$3,000 in FORT

Apply here 👈

Smart contracts are core tools for scammers and protocol attackers designed to steal digital assets. As there is now more scrutiny around inspecting smart contracts by both users and security tools, scammers are starting to deceive users and security tools,

• A smart contract may appear to be doing one thing, but is doing another.
• A smart contract may include a lot of unused code (either bytecode or verified source code) that is not being used to throw off users, auditors, or machine learning detection approaches.
• A smart contract may execute one way in a test or simulation environment, but execute a different way when executed on-chain.

This trend is likely to continue; we observed this in web2 where malware heavily relies on obfuscation and even utilizes snippets of legitimate code to execute malicious activity (aka franken malware).

A plethora of research from web2 can be leveraged (potential starting points: Tutorial: an overview of malware detection and evasion techniques, Malware Detection Issues, Challenges, and Future Directions: A Survey.

Some helpful resources/ links to understand different evasion techniques in web3 are:

• Rugpull contracts: masquerading code in Etherscan
• Honeypots – Hacker traps on the blockchain
• Smartbugs Project (collection of smart contract analysis tools)
• The Art of the Scam: Demystifying Honeypots in Ethereum Smart Contracts
• The red pill attack

Why do we care?