DeepAI AI Chat
Log In Sign Up

Hunting for Re-Entrancy Attacks in Ethereum Smart Contracts via Static Analysis

by   Yuichiro Chinen, et al.

Ethereum smart contracts are programs that are deployed and executed in a consensus-based blockchain managed by a peer-to-peer network. Several re-entrancy attacks that aim to steal Ether, the cryptocurrency used in Ethereum, stored in deployed smart contracts have been found in the recent years. A countermeasure to such attacks is based on dynamic analysis that executes the smart contracts themselves, but it requires the spending of Ether and knowledge of attack patterns for analysis in advance. In this paper, we present a static analysis tool named RA (Re-entrancy Analyzer), a combination of symbolic execution and equivalence checking by a satisfiability modulo theories solver to analyze smart contract vulnerabilities to re-entrancy attacks. In contrast to existing tools, RA supports analysis of inter-contract behaviors by using only the Etherum Virtual Machine bytecodes of target smart contracts, i.e., even without prior knowledge of attack patterns and without spending Ether. Furthermore, RA can verify existence of vulnerabilities to re-entrancy attacks without execution of smart contracts and it does not provide false positives and false negatives. We also present an implementation of RA to evaluate its performance in analyzing the vulnerability of deployed smart contracts to re-entrancy attacks and show that RA can precisely determine which smart contracts are vulnerable.


page 1

page 2

page 3

page 4


Reentrancy Vulnerability Identification in Ethereum Smart Contracts

Ethereum Smart contracts use blockchain to transfer values among peers o...

Annotary: A Concolic Execution System for Developing Secure Smart Contracts

Ethereum smart contracts are executable programs, deployed on a peer-to-...

ÆGIS: Shielding Vulnerable Smart Contracts Against Attacks

In recent years, smart contracts have suffered major exploits, costing m...

Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks

Recently, a number of existing blockchain systems have witnessed major b...

The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts

In recent years, Ethereum gained tremendously in popularity, growing fro...

Dynamic Vulnerability Detection on Smart Contracts Using Machine Learning

In this work we propose Dynamit, a monitoring framework to detect reentr...

MPro: Combining Static and Symbolic Analysis for Scalable Testing of Smart Contract

Smart contracts are executable programs that enable the building of a pr...