Uncovering Hidden Proxy Smart Contracts for Finding Collision Vulnerabilities in Ethereum

METADATA ONLY

Author / Producer

Chen, Cheng-Kang Chu, Wen-Yi Tran, Muoi

Date

2025

Publication Type

Conference Paper

ETH Bibliography

yes

Citations

Altmetric
METADATA ONLY

Data

Rights / License

Abstract

The proxy design pattern allows Ethereum smart contracts to be simultaneously immutable and upgradeable, in which an original contract is split into a proxy contract containing the data storage and a logic contract containing the implementation logic. This architecture is known to have security issues, namely function collisions and storage collisions between the proxy and logic contracts, and has been exploited in real-world incidents to steal users’ millions of dollars worth of digital assets. In response to this concern, several previous works have sought to identify proxy contracts in Ethereum and detect their collisions. However, they all fell short due to their limited coverage, often restricting analysis to only contracts with available source code or past transactions.To bridge this gap, we present Proxion, an automated cross-contract analyzer that identifies all proxy smart contracts and their collisions in Ethereum. What sets Proxion apart is its ability to analyze hidden smart contracts that lack both source code and past transactions. Equipped with various techniques to enhance efficiency and accuracy, Proxion outperforms the state-of-the-art tools, notably identifying millions more proxy contracts and thousands of unreported collisions. We apply Proxion to analyze over 36 million alive contracts from 2015 to 2023, revealing that 54.2% of them are proxy contracts, and about 1.5 million contracts exhibit at least one collision issue.

Permanent link

http://hdl.handle.net/20.500.11850/729550

Publication status

published

External links

https://doi.org/10.1109/ICDCS63083.2025.00110 north_east

Editor

Book title

2025 IEEE 45th International Conference on Distributed Computing Systems (ICDCS)

Journal / series

Volume

Pages / Article No.

1099 - 1109

Publisher

IEEE

Event

45th IEEE International Conference on Distributed Computing Systems (ICDCS 2025)

Edition / version

Methods

Software

Geographic location

Date collected

Date created

Subject

ethereum blockchain; proxy smart contract; function collision; storage collision; dynamic contract analyzer; security analysis

Organisational unit

09477 - Vanbever, Laurent / Vanbever, Laurent check_circle

Notes

Funding

Related publications and datasets

More

Show all metadata