Cointime

Cointime

Download App
iOS & Android

SoMo: A Novel Tool for Identifying Insecure Modifiers in Ethereum Smart Contracts

Validated Project

A recent study conducted by MetaTrust Labs has uncovered notable security risks linked to custom function modifiers in Ethereum smart contracts. Published in the ISSTA'23 paper titled "Beyond 'Protected' and 'Private': An Empirical Security Analysis of Custom Function Modifiers in Smart Contracts," the research team examined more than 62,000 smart contracts and discovered 411 vulnerable contracts containing bypassable modifiers. To address these issues, MetaTrust has integrated the newly developed tool, SoMo, into their renowned smart contract security scanning service, MetaScan.

The primary goal of this study is to identify insecure modifiers, known as "bypassable modifiers," that can be bypassed in one or more unprotected smart contract functions. For example, the following "onlyOwner" modifier could be bypassed by invoking a public function Mining24(). Consequently, attackers can exploit sensitive functions that are protected by the onlyOwner modifier.

To identify these vulnerabilities, the researchers developed a novel tool called SoMo, which constructs a modifier dependency graph (MDG) to cover all the modifier-related control/data flows, generates symbolic path constraints over MDG, and iteratively tests each candidate entry function. The results showed that SoMo achieves high precision of 91.2% when analyzing a large dataset of 62,464 contracts.

This study also revealed the major usage of modifiers in real-world scenarios, including access control, financial-related, contract state, and miscellaneous checks, as demonstrated in the table below. These findings suggest that developers often utilize modifiers for security-sensitive operations but they may not be well protected.

Overall, this study shows that there is still work to be done to make sure blockchain technology is safe and reliable. By using better programming techniques and testing tools, we can help prevent attacks on smart contracts and keep our digital transactions secure. As more businesses and organizations adopt blockchain technology for various applications, it's crucial to ensure that smart contracts are secure and reliable. This study is an important step towards achieving that goal.

In conclusion, while blockchain technology has the potential to revolutionize many industries, it's important to remember that security should always be a top priority. By using tools like MetaScan and following best practices for secure programming, we can help ensure the safety of our digital transactions on the blockchain.

Follow Us

Twitter: @MetaTrustLabs

Website: metatrust.io

Ethereum Ethereum $1,918.57
-6.57%
Blockchain Ethereum smart contract Cybersecurity Blockchain
Comments

All Comments

Recommended for you

  • COINMY Named Title Sponsor of “The Silent Rise” Summit in Hong Kong on February 9

    According to CoinTime, COINMY has been confirmed as the title sponsor of “The Silent Rise” summit, taking place in Hong Kong on February 9. COINMY (CMY) is a globally compliant digital asset exchange focused on bridging traditional payment systems with the crypto ecosystem, with an emphasis on transparency, security, and efficient global trading infrastructure. “The Silent Rise” is a themed summit co-hosted by RWAX, METASTONE, ChainTimes, and other ecosystem partners, with sponsorship support from CoinMy, Nexus Chain, and several more Web3 projects. The event will be held from 14:00 to 22:00 on February 9 at the 28th floor of Crowne Plaza Hong Kong Causeway Bay, and is positioned as one of the most anticipated side events during Consensus Hong Kong 2026. The summit will feature multiple roundtable discussions covering key themes such as AI, Real-World Assets (RWA), and next-generation financial systems. The summit brings more than 20 prominent speakers to explore emerging trends, system design, and the evolving architecture of Web3.

  • Cardano founder: Over $3 billion lost in the crypto space

    On February 6, Cardano founder Charles Hoskinson revealed in a live broadcast that despite losing more than 3 billion US dollars in the crypto field, he still chooses to stay in the industry rather than quit. In response to external comments that he can afford the losses because he is wealthy, he said: "If you think I am in this business for the money, you are completely wrong — even if I lose everything, I will not stop."

  • Tether makes a $100 million strategic equity investment in Anchorage Digital

    Tether announced a $100 million strategic equity investment in Anchorage Digital. Anchorage Digital Bank N.A. is the first federally regulated digital asset bank in the United States, providing staking, custody, governance, settlement, and stablecoin issuance services to global institutions and innovators to promote the shared goal of advancing the next phase of digital asset applications.

  • ETH falls below $2100

    the market shows ETH fell below $2100, currently at $2099.68, with a 24-hour decline of 7.97%. The market is highly volatile, please manage your risk accordingly.

  • U.S. Labor Department: Non-farm payrolls will be released on February 11, CPI data will be released on February 13.

     U.S. Bureau of Labor Statistics has rescheduled the release date of the January non-farm payroll report to February 11; the January CPI report release date has been rescheduled to February 13. In addition, the December Job Openings and Labor Turnover Survey report will be released on February 5.

  • Bloomberg ETF analysts: ETF funds showed high stability during the Bitcoin decline, with 94% of holdings remaining stable.

     Bloomberg ETF analyst Eric Balchunas stated that despite Bitcoin experiencing a significant pullback of about 40% and some investors still being at a floating loss, only about 6% of assets in Bitcoin ETFs have been withdrawn, with approximately 94% of funds remaining, indicating that ETF investors' holdings remain relatively resilient.

  • An entity sold a large amount of ETH on Hyperliquid to repay its Aave loans held in 11 wallets.

     according to MLM monitoring, an entity has been selling a large amount of ETH on Hyperliquid to repay its Aave loans in 11 wallets. The entity sold 31,700 ETH (worth $80.8 million) on the Hyperliquid platform in the past 5 hours, bringing the total sales over the past 4 days to 47,000 ETH (worth $120 million). It is reported that the entity deposited 49,600 ETH (worth $112 million) into the Aave account and borrowed $86 million USDC against it as collateral. However, due to the decline in ETH prices, the institution's position is close to liquidation, so it has to continue selling ETH to repay the debt and avoid being fully liquidated.

  • CMC released its January 2026 exchange reserve ranking report, with Binance leading the pack.

    On February 4th, CoinMarketCap released the "Mainstream Crypto Exchange Reserve Rankings Report for January 2026." The data shows that Binance ranks first among mainstream exchanges with a total reserve size of approximately 155.64 billion USD, significantly leading the market. The report indicates that Binance's stablecoin reserves are about 47.47 billion USD, accounting for 30.5%, while Bitcoin-related reserves are about 49.84 billion USD, the highest proportion. The overall asset structure maintains high liquidity and diversification.

  • The US spot Bitcoin ETF saw a net outflow of $269.93 million yesterday.

     according to Trader T's monitoring, the US spot Bitcoin ETF had a net outflow of $269.93 million yesterday.

  • BTC falls below $76,000

    the market shows BTC falling below 76,000 USD, currently at 75,997.97 USD, with a 24-hour decline of 3.42%. The market is highly volatile, please manage your risk accordingly.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company