Smart Contract Reentrancy Vulnerability Detection Based on Symbolic Execution

doi:10.19678/j.issn.1000-3428.0068288

Abstract

Abstract:

The exploitation of reentrancy vulnerabilities represents one of the most destructive attacks among the security issues related to smart contracts. Existing methods often suffer from high false negative rates. To address these issues, this paper proposes a reentrancy vulnerability detection method based on symbolic execution. This method utilizes static symbolic execution technology. By simulating the execution of Ethereum virtual machine instructions and connecting the public function control flow subgraph-which may be invoked multiple times by external contracts-to the control flow graph of the called contract, the system is capable of repeated simulations. The complete control flow graph of the intrusion attack, combined with contract state consistency detection, enables the detection of three different types of reentrancy vulnerabilities: same function, cross-function, and cross-contract types. The detection tool Lucifer, designed based on this method, was compared with related works such as Oyente, Securify, DefectChecker, and Sailfish using known label datasets, vulnerability injection datasets, custom datasets, and real Ethereum smart contract datasets. Experimental results show that Lucifer ranks first or second in terms of false positive rate, false negative rate, and fault tolerance, with an accuracy rate of 100% in some detection cases. Comprehensive evaluation indicators show that Lucifer's detection rate surpasses that of existing tools and that it has better identification capabilities for certain specific reentrancy contracts, particularly those involving mutex locks and function modifiers. Although Lucifer's detection time was longer, it remained within a controllable range, and no detection timeout were encountered.

Key words: smart contract, reentrancy vulnerability detection, symbolic execution, control flow graph, contract state consistency

摘要：

在智能合约安全问题中, 利用重入漏洞是最具破坏性的攻击之一。针对目前相关检测工作漏报率和误报率高的问题, 提出一种基于符号执行的重入漏洞检测方法。该方法基于静态符号执行技术, 在模拟以太坊虚拟机指令执行过程中, 通过将可能被外部合约多次调用的公有函数控制流子图连接到被调用合约的控制流图, 构建出能够模拟重入攻击的完全控制流图, 再结合合约状态一致性检测, 实现同函数、跨函数和跨合约等3种不同类型的重入漏洞检测。基于该方法设计的检测工具Lucifer与相关工作Oyente、Securify、DefectChecker、Sailfish在已知标签数据集、漏洞注入数据集、自定义数据集和以太坊智能合约真实数据集上进行对比, 实验结果表明, Lucifer在误报率、漏报率和容错性上均分别获得第一或者第二的成绩, 部分检测情形准确率达到100%, 由综合评价指标可以看出, Lucifer的检测率优于现有检测工具, 在对于部分特定重入合约的情形尤其在与互斥锁和函数修饰符有关的重入漏洞的识别中有较好的识别能力, 在检测时长上, Lucifer的检测时间较久但也在可控范围, 并未出现检测超时。

关键词: 智能合约, 重入漏洞检测, 符号执行, 控制流图, 合约状态一致性

GAO Shan, WANG Chengyu, BI Chengming, ZHU Tieying. Smart Contract Reentrancy Vulnerability Detection Based on Symbolic Execution[J]. Computer Engineering, 2024, 50(10): 196-204.

高山, 王诚昱, 毕成铭, 朱铁英. 基于符号执行的智能合约重入漏洞检测[J]. 计算机工程, 2024, 50(10): 196-204.

/ Recommend / Download Citations

URL: https://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0068288

https://www.ecice06.com/EN/Y2024/V50/I10/196

Figures/Tables 12

Fig.1 An example of reentrancy vulnerability

Fig.2 Vulnerability detection framework

Fig.3 DW type reentrancy

Fig.4 An example of mutex misusing

Fig.5 An example of vulnerability contract related with modifier

Fig.6 An example of Gas-limited security contract

References 26

1	钱鹏, 刘振广, 何钦铭, 等. 智能合约安全漏洞检测技术研究综述. 软件学报, 2021, 33 (8): 3059- 3085. doi: 10.13328/j.cnki.jos.006375
	QIAN P, LIU Z G, HE Q M, et al. A review of research on smart contract security vulnerability detection technology. Journal of Software, 2021, 33 (8): 3059- 3085. doi: 10.13328/j.cnki.jos.006375
2	NAKAMOTO S. Bitcoin: a peer-to-peer electronic cash system[EB/OL]. [2023-04-25]. https://bitcoin.org/bitcoin.pdf.
3	BUTERIN V. Ethereum whitepaper[EB/OL]. [2023-04-25]. https//ethereum.org/en/whitepaper/.
4	Hyperledger Foundation. Hyperledger project[EB/OL]. [2023-04-25]. https://www.hyperledger.org/.
5	GitHub. The solidity contract-oriented programming language[EB/OL]. [2023-04-25]. https://github.com/ethereum/solidity.
6	IBM. What are smart contracts on blockchain?[EB/OL]. [2023-04-25]. https://www.ibm.com/topics/smart-contracts.
7	GitHub. The DAO[EB/OL]. [2023-04-25]. https://cypherpunks-core.github.io/ethereumbook_zh/19.html.
8	GitHub. Reentrancy attacks[EB/OL]. [2023-04-25]. https://github.com/pcaversaccio/reentrancy-attacks.
9	LUU L, CHU D H, OLICKEL H, et al. Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York, USA: ACM Press, 2016: 254-269.
10	TORRES C F, SCHÜTTE J, STATE R. Osiris: hunting for integer bugs in Ethereum smart contracts[C]//Proceedings of the 34th Annual Computer Security Applications Conference. New York, USA: ACM Press, 2018: 664-676.
11	MUELLER B, HONIG J, PARASARAM N. Mythril[EB/OL]. [2023-04-25]. https://github.com/ConsenSys/mythril.
12	KRUPP J, ROSSOW C. TEETHER: gnawing at Ethereum to automatically exploit smart contracts[C]//Proceedings of the 27th USENIX Security Symposium. [S. l. ]: USENIX, 2018: 1317-1333.
13	CHEN J C, XIA X, LO D, et al. DefectChecker: automated smart contract defect detection by analyzing EVM bytecode. IEEE Transactions on Software Engineering, 2022, 48 (7): 2189- 2207. doi: 10.1109/TSE.2021.3054928
14	BOSE P, DAS D, CHEN Y J, et al. SAILFISH: vetting smart contract state-inconsistency bugs in seconds[C]//Proceedings of the IEEE Symposium on Security and Privacy. Washington D. C., USA: IEEE Press, 2022: 161-178.
15	KALRA S, GOEL S, DHAWAN M, et al. ZEUS: analyzing safety of smart contracts[C]//Proceedings of 2018 Network and Distributed System Security Symposium. Reston, USA: Internet Society, 2018: 1-15.
16	TSANKOV P, DAN A, DRACHSLER-COHEN D, et al. Securify: practical security analysis of smart contracts[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York, USA: ACM Press, 2018: 67-82.
17	TIKHOMIROV S, VOSKRESENSKAYA E, IVANITSKIY I, et al. SmartCheck: static analysis of Ethereum smart contracts[C]//Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain. New York, USA: ACM Press, 2018: 9-16.
18	FEIST J, GRIECO G, GROCE A. Slither: a static analysis framework for smart contracts[C]//Proceedings of the 2nd IEEE/ACM International Workshop on Emerging Trends in Software Engineering for Blockchain. Washington D. C., USA: IEEE Press, 2019: 8-15.
19	JIANG B, LIU Y, CHAN W K. ContractFuzzer: fuzzing smart contracts for vulnerability detection[C]//Proceedings of the 33rd IEEE/ACM International Conference on Automated Software Engineering. New York, USA: ACM Press, 2018: 259-269.
20	LIU C, LIU H, CAO Z, et al. Reguard: finding reentrancy bugs in smart contracts[C]//Proceedings of the 40th International Conference on Software Engineering. Washington D. C., USA: IEEE Press, 2018: 65-68.
21	RODLER M, LI W T, KARAME G O, et al. Sereum: protecting existing smart contracts against re-entrancy attacks[EB/OL]. [2023-04-25]. http://arxiv.org/abs/1812.05934.
22	GROSSMAN S, ABRAHAM I, GOLAN-GUETA G, et al. Online detection of effectively callback free objects with applications to smart contracts[C]//Proceedings of the ACM Conference on Programming Languages. New York, USA: ACM Press, 2018: 1-28.
23	PEREZ D, LIVSHITS B. Smart contract vulnerabilities: vulnerable does not imply exploited[C]//Proceedings of the 30th USENIX Security Symposium. [S. l. ]: USENIX, 2021: 1-10.
24	BALDONI R, COPPA E, D'ELIA D C, et al. A survey of symbolic execution techniques. ACM Computing Surveys, 2019, 51 (3): 1- 39. doi: 10.1145/3182657
25	FERREIRA J F, CRUZ P, DURIEUX T, et al. SmartBugs: a framework to analyze solidity smart contracts [C]//Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering. Washington D. C., USA: IEEE Press, 2020: 1349-1352.
26	GHALEB A, PATTABIRAMAN K. How effective are smart contract analysis tools? Evaluating smart contract static analysis tools using bug injection[C]//Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. New York, USA: ACM Press, 2020: 415-427.

[1]	Yifeng WANG, Cheng ZENG, Qingyu QUAN, Jiaoran WANG, Peng HE. Smart Contract Defect Detection Method Based on Multi-Feature Fusion [J]. Computer Engineering, 2024, 50(8): 133-141.
[2]	MA Chao, SONG Chen. Research on Smart Contract Uplink Method and Tamper Resistance Technology Considering Power Data Security [J]. Computer Engineering, 2024, 50(10): 240-254.
[3]	Yang LIU, Shengjie ZHANG. A Secure Smart Contract Generation Method Based on Timed Automata [J]. Computer Engineering, 2023, 49(9): 137-143, 157.
[4]	ZHANG Liqun, PAN Zulie, HUANG Hui, WANG Ruipeng, LI Yang. Research on Automatic Verification Method of Tcache Poisoning Heap Vulnerability Based on Symbolic Execution [J]. Computer Engineering, 2023, 49(6): 24-33.
[5]	GAO Jianbo, ZHANG Jiashuo, LI Qingshan, CHEN Zhong. Detection Method for Rule Conflicts in RegLang Regulatory Contracts [J]. Computer Engineering, 2023, 49(5): 12-21,28.
[6]	HUANG Jinrong, LIU Baixiang, ZHANG Liang, ZHANG Zhanpeng. Decentralized Anonymous Identity Authentication Model Based on Smart Contracts and Non-Fungible Tokens [J]. Computer Engineering, 2023, 49(4): 14-22.
[7]	YANG Junming, YIN Chao, YANG Zheng. Lightweight Privacy Preserving Proof of Location Protocol Based on Incentive Driven [J]. Computer Engineering, 2023, 49(3): 151-160.
[8]	TIAN Xiuxia, YANG Mingyi. Smart Contract-Based Access Control Mechanism in Home IoT [J]. Computer Engineering, 2023, 49(3): 18-28.
[9]	WU Xiaohua, LIU Huan, WU Fengheng, ZHANG Ke. Electronic Auction Scheme Based on Smart Contract and IPFS [J]. Computer Engineering, 2023, 49(2): 181-190.
[10]	SUN Linkun, JIANG Wenbao, GUO Yangnan, LI Chunqiang. Performance Optimization of Stateless Blockchain Based on Cryptographic Accumulator [J]. Computer Engineering, 2023, 49(2): 46-53.
[11]	Peng ZHENG, Letian SHA. Java Deserialization Vulnerability Detection Method Based on Hybrid Analysis [J]. Computer Engineering, 2023, 49(12): 136-145.
[12]	LI Youhuizi, YU Haitao, YIN Yuyu, GAO Honghao. Cluster Federated Optimization Model Based on Hyperledger Fabric [J]. Computer Engineering, 2023, 49(1): 22-30.
[13]	CHEN Kai, XU Cheng, LIU Hongzhe, DAI Songyin. Blockchain-based Evaluation Model for Dangerous Driving Map Data [J]. Computer Engineering, 2022, 48(8): 160-165,172.
[14]	ZHANG Bojun, GUO Yichen, WANG Zikai, HU Kai. Research on Data Sharing Incentive Mechanism Based on Smart Contract [J]. Computer Engineering, 2022, 48(8): 37-44.
[15]	DING Xiaohui, CAO Suzhen, WANG Caifen. Smart Contract-Assisted Dynamically Searchable Encryption Scheme with Forward and Backward Security [J]. Computer Engineering, 2022, 48(7): 141-150.

Please choose a citation manager

Content to export