Hunting for Re-Entrancy Attacks in Ethereum Smart Contracts via Static Analysis
This addresses security risks for Ethereum users and developers by providing a cost-effective and accurate method to prevent attacks, though it is incremental as it builds on existing static analysis techniques.
The paper tackles the problem of detecting re-entrancy vulnerabilities in Ethereum smart contracts by developing a static analysis tool called RA, which uses symbolic execution and equivalence checking to analyze bytecodes without requiring Ether or prior attack patterns, and it achieves precise detection with no false positives or negatives.
Ethereum smart contracts are programs that are deployed and executed in a consensus-based blockchain managed by a peer-to-peer network. Several re-entrancy attacks that aim to steal Ether, the cryptocurrency used in Ethereum, stored in deployed smart contracts have been found in the recent years. A countermeasure to such attacks is based on dynamic analysis that executes the smart contracts themselves, but it requires the spending of Ether and knowledge of attack patterns for analysis in advance. In this paper, we present a static analysis tool named \textit{RA (Re-entrancy Analyzer)}, a combination of symbolic execution and equivalence checking by a satisfiability modulo theories solver to analyze smart contract vulnerabilities to re-entrancy attacks. In contrast to existing tools, RA supports analysis of inter-contract behaviors by using only the Etherum Virtual Machine bytecodes of target smart contracts, i.e., even without prior knowledge of attack patterns and without spending Ether. Furthermore, RA can verify existence of vulnerabilities to re-entrancy attacks without execution of smart contracts and it does not provide false positives and false negatives. We also present an implementation of RA to evaluate its performance in analyzing the vulnerability of deployed smart contracts to re-entrancy attacks and show that RA can precisely determine which smart contracts are vulnerable.