordinator to effectively trigger resilience issues by scheduling these strategies. To better analyze them, we collect and sort all strategies into a pool and generate a reproducing sequence to locate and reproduce those issues. We evaluated Phoenix on 5 widely used commercial blockchain systems and detected 13 previous-unknown resilience issues. Besides, Phoenix successfully reproduces all of them, with 5.15 steps on average. The corresponding developers have fixed these issues. After that, the chaos resistance time of blockchains is improved by 143.9% on average. This indicates that Phoenix can significantly improve the resilience of these blockchains.

References

[1]

Shehar Bano, Alberto Sonnino, Andrey Chursin, Dmitri Perelman, and Dahlia Malkhi. Twins: White-glove approach for bft testing. arXiv preprint arXiv:2004.10617, 2020.

[2]

bnb chain. Bnb smart chain. https://github.com/bnb-chain/bsc/releases/tag/v1.1. 17, 2023. Accessed at April 23, 2023.

[3]

Tammy Butow. A brief history of chaos engineering. https: //www.gremlin.com/community/tutorials/chaos-engineering-the-history-principles-\and-practice/#a-brief-history-of-chaos-\engineering, 2022. Accessed at December 6, 2022.

[4]

Gabriel R Carrara, Leonardo M Burle, Dianne SV Medeiros, Célio Vinicius N de Albuquerque, and Diogo MF Mattos. Consistency, availability, and partition tolerance in blockchain: a survey on the consensus mechanism over peer-to-peer networking. Annals of Telecommunications, 75(3):163--174, 2020.

[5]

Miguel Castro, Barbara Liskov, et al. Practical byzantine fault tolerance. In OsDI, volume 99, pages 173--186, 1999.

Digital Library

[6]

BNB Chain. Bnb smart chain. https://www.bnbchain.org/en/smartChain, 2022. Accessed at December 23, 2022.

[7]

chaosblade io. Chaos blade. https://netflix.github.io/chaosmonkey/, 2022. Accessed at December 29, 2022.

[8]

JP Morgan Chase. Quorum white paper. Accessed: Jan, 17:2019, 2016.

[9]

Yuanliang Chen, Fuchen Ma, Yuanhang Zhou, Yu Jiang, Ting Chen, and Jiaguang Sun. Tyr: Finding consensus failure bugs in blockchain system with behaviour divergent model. In 2023 IEEE Symposium on Security and Privacy (SP), pages 1186--1201. IEEE Computer Society, 2022.

[10]

ConsenSys. Goquorum. https://github.com/ConsenSys/quorum, 2022. Accessed at December 6, 2022.

[11]

Curve. Curve swap. https://curve.fi/#/ethereum/swap, 2022. Accessed at December 6, 2022.

[12]

NATIONAL VULNERABILITY DATABASE. Cve-2021-35041 detail. https://nvd. nist.gov/vuln/detail/CVE-2021-35041, 2022. Accessed at December 23, 2022.

[13]

NATIONAL VULNERABILITY DATABASE. Cve-2021-43669 detail. https://nvd. nist.gov/vuln/detail/CVE-2021-43669, 2022. Accessed at December 23, 2022.

[14]

NATIONAL VULNERABILITY DATABASE. Cve-2022-28937 detail. https://cve. mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28937, 2022. Accessed at July 18, 2023.

[15]

Tien Tuan Anh Dinh, Ji Wang, Gang Chen, Rui Liu, Beng Chin Ooi, and Kian-Lee Tan. Blockbench: A framework for analyzing private blockchains. In Proceedings of the 2017 ACM international conference on management of data, pages 1085--1100, 2017.

Digital Library

[16]

Clang 13 documentation. Address sanitizer. https://clang.llvm.org/docs/ AddressSanitizer.html, 2022. Accessed at December 6, 2022.

[17]

Gcov documentation. A test coverage program. https://gcc.gnu.org/onlinedocs/ gcc/Gcov.html, 2022.

[18]

GoogleTest documentation. Googletest coverage. https://github.com/google/ googletest, 2022.

[19]

drandreaskrueger. Chainhammer ethereum benchmarking. https://github.com/ drandreaskrueger/chainhammer, 2022. Accessed at December 28, 2022.

[20]

Ethereum. Evmlab. https://github.com/ethereum/evmlab, 2020.

[21]

Ethereum. Welcome to ethereum. https://ethereum.org/en/, 2022. Accessed at December 23, 2022.

[22]

Fabric. https://github.com/SmartBFT-Go/fabric, 2022. Accessed at December 6, 2022.

[23]

fcorleone. The blockchain stucks when there are some malicious nodes. https: //github.com/diem/diem/issues/10228, 2022. Accessed at July 18, 2023.

[24]

fcorleone. A malicious node may fake a proposal's header. https://github.com/ FISCO-BCOS/FISCO-BCOS/issues/2307, 2022. Accessed at July 18, 2023.

[25]

FISCO. Fisco bcos. https://github.com/FISCO-BCOS/FISCO-BCOS, 2022. Accessed at December 6, 2022.

[26]

FISCO. Stress testing guidelines. https://fisco-bcos-doc.readthedocs.io/zh_CN/ latest/docs/develop/stress_testing.html, 2022. Accessed at December 28, 2022.

[27]

FISCO-BCOS. Fisco bcos. https://github.com/FISCO-BCOS/FISCO-BCOS, 2022. Accessed at December 6, 2022.

[28]

JAKE FRANKENFIELD. Proof of stake. https://www.investopedia.com/terms/p/ proof-stake-pos.asp, 2021. Accessed at April 23, 2023.

[29]

JAKE FRANKENFIELD. Proof of work. https://www.investopedia.com/terms/p/ proof-work.asp, 2021. Accessed at April 23, 2023.

[30]

JAKE FRANKENFIELD. Hard fork: What it is in blockchain, how it works, why it happens. https://www.investopedia.com/terms/h/hard-fork.asp, 2022. Accessed at December 6, 2022.

[31]

Ying Fu, Meng Ren, Fuchen Ma, Heyuan Shi, Xin Yang, Yu Jiang, Huizhong Li, and Xiang Shi. Evmfuzzer: detect evm vulnerabilities via fuzz testing. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pages 1110--1114, 2019.

Digital Library

[32]

go ethereum. go-ethereum. official go implementation of the ethereum protocol. https://geth.ethereum.org/, 2022. Accessed at December 6, 2022.

[33]

HamidullahMuslih. Geth restarting : panic: runtime error: invalid memory address or nil pointer dereference. https://github.com/ethereum/go-ethereum/ issues/26338, 2022. Accessed at April 20, 2023.

[34]

Jingxuan He, Mislav Balunović, Nodar Ambroladze, Petar Tsankov, and Martin Vechev. Learning to fuzz from symbolic execution with application to smart contracts. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pages 531--548, 2019.

Digital Library

[35]

Frank Hofmann, Simone Wurster, Eyal Ron, and Moritz Böhmecke-Schwafert. The immutability concept of blockchains and benefits of early standardization. In 2017 ITU Kaleidoscope: Challenges for a Data-Driven Society (ITU K), pages 1--8. IEEE, 2017.

[36]

holiman. panic in findbeaconancestor. https://github.com/ethereum/go-ethereum/issues/25787, 2022. Accessed at April 20, 2023.

[37]

holiman. panic on geth/downloader/beaconsync.go:220. https://github.com/ ethereum/go-ethereum/issues/26300, 2022. Accessed at April 20, 2023.

[38]

Hyperledger. Hyperledger fabric. https://www.hyperledger.org/use/fabric, 2022. Accessed at December 6, 2022.

[39]

Hyperledger. Hyperledger fabric. https://github.com/hyperledger/fabric/tree/ release-2.3, 2022. Accessed at December 6, 2022.

[40]

hyperleger. Hyperledger fabric samples. https://github.com/hyperledger/fabric-samples, 2022. Accessed at December 28, 2022.

[41]

Mubashar Iqbal and Raimundas Matulevičius. Exploring sybil and double-spending risks in blockchain systems. IEEE Access, 9:76153--76177, 2021.

[42]

Jepsen. Distributed systems safety research. https://jepsen.io/, 2023. Accessed at April 23, 2023.

[43]

logo. Configure qbft consensus. https://consensys.net/docs/goquorum/en/latest/ configure-and-manage/configure/consensus-protocols/qbft/, 2022. Accessed at December 6, 2022.

[44]

Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. Making smart contracts smarter. IACR Cryptology ePrint Archive, page 633, 2016.

[45]

Fuchen Ma, Yuanliang Chen, Meng Ren, Yuanhang Zhou, Yu Jiang, Ting Chen, Huizhong Li, and Jiaguang Sun. Loki: State-aware fuzzing framework for the implementation of blockchain consensus protocols. In Proceedings 2023 Network and Distributed System Security Symposium, 2023.

[46]

Fuchen Ma, Meng Ren, Lerong Ouyang, Yuanliang Chen, Juan Zhu, Ting Chen, Yingli Zheng, Xiao Dai, Yu Jiang, and Jiaguang Sun. Pied-piper: Revealing the backdoor threats in ethereum erc token contracts. ACM Transactions on Software Engineering and Methodology, 2022.

[47]

Fuchen Ma, Meng Ren, Fu Ying, Wanting Sun, Houbing Song, Heyuan Shi, Yu Jiang, and Huizhong Li. V-gas: Generating high gas consumption inputs to avoid out-of-gas vulnerability. ACM Transactions on Internet Technology (TOIT), 2018.

[48]

Fuchen Ma, Zhenyang Xu, Meng Ren, Zijing Yin, Yuanliang Chen, Lei Qiao, Bin Gu, Huizhong Li, Yu Jiang, and Jiaguang Sun. Pluto: Exposing vulnerabilities in inter-contract scenarios. IEEE Transactions on Software Engineering, 48(11):4380--4396, 2021.

[49]

Rolando Martins, Rajeev Gandhi, Priya Narasimhan, Soila Pertet, António Casimiro, Diego Kreutz, and Paulo Veríssimo. Experiences with fault-injection in a byzantine fault-tolerant protocol. In Middleware 2013: ACM/IFIP/USENIX 14th International Middleware Conference, Beijing, China, December 9-13, 2013, Proceedings 14, pages 41--61. Springer, 2013.

[50]

mikoim. findbeaconancestor: panic: runtime error: invalid memory address or nil pointer dereference. https://github.com/ethereum/go-ethereum/issues/26020, 2022. Accessed at April 20, 2023.

[51]

CVE Mitre. Cve-2021-43668. https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2021-43668, 2022. Accessed at July 18, 2023.

[52]

Netflix. Chaos monkey. https://netflix.github.io/chaosmonkey/, 2022. Accessed at December 29, 2022.

[53]

Netflix. Simian army. https://github.com/Netflix/SimianArmy, 2022. Accessed at December 29, 2022.

[54]

Tai D Nguyen, Long H Pham, Jun Sun, Yun Lin, and Quang Tran Minh. sfuzz: An efficient adaptive fuzzer for solidity smart contracts. arXiv preprint arXiv:2004.08563, 2020.

[55]

Diego Ongaro and John Ousterhout. In search of an understandable consensus algorithm. In 2014 {USENIX} Annual Technical Conference ({}14), pages 305--319, 2014.

[56]

Ethereum Org. The beacon chain. https://ethereum.org/en/roadmap/beacon-chain/, 2023. Accessed at April 20, 2023.

[57]

Ethereum Org. Nemata (v1.10.25). https://github.com/ethereum/go-ethereum/ releases/tag/v1.10.25, 2023. Accessed at April 23, 2023.

[58]

Ethereum Org. Skeleton. https://github.com/ethereum/go-ethereum/blob/ 722bb210bfe86984b39c80dcab79405157338f25/eth/downloader/skeleton.go, 2023. Accessed at April 20, 2023.

[59]

Meng Ren, Fuchen Ma, Zijing Yin, Ying Fu, Huizhong Li, Wanli Chang, and Yu Jiang. Making smart contract development more secure and easier. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pages 1360--1370, 2021.

Digital Library

[60]

Meng Ren, Zijing Yin, Fuchen Ma, Zhenyang Xu, Yu Jiang, Chengnian Sun, Huizhong Li, and Yan Cai. Empirical evaluation of smart contract testing: What is the best choice? In Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 566--579, 2021.

Digital Library

[61]

ricardolyn. downloader: segmentation fault on restart when downloading beacon headers. https://github.com/ethereum/go-ethereum/issues/26764, 2022. Accessed at April 20, 2023.

[62]

rjl493456442. eth/downloader: fix unexpected skeleton header deletion. https: //github.com/ethereum/go-ethereum/pull/26451, 2022. Accessed at April 20, 2023.

[63]

Shiv Sondhi, Sherif Saad, Kevin Shi, Mohammad Mamun, and Issa Traore. Chaos engineering for understanding consensus algorithms performance in permis-sioned blockchains. In 2021 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), pages 51--59. IEEE, 2021.

[64]

Dean Steinbeck. Crypto snippets: The stellar blockchain just crashed - this is why nodes matter. https://cryptolawinsider.com/stellar-crash/, 2023. Accessed at January 9, 2023.

[65]

Tether. Tether token. https://tether.to/en/, 2022. Accessed at December 6, 2022.

[66]

Petar Tsankov, Andrei Marian Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Buenzli, and Martin T. Vechev. Securify: Practical security analysis of smart contracts. In ACM Conference on Computer and Communications Security, 2018.

Digital Library

[67]

Ingo Weber, Vincent Gramoli, Alex Ponomarev, Mark Staples, Ralph Holz, An Binh Tran, and Paul Rimba. On availability for blockchain-based systems. In 2017 IEEE 36th Symposium on Reliable Distributed Systems (SRDS), pages 64--73. IEEE, 2017.

[68]

WikiPedia. Linear temporal logic. https://en.wikipedia.org/wiki/Linear_ temporal_logic, 2022. Accessed at December 6, 2022.

[69]

Levin N Winter, Florena Buse, Daan De Graaf, Klaus Von Gleissenthall, and Burcu Kulahcioglu Ozkan. Randomized testing of byzantine fault tolerant algorithms. Proceedings of the ACM on Programming Languages, 7(OOPSLA1):757--788, 2023.

Digital Library

[70]

RACHEL WOLFSON. Texas a bitcoin "hot spot' even as heat waves affect crypto miners. https://cointelegraph.com/news/texas-a-bitcoin-hot-spot-even-as-heat-waves-affect-crypto-miners, 2023. Accessed at July 18, 2023.

[71]

Youngseok Yang, Taesoo Kim, and Byung-Gon Chun. Finding consensus bugs in ethereum via multi-transaction differential fuzzing. In 15th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 21), pages 349--365, 2021.

[72]

Guorui Yu, Shibin Zhao, Chao Zhang, Zhiniang Peng, Yuandong Ni, and Xinhui Han. Code is the (f) law: Demystifying and mitigating blockchain inconsistency attacks caused by software bugs. In IEEE INFOCOM 2021-IEEE Conference on Computer Communications, pages 1--10. IEEE, 2021.

Digital Library

[73]

Long Zhang, Javier Ron, Benoit Baudry, and Martin Monperrus. Chaos engineering of ethereum blockchain clients. arXiv preprint arXiv:2111.00221, 2021.

[74]

Xu Zhao, Zhiwei Lei, Guigang Zhang, Yong Zhang, and Chunxiao Xing. Blockchain and distributed system. In International Conference on Web Information Systems and Applications, pages 629--641. Springer, 2020.

Digital Library

Cited By

Pang TYe ZZhang ZJin C(2025)Fault Tolerance Testing and Tuning for Consortium BlockchainBlockchain: Research and Applications10.1016/j.bcra.2024.100267(100267)Online publication date: Jan-2025
https://doi.org/10.1016/j.bcra.2024.100267
Chen YMa FZhou YGu MLiao QJiang Y(2024)Chronos: Finding Timeout Bugs in Practical Distributed Systems by Deep-Priority Fuzzing with Transient Delay2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00109(1939-1955)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00109
Huang HYin ZYang QLi TLuo XZhou LZheng Z(2024)Scalability and Security of Blockchain-Empowered Metaverse: A SurveyIEEE Open Journal of the Computer Society10.1109/OJCS.2024.34684455(648-659)Online publication date: 2024
https://doi.org/10.1109/OJCS.2024.3468445

Index Terms

Phoenix: Detect and Locate Resilience Issues in Blockchain via Context-Sensitive Chaos
1. Security and privacy
  1. Systems security
    1. Distributed systems security
    2. Vulnerability management
      1. Vulnerability scanners
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Chaos Engineering of Ethereum Blockchain Clients
In this article, we present ChaosETH, a chaos engineering approach for resilience assessment of Ethereum blockchain clients. ChaosETH operates in the following manner: First, it monitors Ethereum clients to determine their normal behavior. Then, it ...
Selecting reliable blockchain peers via hybrid blockchain reliability prediction
Abstract
Blockchain and blockchain‐based decentralised applications have been attracting increasing attention recently. In public blockchain systems, users usually connect to third‐party peers or run a peer to join the P2P blockchain network. However, ...

In public blockchain systems, users usually connect to third‐party peers or run a peer to join the P2P blockchain network. However, connecting to unreliable blockchain peers will lead to resource waste and even loss of cryptocurrencies by repeated ...
Blockchain Technology Explained: The Simplified Guide On Blockchain Technology (2018) Blockchain Wallet, Blockchain Explained

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

November 2023

3722 pages

ISBN:9798400700507

DOI:10.1145/3576915

General Chairs:
Weizhi Meng
Technical University of Denmark
,
Christian D. Jensen
Technical University of Denmark
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Engin Kirda
Khoury College of Computer Sciences

Copyright © 2023 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 November 2023

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Key Research and Development Project
NSFC Program
Webank Scholar Project

Conference

CCS '23

Sponsor:

SIGSAC

CCS '23: ACM SIGSAC Conference on Computer and Communications Security

November 26 - 30, 2023

Copenhagen, Denmark

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
957
Total Downloads

Downloads (Last 12 months)788
Downloads (Last 6 weeks)70

Reflects downloads up to 03 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pang TYe ZZhang ZJin C(2025)Fault Tolerance Testing and Tuning for Consortium BlockchainBlockchain: Research and Applications10.1016/j.bcra.2024.100267(100267)Online publication date: Jan-2025
https://doi.org/10.1016/j.bcra.2024.100267
Chen YMa FZhou YGu MLiao QJiang Y(2024)Chronos: Finding Timeout Bugs in Practical Distributed Systems by Deep-Priority Fuzzing with Transient Delay2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00109(1939-1955)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00109
Huang HYin ZYang QLi TLuo XZhou LZheng Z(2024)Scalability and Security of Blockchain-Empowered Metaverse: A SurveyIEEE Open Journal of the Computer Society10.1109/OJCS.2024.34684455(648-659)Online publication date: 2024
https://doi.org/10.1109/OJCS.2024.3468445

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten