Cointime

Cointime

Download App
iOS & Android

SoMo: A Novel Tool for Identifying Insecure Modifiers in Ethereum Smart Contracts

Validated Project

A recent study conducted by MetaTrust Labs has uncovered notable security risks linked to custom function modifiers in Ethereum smart contracts. Published in the ISSTA'23 paper titled "Beyond 'Protected' and 'Private': An Empirical Security Analysis of Custom Function Modifiers in Smart Contracts," the research team examined more than 62,000 smart contracts and discovered 411 vulnerable contracts containing bypassable modifiers. To address these issues, MetaTrust has integrated the newly developed tool, SoMo, into their renowned smart contract security scanning service, MetaScan.

The primary goal of this study is to identify insecure modifiers, known as "bypassable modifiers," that can be bypassed in one or more unprotected smart contract functions. For example, the following "onlyOwner" modifier could be bypassed by invoking a public function Mining24(). Consequently, attackers can exploit sensitive functions that are protected by the onlyOwner modifier.

To identify these vulnerabilities, the researchers developed a novel tool called SoMo, which constructs a modifier dependency graph (MDG) to cover all the modifier-related control/data flows, generates symbolic path constraints over MDG, and iteratively tests each candidate entry function. The results showed that SoMo achieves high precision of 91.2% when analyzing a large dataset of 62,464 contracts.

This study also revealed the major usage of modifiers in real-world scenarios, including access control, financial-related, contract state, and miscellaneous checks, as demonstrated in the table below. These findings suggest that developers often utilize modifiers for security-sensitive operations but they may not be well protected.

Overall, this study shows that there is still work to be done to make sure blockchain technology is safe and reliable. By using better programming techniques and testing tools, we can help prevent attacks on smart contracts and keep our digital transactions secure. As more businesses and organizations adopt blockchain technology for various applications, it's crucial to ensure that smart contracts are secure and reliable. This study is an important step towards achieving that goal.

In conclusion, while blockchain technology has the potential to revolutionize many industries, it's important to remember that security should always be a top priority. By using tools like MetaScan and following best practices for secure programming, we can help ensure the safety of our digital transactions on the blockchain.

Follow Us

Twitter: @MetaTrustLabs

Website: metatrust.io

Ethereum Ethereum $2,172.44
+1.93%
Blockchain Ethereum smart contract Cybersecurity Blockchain
Comments

All Comments

Recommended for you

  • US Spot Bitcoin ETF Sees Net Outflow of $66.71 Million Yesterday

    According to monitoring by Trader T, the US spot Bitcoin ETF experienced a net outflow of $66.71 million yesterday.

  • BTC Surpasses $70,000

    Market data shows that BTC has broken through $70,000, currently trading at $70,011.9. The 24-hour decline has narrowed to 1.11%. The market is experiencing significant volatility, so please implement risk control measures.

  • BTC Drops Below $69,500

    Market data shows that BTC has fallen below $69,500, currently trading at $69,492.81. It has experienced a 2.2% decline in the past 24 hours. The market is experiencing significant volatility, so please implement risk control measures.

  • CLARITY Act Draft: Ban on Stablecoin Yields for Holding Only

    On March 24, according to CoinDesk, cryptocurrency industry practitioners on Monday saw the latest provisions regarding stablecoin yields in the revised version of the Senate's "Digital Asset Market Clarity Act" for the first time during a closed-door review meeting on Capitol Hill in Washington. The initial impression was that the relevant language was too narrow and lacked clarity. This new provision was released last Friday by Senators Angela Alsobrooks and Thom Tillis. According to a person familiar with the current draft, the new provision will prohibit earning yields solely from holding stablecoins, while restricting any practices that equate such programs with bank deposits, and imposing further limitations on other potentially permissible activities. The specific mechanism for determining activity-based stablecoin rewards remains unclear. This compromise stems from the lobbying battle between the crypto and banking industries. The banking industry insists that stablecoin rewards should not resemble interest-bearing bank deposits, arguing that such competing products could harm the banking sector and stifle lending. The final compromise allows for reward programs based on user stablecoin activities but prohibits balance-based rewards. This closed-door review aims to push the Senate Banking Committee to schedule a hearing, a significant step for the bill towards a full Senate vote. Similar versions of the "Clarity Act" have passed the House of Representatives in previous years, and another version has also passed the Senate Agriculture Committee's markup process. The bill's progress still faces other obstacles: all parties still need to reach an agreement on the DeFi regulatory framework, and Democrats are simultaneously insisting on including provisions that prohibit senior government officials from seeking personal gain from the cryptocurrency industry, a clause clearly targeting President Trump. (Dongxin News Agency)

  • Iran's IRGC: All Vessels Must Coordinate Passage Through Strait

    According to Al Jazeera: The Iranian Revolutionary Guard Corps (IRGC) Navy stated that the container ship 'Celine' was forced to leave the area because it did not possess a permit to pass through the Strait of Hormuz. The IRGC Navy further stated that any vessel transiting the Strait of Hormuz must coordinate fully with Iranian maritime authorities. (Jins10)

  • Circle Shares Plunge Over 16%, Hitting Largest Single-Day Drop Since June 2025

    Circle (CRCL) shares fell by more than 16% intraday, marking the largest single-day decline since June 2025. The stock is currently trading at $106.1.

  • BTC Drops Below $70,000

    Market data shows that BTC has fallen below $70,000, currently trading at $69,995.57. The cryptocurrency has seen a 1.86% decrease in the last 24 hours, indicating significant price volatility. Investors are advised to manage their risk accordingly.

  • Nasdaq Extends Losses to 1%

    The Nasdaq extended its losses to 1%.

  • Iran Denies Peace Talks Rumors; US Stocks Open Lower

    March 24th news: US stocks opened lower, with the Dow Jones Industrial Average down 0.24%, the S&P 500 index down 0.62%, and the Nasdaq Composite down 0.63%. Li Auto (LI.O) rose 2.8% after announcing a $1 billion share buyback plan. Amazon (AMZN.O) fell 1% following a "service disruption" at its Amazon Web Services (AWS) region in Bahrain. (Jinshi)

  • Tether Hires Big Four Firm for First Full Audit

    On March 24, Tether announced it has engaged one of the Big Four accounting firms to complete its first full audit.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company