Litcius/Paper detail

ReDefender: A Tool for Detecting Reentrancy Vulnerabilities in Smart Contracts Effectively

Zhenyu Pan, Tianyuan Hu, Qián Chen, Bixin Li

20212021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS)14 citationsDOI

Abstract

Reentrancy, one of the most complex type of vulner-abilities, poses significant threat to smart contract development. Indeed, millions of dollars have evaporated due to reentrancy vulnerabilities of smart contracts in past years. In this paper, we propose a new approach to detect reentrancy vulnerabilities using fuzz testing and develop a novel tool named ReDefender. Our approach and tool consists of four main steps: (1)preprocess contract to be detected: when a contract uploaded, its source code will be preprocessed by ReDefender to extract candidate pool for fuzzing; (2) generate fuzzing input: fuzzing input will be generated by fuzz engine; (3) collect runtime information: an agent contract is constructed to interact with and attack all contracts to be detected. Runtime information is collected during the execution of every fuzzing input; (4) analyze execution log and find reentrancy: the execution log is analyzed to determine whether a malicious reentrancy occurs. We conduct experiments on 204 tagged smart contracts and show the higher accuracy and lower false positive rate of ReDefender than that of other three famous tools. Moreover, we conduct a new experiment and find 4 reentrancy vulnerabilities in 395 on-chain contract accounts which have managed more than 1000 transactions.

Topics & Concepts

Fuzz testingComputer scienceUploadCode (set theory)Computer securitySmart contractProgramming languageOperating systemSoftwareSet (abstract data type)BlockchainBlockchain Technology Applications and SecurityAdversarial Robustness in Machine LearningAdvanced Malware Detection Techniques
ReDefender: A Tool for Detecting Reentrancy Vulnerabilities in Smart Contracts Effectively | Litcius