Christof Torres

Christof Torres

Ph.D. Candidate at the University of Luxembourg

About Me

I am currently a doctoral researcher at the University of Luxembourg. I am under the supervision of Dr. Radu State (University of Luxembourg) and Dr. Arthur Gervais (Imperial College London).

Previously, I worked as an associate researcher at the Fraunhofer Institute for Applied and Integrated Security (AISEC) in Munich, Germany.

Selected Publications

  • ÆGIS: Smart Shielding of Smart Contracts.

    Christof Ferreira Torres, Mathis Baden, Robert Norvill, Hugo Jonker
    ACM SIGSAC Conference on Computer and Communications Security, London, UK, November 11-15, 2019 (CCS 2019)

    In recent years, smart contracts have suffered major exploits, losing millions of dollars. Unlike traditional programs, smart contracts cannot be updated once deployed. Though various tools were proposed to detect vulnerable smart contracts, they all fail to protect contracts that have already been deployed on the blockchain. Moreover, they focus on vulnerabilities, but do not address scams (e.g., honeypots). In this work, we introduce ÆGIS, a tool that shields smart contracts and users on the blockchain from being exploited. To this end, ÆGIS reverts transactions in real-time based on pattern matching. These patterns encode the detection of malicious transactions that trigger exploits or scams. New patterns are voted upon and stored via a smart contract, thus leveraging the benefits of tamper-resistance and transparency provided by blockchain. By allowing its protection to be updated, the smart contract acts as a smart shield.

  • The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts.

    Christof Ferreira Torres, Mathis Steichen, Radu State
    28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019. (USENIX Security 2019)
    Paper Slides PoC

    Modern blockchains, such as Ethereum, enable the execution of so-called smart contracts – programs that are executed across a decentralised network of nodes. As smart contracts become more popular and carry more value, they become more of an interesting target for attackers. In the past few years, several smart contracts have been exploited by attackers. However, a new trend towards a more proactive approach seems to be on the rise, where attackers do not search for vulnerable contracts anymore. Instead, they try to lure their victims into traps by deploying seemingly vulnerable contracts that contain hidden traps. This new type of contracts is commonly referred to as honeypots. In this paper, we present the first systematic analysis of honeypot smart contracts, by investigating their prevalence, behaviour and impact on the Ethereum blockchain. We develop a taxonomy of honeypot techniques and use this to build HoneyBadger – a tool that employs symbolic execution and well defined heuristics to expose honeypots. We perform a large-scale analysis on more than 2 million smart contracts and show that our tool not only achieves high precision, but is also highly efficient. We identify 690 honeypot smart contracts as well as 240 victims in the wild, with an accumulated profit of more than $90,000 for the honeypot creators. Our manual validation shows that 87% of the reported contracts are indeed honeypots.

  • Osiris: Hunting for Integer Bugs in Ethereum Smart Contracts.

    Christof Ferreira Torres, Julian Schütte, Radu State
    34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, December 03-07, 2018. (ACSAC 2018)
    Paper PoC

    The capability of executing so-called smart contracts in a decentralised manner is one of the compelling features of modern blockchains. Smart contracts are fully fledged programs which cannot be changed once deployed to the blockchain. They typically implement the business logic of distributed apps and carry billions of dollars worth of coins. In that respect, it is imperative that smart contracts are correct and have no vulnerabilities or bugs. However, research has identified different classes of vulnerabilities in smart contracts, some of which led to prominent multi-million dollar fraud cases. In this paper we focus on vulnerabilities related to integer bugs, a class of bugs that is particularly difficult to avoid due to some characteristics of the Ethereum Virtual Machine and the Solidity programming language. In this paper we introduce Osiris – a framework that combines symbolic execution and taint analysis, in order to accurately find integer bugs in Ethereum smart contracts. Osiris detects a greater range of bugs than existing tools, while providing a better specificity of its detection. We have evaluated its performance on a large experimental dataset containing more than 1.2 million smart contracts. We found that 42,108 contracts contain integer bugs. Be- sides being able to identify several vulnerabilities that have been reported in the past few months, we were also able to identify a yet unknown critical vulnerability in a couple of smart contracts that are currently deployed on the Ethereum blockchain.

  • Investigating Fingerprinters and Fingerprinting-Alike Behaviour of Android Applications.

    Christof Ferreira Torres, Hugo Jonker
    23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018. (ESORICS 2018)

    Fingerprinting of browsers has been thoroughly investigated.In contrast, mobile phone applications offer a far wider array of attributesfor profiling, yet fingerprinting practices on this platform have hardlyreceived attention.In this paper, we present the first (to our knowledge) investigation of An-droid libraries by commercial fingerprinters. Interestingly enough, thereis a marked difference with fingerprinting desktop browsers. We did notfind evidence of typical fingerprinting techniques such as canvas finger-printing. Secondly, we searched for behaviour resembling that of com-mercial fingerprinters. We performed a detailed analysis of six similarlibraries. Thirdly, we investigated∼30,000 apps and found that roughly19% of these apps is using one of the these libraries. Finally, we checkedhow often these libraries were used by apps subject to theChildren’sOnline Privacy Protection Act(i.e. apps targeted explicitly at children),and found that these libraries were included 21 times

  • FP-Block: Usable Web Privacy by Controlling Browser Fingerprinting

    Christof Ferreira Torres, Hugo Jonker, Sjouke Mauw
    20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015. (ESORICS 2015)
    Paper Slides PoC

    Online tracking of users is used for benign goals, such as detecting fraudulent logins, but also to invade user privacy. We posit that for non-oppressed users, tracking within one website does not have a substantial negative impact on privacy, while it enables legitimate benefits. In contrast, cross-domain tracking negatively impacts user privacy, while being of little benefit to the user. Existing methods to counter fingerprint-based tracking treat cross-domain tracking and regular tracking the same. This often results in hampering or disabling desired functionality, such as embedded videos. By distinguishing between regular and cross-domain tracking, more desired functionality can be preserved. We have developed a prototype tool, FP-Block, that counters cross-domain fingerprint-based tracking while still allowing regular tracking. FP-Block ensures that any embedded party will see a different, unrelatable fingerprint for each site on which it is embedded. Thus, the user’s fingerprint can no longer be tracked across the web, while desired functionality is better preserved compared to existing methods.

Research Interests

  • Security and Privacy of Distributed Ledgers
  • Browser and Mobile Fingerprinting