Peng Qian,Zhenguang Liu,Qinming He,Roger Zimmermann,Xun Wang

DOI: https://doi.org/10.1109/access.2020.2969429

IF: 3.9

2020-01-01

IEEE Access

Abstract:In the last decade, smart contract security issues lead to tremendous losses, which has attracted increasing public attention both in industry and in academia. Researchers have embarked on efforts with logic rules, symbolic analysis, and formal analysis to achieve encouraging results in smart contract vulnerability detection tasks. However, the existing detection tools are far from satisfactory. In this paper, we attempt to utilize the deep learning-based approach, namely bidirectional long-short term memory with attention mechanism (BLSTM-ATT), aiming to precisely detect reentrancy bugs. Furthermore, we propose contract snippet representations for smart contracts, which contributes to capturing essential semantic information and control flow dependencies. Our extensive experimental studies on over 42,000 real-world smart contracts show that our proposed model and contract snippet representations significantly outperform state-of-the-art methods. In addition, this work proves that it is practical to apply deep learning-based technology on smart contract vulnerability detection, which is able to promote future research towards this area.

Zibin Zheng,Neng Zhang,Jianzhong Su,Zhijie Zhong,Mingxi Ye,Jiachi Chen

2023-03-24

Abstract:Smart contracts are programs deployed on a blockchain and are immutable once deployed. Reentrancy, one of the most important vulnerabilities in smart contracts, has caused millions of dollars in financial loss. Many reentrancy detection approaches have been proposed. It is necessary to investigate the performance of these approaches to provide useful guidelines for their application. In this work, we conduct a large-scale empirical study on the capability of five well-known or recent reentrancy detection tools such as Mythril and Sailfish. We collect 230,548 verified smart contracts from Etherscan and use detection tools to analyze 139,424 contracts after deduplication, which results in 21,212 contracts with reentrancy issues. Then, we manually examine the defective functions located by the tools in the contracts. From the examination results, we obtain 34 true positive contracts with reentrancy and 21,178 false positive contracts without reentrancy. We also analyze the causes of the true and false positives. Finally, we evaluate the tools based on the two kinds of contracts. The results show that more than 99.8% of the reentrant contracts detected by the tools are false positives with eight types of causes, and the tools can only detect the reentrancy issues caused by call.value(), 58.8% of which can be revealed by the Ethereum's official IDE, Remix. Furthermore, we collect real-world reentrancy attacks reported in the past two years and find that the tools fail to find any issues in the corresponding contracts. Based on the findings, existing works on reentrancy detection appear to have very limited capability, and researchers should turn the rudder to discover and detect new reentrancy patterns except those related to call.value().

Software Engineering

Zexu Wang,Jiachi Chen,Yanlin Wang,Yu Zhang,Weizhe Zhang,Zibin Zheng

2024-03-18

Abstract:Reentrancy vulnerability as one of the most notorious vulnerabilities, has been a prominent topic in smart contract security research. Research shows that existing vulnerability detection presents a range of challenges, especially as smart contracts continue to increase in complexity. Existing tools perform poorly in terms of efficiency and successful detection rates for vulnerabilities in complex contracts. To effectively detect reentrancy vulnerabilities in contracts with complex logic, we propose a tool named SliSE. SliSE's detection process consists of two stages: Warning Search and Symbolic Execution Verification. In Stage I, SliSE utilizes program slicing to analyze the Inter-contract Program Dependency Graph (I-PDG) of the contract, and collects suspicious vulnerability information as warnings. In Stage II, symbolic execution is employed to verify the reachability of these warnings, thereby enhancing vulnerability detection accuracy. SliSE obtained the best performance compared with eight state-of-the-art detection tools. It achieved an F1 score of 78.65%, surpassing the highest score recorded by an existing tool of 9.26%. Additionally, it attained a recall rate exceeding 90% for detection of contracts on Ethereum. Overall, SliSE provides a robust and efficient method for detection of Reentrancy vulnerabilities for complex contracts.

Software Engineering

Peng Qian,Zhenguang Liu,Qinming He,Butian Huang,Duanzheng Tian,Xun Wang

DOI: https://doi.org/10.13328/j.cnki.jos.006375

2022-01-01

Journal of Software

Abstract: Smart contract, one of the most successful applications of blockchain, is taking the world by storm, playing an essential role in the blockchain ecosystem. However, frequent smart contract security incidents not only result in tremendous economic losses but also destroy the blockchain-based credit system. The security and reliability of smart contracts thus gain extensive attention from researchers worldwide. In this survey, we first summarize the common types and typical cases of smart contract vulnerabilities from three levels, i.e., Solidity code layer, EVM execution layer, and Block dependency layer. Further, we review the research progress of smart contract vulnerability detection and classify existing counterparts into five categories, i.e., formal verification, symbolic execution, fuzzing detection, intermediate representation, and deep learning. Empirically, we take 300 real-world smart contracts deployed on Ethereum as the test samples and compare the representative methods in terms of accuracy, F1-Score, and average detection time. Finally, we discuss the challenges in the field of smart contract vulnerability detection and combine with the deep learning technology to look forward to future research directions.

Zexu Wang,Jiachi Chen,Zibin Zheng,Peilin Zheng,Yu Zhang,Weizhe Zhang

2024-02-15

Abstract:Reentrancy is one of the most notorious vulnerabilities in smart contracts, resulting in significant digital asset losses. However, many previous works indicate that current Reentrancy detection tools suffer from high false positive rates. Even worse, recent years have witnessed the emergence of new Reentrancy attack patterns fueled by intricate and diverse vulnerability exploit mechanisms. Unfortunately, current tools face a significant limitation in their capacity to adapt and detect these evolving Reentrancy patterns. Consequently, ensuring precise and highly extensible Reentrancy vulnerability detection remains critical challenges for existing tools. To address this issue, we propose a tool named ReEP, designed to reduce the false positives for Reentrancy vulnerability detection. Additionally, ReEP can integrate multiple tools, expanding its capacity for vulnerability detection. It evaluates results from existing tools to verify vulnerability likelihood and reduce false positives. ReEP also offers excellent extensibility, enabling the integration of different detection tools to enhance precision and cover different vulnerability attack patterns. We perform ReEP to eight existing state-of-the-art Reentrancy detection tools. The average precision of these eight tools increased from the original 0.5% to 73% without sacrificing recall. Furthermore, ReEP exhibits robust extensibility. By integrating multiple tools, the precision further improved to a maximum of 83.6%. These results demonstrate that ReEP effectively unites the strengths of existing works, enhances the precision of Reentrancy vulnerability detection tools.

Cryptography and Security,Software Engineering

Shuo Yang,Jiachi Chen,Mingyuan Huang,Zibin Zheng,Yuan Huang

2024-03-28

Abstract:Reentrancy, a notorious vulnerability in smart contracts, has led to millions of dollars in financial loss. However, current smart contract vulnerability detection tools suffer from a high false positive rate in identifying contracts with reentrancy vulnerabilities. Moreover, only a small portion of the detected reentrant contracts can actually be exploited by hackers, making these tools less effective in securing the Ethereum ecosystem in practice.

Cryptography and Security,Software Engineering

Noama Fatima Samreen,Manar H. Alalfi

DOI: https://doi.org/10.1109/IWBOSE50093.2020.9050260

2021-05-07

Abstract:Ethereum Smart contracts use blockchain to transfer values among peers on networks without central agency. These programs are deployed on decentralized applications running on top of the blockchain consensus protocol to enable people to make agreements in a transparent and conflict-free environment. The security vulnerabilities within those smart contracts are a potential threat to the applications and have caused huge financial losses to their users. In this paper, we present a framework that combines static and dynamic analysis to detect Reentrancy vulnerabilities in Ethereum smart contracts. This framework generates an attacker contract based on the ABI specifications of smart contracts under test and analyzes the contract interaction to precisely report Reentrancy vulnerability. We conducted a preliminary evaluation of our proposed framework on 5 modified smart contracts from Etherscan and our framework was able to detect the Reentrancy vulnerability in all our modified contracts. Our framework analyzes smart contracts statically to identify potentially vulnerable functions and then uses dynamic analysis to precisely confirm Reentrancy vulnerability, thus achieving increased performance and reduced false positives.

Cryptography and Security

Haoran Wu,Xingya Wang,Jiehui Xu,Weiqin Zou,Lingming Zhang,Zhenyu Chen

2019-01-01

Abstract:Smart contract is a special program that manages digital assets on blockchain. It is difficult to recover the loss if users make transactions through buggy smart contracts, which cannot be directly fixed. Hence, it is important to ensure the correctness of smart contracts before deploying them. This paper proposes a systematic framework to mutation testing for smart contracts on Ethereum, which is currently the most popular open blockchain for deploying and running smart contracts. Fifteen novel mutation operators have been designed for Ethereum Smart Contracts (ESC), in terms of keyword, global variable/function, variable unit, and error handling. An empirical study on 26 smart contracts in four Ethereum DApps has been conducted to evaluate the effectiveness of mutation testing. The experimental results show that our approach can outperform the coverage-based approach on defect detection rate (96.01% vs. 55.68%). The ESC mutation operators are effective to reveal real defects and we found 117 out of 729 real bug reports are related to our operators. These show the great potential of using mutation testing for quality assurance of ESC.

Chao Liu,Han Liu,Zhao Cao,Zhong Chen,Bangdao Chen,Bill Roscoe

DOI: https://doi.org/10.1145/3183440.3183495

2018-01-01

Abstract:Smart contracts enabled a new way to perform cryptocurrency transactions over blockchains. While this emerging technique introduces free-of-conflicts and transparency, smart contract itself is vulnerable. As a special form of computer program, smart contract can hardly get rid of bugs. Even worse, an exploitable security bug can lead to catastrophic consequences, e.g., loss of cryptocurrency/money. In this demo paper, we focus on the most common type of security bugs in smart contracts, i.e., reentrancy bug, which caused the famous DAO attack with a loss of 60 million US dollars. We presented ReGuard, an fuzzing-based analyzer to automatically detect reentrancy bugs in Ethereum smart contracts. Specifically, ReGuard performs fuzz testing on smart contracts by iteratively generating random but diverse transactions. Based on the runtime traces, ReGuard further dynamically identifies reentrancy vulnerabilities. In the preliminary evaluation, we have analyzed 5 existing Ethereum contracts. ReGuard automatically flagged 7 previously unreported reentrancy bugs. A demo video of ReGuard is at https://youtu.be/XxJ3_-cmUiY.

Yinxing Xue,Mingliang Ma,Yun Lin,Yulei Sui,Jiaming Ye,Tianyong Peng

DOI: https://doi.org/10.1145/3324884.3416553

2020-12-21

Abstract:Reentrancy bugs, one of the most severe vulnerabilities in smart contracts, have caused huge financial loss in recent years. Researchers have proposed many approaches to detecting them. However, empirical studies have shown that these approaches suffer from undesirable false positives and false negatives, when the code under detection involves the interaction between multiple smart contracts. In this paper, we propose an accurate and efficient cross-contract reentrancy detection approach in practice. Rather than design rule-of-thumb heuristics, we conduct a large empirical study of 11714 real-world contracts from Etherscan against three well-known general-purpose security tools for reentrancy detection. We manually summarized the reentrancy scenarios where the state-of-the-art approaches cannot address. Based on the empirical evidence, we present Clairvoyance, a cross-function and cross-contract static analysis to detect reentrancy vulnerabilities in real world with significantly higher accuracy. To reduce false negatives, we enable, for the first time, a cross-contract call chain analysis by tracking possibly tainted paths. To reduce false positives, we systematically summarized five major path protective techniques (PPTs) to support fast yet precise path feasibility checking. We implemented our approach and compared Clairvoyance with five state-of-the-art tools on 17770 real-worlds contracts. The results show that Clairvoyance yields the best detection accuracy among all the five tools and also finds 101 unknown reentrancy vulnerabilities.

Usman Tahir,Michele Ianni,Fiza Siyal,Giancarlo Fortino,Antonella Guzzo

DOI: https://doi.org/10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361441

2023-11-14

Abstract:Reentrancy is a type of attack that can occur in smart contracts, enabling untrusted external code execution within the contract. This method exploits a vulnerability that allows an attacker to repeatedly invoke a function in the contract, resulting in an infinite loop and potentially leading to fund theft. Therefore, the reentrancy attack represents a critical concern in blockchain security, prompting the development of various methods for analyzing and detecting reentrancy vulnerabilities over the last decade. Among these methods, the most recent ones leverage the advantages of AI and deep learning techniques. Nonetheless, several limitations persist in existing approaches. Many current methods rely on complex code analysis rules, resulting in a high number of false positives and false negatives. Additionally, the feature engineering process involving word embedding techniques can lead to the loss of critical information. Lastly, the majority of proposed methods necessitate access to the actual source code of the smart contracts for analysis. In this study, we introduce a straightforward and lightweight approach to address these limitations in reentrancy detection. Our approach employs an image-based detection method utilizing deep learning. The pipeline of our method involves disassembling the smart contracts into opcodes and transforming them into RGB images. These images are then used to train a VGG16 CNN model to detect similarities between images labeled as either “Vulnerable” or “Not Vulnerable”. To address class imbalance, we implement image augmentation techniques to expand the training dataset. Experimental results conducted on a publicly available dataset demonstrate that our model achieves a significantly high accuracy rate of 99.07%.

Computer Science

Yuichiro Chinen,Naoto Yanai,Jason Paul Cruz,Shingo Okamura

DOI: https://doi.org/10.48550/arXiv.2007.01029

2020-07-02

Abstract:Ethereum smart contracts are programs that are deployed and executed in a consensus-based blockchain managed by a peer-to-peer network. Several re-entrancy attacks that aim to steal Ether, the cryptocurrency used in Ethereum, stored in deployed smart contracts have been found in the recent years. A countermeasure to such attacks is based on dynamic analysis that executes the smart contracts themselves, but it requires the spending of Ether and knowledge of attack patterns for analysis in advance. In this paper, we present a static analysis tool named \textit{RA (Re-entrancy Analyzer)}, a combination of symbolic execution and equivalence checking by a satisfiability modulo theories solver to analyze smart contract vulnerabilities to re-entrancy attacks. In contrast to existing tools, RA supports analysis of inter-contract behaviors by using only the Etherum Virtual Machine bytecodes of target smart contracts, i.e., even without prior knowledge of attack patterns and without spending Ether. Furthermore, RA can verify existence of vulnerabilities to re-entrancy attacks without execution of smart contracts and it does not provide false positives and false negatives. We also present an implementation of RA to evaluate its performance in analyzing the vulnerability of deployed smart contracts to re-entrancy attacks and show that RA can precisely determine which smart contracts are vulnerable.

Cryptography and Security

Yihao Qin,Bo Lin,Shangwen Wang,Zhuo Zhang,Xiaoguang Mao,Yan Lei,Haoyu Zhang,Hongjun Wu

DOI: https://doi.org/10.1109/ISSRE52982.2021.00047

2021-10-01

Abstract:Smart contracts with natural economic attributes have been widely and rapidly developed in various fields. However, the bugs and vulnerabilities in smart contracts have brought huge economic losses, which has strengthened people's attention to the security issues of smart contracts. The immutability of smart contracts makes people more willing to conduct security checks before deploying smart contracts. Nonetheless, existing smart contract vulnerability detection techniques are far away from enough: static analysis approaches rely heavily on manually crafted heuristics which is difficult to reuse across different types of vulnerabilities while deep learning based approaches also have unique limitations. In this study, we propose a novel approach, Peculiar, which uses Pre-training technique for detection of smart contract vulnerabilities based on crucial data flow graph. Compared against the traditional data flow graph which is already utilized in existing approach, crucial data flow graph is less complex and does not bring an unnecessarily deep hierarchy, which makes the model easy to focus on the critical features. Moreover, we also involve pre-training technique in our model due to the dramatic improvements it has achieved on a variety of NLP tasks. Our empirical results show that Peculiar can achieve 91.80 % precision and 92.40 % recall in detecting reentrancy vulnerability, one of the most severe and common smart contract vulnerabilities, on 40,932 smart contract files, which is significantly better than the state-of-the-art methods (e.g., Smartcheck achieves 79.37% precision and 70.50% recall). Meanwhile, another experiment shows that Peculiar is more discerning to reentrancy vulnerability than existing approaches. The ablation experiment reveals that both crucial data flow graph and pre-trained model contribute significantly to the performances of Peculiar.

Computer Science

Mingtao Ji,GuangJun Liang,Meng Li,Haoyan Zhang,Jiacheng He

DOI: https://doi.org/10.1007/978-3-030-78621-2_41

2021-01-01

Abstract:As the blockchain enters the 2.0 era, the smart contract which is based on the blockchain platform has gradually entered people’s field of vision. By its transparency, non-tampering, independence from third-party arbitration, and trustlessness, it is widely applied in equity crowdfunding, games, insurance, particularly the Internet of Things. However, the attack on the TheDAO smart contract alert public awareness of the security of a smart contract. The essence of the smart contract is an electronic contract written in code. Due to reasons like lacking standard libraries for its programming language, several loopholes will inevitably appear in the code. Once they are found by attackers, the interests of the main body using smart contracts will be damaged. There are many types of vulnerabilities in smart contracts, such as reentrancy, short address attacks, and timestamp dependence. This article mainly focuses on re-entry vulnerabilities as the research object and analyzes the principle of re-entry vulnerabilities. Featuring immutable after being chained, the smart contract must be checked before it is chained to make up for the vulnerability. This paper provides a detection method based on symbolic execution to detect reentrancy vulnerabilities. We hope to strengthen people’s security awareness of smart contracts and boost the research of smart contracts in terms of security by our study of the smart contract reentrancy vulnerability in this article. Promote the research and development of smart contracts.

Ruiyao Huang,Qingni Shen,Yuchen Wang,Yiqi Wu,Zhonghai Wu,Xiapu Luo,Anbang Ruan

DOI: https://doi.org/10.1016/j.jss.2024.112107

IF: 3.5

2024-01-01

Journal of Systems and Software

Abstract:Reentrancy, the most notorious vulnerability in smart contracts, has attracted extensive attention. To eliminate reentrancy before deploying contracts, there is a need to locate and repair the contracts. However, existing tools still have false alarm locations, destroy original semantics, and have high gas overhead problems. In this work, we proposed a gas-optimized template-based reentrancy repair method with semantic maintenance. We avoid false positive locations from verifying the attack’s effectiveness, using connectivity and read-write dependencies. We design the semantic equivalence check algorithm based on the def-use chain. We optimize the lock and reordering templates for reentrancy repair and add semantic maintenance operations. We implemented our tool, ReenRepair, and compared it with two state-of-the-art detection tools and two repair tools. The results show that ReenRepair yields good location precision, the highest repair rate, and the lowest gas overhead. All semantic changes caused by lock and 89.66% of semantic changes caused by reordering were successfully maintained.

Meiying Wang,Zheyu Xie,Xuefan Wen,Jianmin Li,Kuanjiu Zhou

DOI: https://doi.org/10.3390/electronics12102327

IF: 2.9

2023-05-22

Electronics

Abstract:The wide application of Ethereum smart contracts in the Internet of Things, finance, medical, and other fields is associated with security challenges. Traditional detection methods detect vulnerabilities by stacking hard rules, which are associated with the bottleneck of a high false-positive rate and low detection efficiency. To make up for the shortcomings of traditional methods, existing deep learning methods improve model performance by combining multiple models, resulting in complex structures. From the perspective of optimizing the model feature space, this study proposes a vulnerability detection scheme for Ethereum smart contracts based on metric learning and a bidirectional long short-term memory (BiLSTM) network. First, the source code of the Ethereum contract is preprocessed, and the word vector representation is used to extract features. Secondly, the representation is combined with metric learning and the BiLSTM model to optimize the feature space and realize the cohesion of similar contracts and the discreteness of heterogeneous contracts, improving the detection accuracy. In addition, an attention mechanism is introduced to screen key vulnerability features to enhance detection observability. The proposed method was evaluated on a large-scale dataset containing four types of vulnerabilities: arithmetic vulnerabilities, re-entrancy vulnerabilities, unchecked calls, and inconsistent access controls. The results show that the proposed scheme exhibits excellent detection performance. The accuracy rates reached 88.31%, 93.25%, 91.85%, and 90.59%, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied

Xiaotao Feng,Qin Wang,Xiaogang Zhu,Sheng Wen

DOI: https://doi.org/10.48550/arXiv.1905.00799

2019-05-02

Abstract:With the frantic development of smart contracts on the Ethereum platform, its market value has also climbed. In 2016, people were shocked by the loss of nearly $50 million in cryptocurrencies from the DAO reentrancy attack. Due to the tremendous amount of money flowing in smart contracts, its security has attracted much attention of researchers. In this paper, we investigated several common smart contract vulnerabilities and analyzed their possible scenarios and how they may be exploited. Furthermore, we survey the smart contract vulnerability detection tools for the Ethereum platform in recent years. We found that these tools have similar prototypes in software vulnerability detection technology. Moreover, for the features of public distribution systems such as Ethereum, we present the new challenges that these software vulnerability detection technologies face.

Software Engineering,Cryptography and Security

Lu Liu,Lili Wei,Wuqi Zhang,Ming Wen,Yepang Liu,Shing-Chi Cheung

DOI: https://doi.org/10.48550/arXiv.2108.10799

2021-09-01

Abstract:Smart contracts are programs running on blockchain to execute transactions. When input constraints or security properties are violated at runtime, the transaction being executed by a smart contract needs to be reverted to avoid undesirable consequences. On Ethereum, the most popular blockchain that supports smart contracts, developers can choose among three transaction-reverting statements (i.e., require, if...revert, and if...throw) to handle anomalous transactions. While these transaction-reverting statements are vital for preventing smart contracts from exhibiting abnormal behaviors or suffering malicious attacks, there is limited understanding of how they are used in practice. In this work, we perform the first empirical study to characterize transaction-reverting statements in Ethereum smart contracts. We measured the prevalence of these statements in 3,866 verified smart contracts from popular dapps and built a taxonomy of their purposes via manually analyzing 557 transaction-reverting statements. We also compared template contracts and their corresponding custom contracts to understand how developers customize the use of transaction-reverting statements. Finally, we analyzed the security impact of transaction-reverting statements by removing them from smart contracts and comparing the mutated contracts against the original ones. Our study led to important findings, which can shed light on further research in the broad area of smart contract quality assurance and provide practical guidance to smart contract developers on the appropriate use of transaction-reverting statements.

Cryptography and Security,Software Engineering

Dongfang Jia,Zhicong Liu,Zhengqi Zhang,Jun Ye

DOI: https://doi.org/10.1007/978-981-16-7469-3_108

2022-01-01

Abstract:In recent years, the second-generation blockchain platforms and applications represented by smart contracts have seen explosive growth, but frequent smart contract vulnerability incidents have seriously threatened the ecological security of blockchain. In view of the low efficiency of code audit based on expert experience, it is important to develop a general automation tool to mine smart contract vulnerabilities. In the beginning, the security threats of smart contracts should be investigated and analyzed, and many smart contract vulnerabilities and attack modes that occur frequently, such as code reentrant, access control, integer overflow, etc., were summarized. Then, the technology method of smart contract vulnerability detection conforming to The Times is obtained, and the current samples of smart contract vulnerability detection are summarized. The current investigation includes too few types of vulnerabilities, with a variety of inaccuracies and deviations. It is only carried out through manual audit. Through these methods, according to the state of including after put forward the general ideas of this kind of situation, and puts forward a kind of symbolic execution auxiliary fuzzy test framework, can reduce the symbolic execution channel congestion and fuzzy test code coverage degree is too little, so as to improve test efficiency, easy to dig holes of large and medium-sized intelligent contracts quality improvement.

Shiji Wang,Xiangfu Zhao

DOI: https://doi.org/10.1007/s10515-024-00471-8

IF: 1.677

2024-10-25

Automated Software Engineering

Abstract:Frequent smart contract security incidents pose a threat to the credibility of the Ethereum platform, making smart contract vulnerability detection a focal point of concern. Previous research has proposed vulnerability detection methods in smart contracts. Generally, these tools rely on predefined rules to detect vulnerable smart contracts. However, using out-of-date rules for vulnerability detection may lead to a significant number of false negatives and false positives due to the growing variety of smart contract vulnerability types and the ongoing enhancement of vulnerability defense mechanisms. In this paper, we propose ContractSentry, a tool for static analysis of smart contracts. First, we preprocess Solidity code to build critical contract information and transform it into an intermediate representation. Then, based on the intermediate representations, we propose composite rules for vulnerability detection by analyzing the characteristics of different types of vulnerabilities in smart contracts. Finally, we evaluate ContractSentry with two datasets and compare it with state-of-the-art vulnerability detection tools. Experimental results demonstrate that ContractSentry achieves superior detection effectiveness.

computer science, software engineering