# Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks

**Authors:** Michael Rodler, Wenting Li, Ghassan O. Karame, Lucas Davi

arXiv: 1812.05934 · 2018-12-17

## TL;DR

Sereum is a runtime monitoring tool that protects deployed Ethereum smart contracts from re-entrancy attacks without requiring modifications, achieving high accuracy and low overhead.

## Contribution

It introduces Sereum, a novel, backwards-compatible runtime security mechanism that detects and prevents re-entrancy attacks on existing smart contracts.

## Key findings

- Detects re-entrancy attacks with 0.06% false positive rate
- Provides protection without modifying existing contracts
- Demonstrates limitations of offline analysis tools with new attack methods

## Abstract

Recently, a number of existing blockchain systems have witnessed major bugs and vulnerabilities within smart contracts. Although the literature features a number of proposals for securing smart contracts, these proposals mostly focus on proving the correctness or absence of a certain type of vulnerability within a contract, but cannot protect deployed (legacy) contracts from being exploited. In this paper, we address this problem in the context of re-entrancy exploits and propose a novel smart contract security technology, dubbed Sereum (Secure Ethereum), which protects existing, deployed contracts against re-entrancy attacks in a backwards compatible way based on run-time monitoring and validation. Sereum does neither require any modification nor any semantic knowledge of existing contracts. By means of implementation and evaluation using the Ethereum blockchain, we show that Sereum covers the actual execution flow of a smart contract to accurately detect and prevent attacks with a false positive rate as small as 0.06% and with negligible run-time overhead. As a by-product, we develop three advanced re-entrancy attacks to demonstrate the limitations of existing offline vulnerability analysis tools.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1812.05934/full.md

## Figures

22 figures with captions in the complete paper: https://tomesphere.com/paper/1812.05934/full.md

## References

45 references — full list in the complete paper: https://tomesphere.com/paper/1812.05934/full.md

---
Source: https://tomesphere.com/paper/1812.05934