Reentrancy Vulnerability Identification in Ethereum Smart Contracts
This addresses security threats for users of Ethereum smart contracts, but it is incremental as it builds on existing analysis methods.
The paper tackles the problem of detecting Reentrancy vulnerabilities in Ethereum smart contracts, which cause financial losses, by presenting a framework that combines static and dynamic analysis to achieve increased performance and reduced false positives, successfully detecting vulnerabilities in all 5 modified contracts tested.
Ethereum Smart contracts use blockchain to transfer values among peers on networks without central agency. These programs are deployed on decentralized applications running on top of the blockchain consensus protocol to enable people to make agreements in a transparent and conflict-free environment. The security vulnerabilities within those smart contracts are a potential threat to the applications and have caused huge financial losses to their users. In this paper, we present a framework that combines static and dynamic analysis to detect Reentrancy vulnerabilities in Ethereum smart contracts. This framework generates an attacker contract based on the ABI specifications of smart contracts under test and analyzes the contract interaction to precisely report Reentrancy vulnerability. We conducted a preliminary evaluation of our proposed framework on 5 modified smart contracts from Etherscan and our framework was able to detect the Reentrancy vulnerability in all our modified contracts. Our framework analyzes smart contracts statically to identify potentially vulnerable functions and then uses dynamic analysis to precisely confirm Reentrancy vulnerability, thus achieving increased performance and reduced false positives.