ReDefender: A Tool for Detecting Reentrancy Vulnerabilities in Smart Contracts Effectively
Zhenyu Pan, Tianyuan Hu, Qián Chen, Bixin Li
Abstract
Reentrancy, one of the most complex type of vulner-abilities, poses significant threat to smart contract development. Indeed, millions of dollars have evaporated due to reentrancy vulnerabilities of smart contracts in past years. In this paper, we propose a new approach to detect reentrancy vulnerabilities using fuzz testing and develop a novel tool named ReDefender. Our approach and tool consists of four main steps: (1)preprocess contract to be detected: when a contract uploaded, its source code will be preprocessed by ReDefender to extract candidate pool for fuzzing; (2) generate fuzzing input: fuzzing input will be generated by fuzz engine; (3) collect runtime information: an agent contract is constructed to interact with and attack all contracts to be detected. Runtime information is collected during the execution of every fuzzing input; (4) analyze execution log and find reentrancy: the execution log is analyzed to determine whether a malicious reentrancy occurs. We conduct experiments on 204 tagged smart contracts and show the higher accuracy and lower false positive rate of ReDefender than that of other three famous tools. Moreover, we conduct a new experiment and find 4 reentrancy vulnerabilities in 395 on-chain contract accounts which have managed more than 1000 transactions.