Reentrancy Vulnerability Identification in Ethereum Smart Contracts

TL;DR

This paper introduces a combined static and dynamic analysis framework for detecting Reentrancy vulnerabilities in Ethereum smart contracts, improving accuracy and reducing false positives.

Contribution

It presents a novel hybrid analysis framework that accurately identifies Reentrancy vulnerabilities by integrating static and dynamic techniques.

Findings

Successfully detected Reentrancy in all tested contracts

Enhanced detection accuracy with reduced false positives

Effective analysis on modified real-world smart contracts

Abstract

Ethereum Smart contracts use blockchain to transfer values among peers on networks without central agency. These programs are deployed on decentralized applications running on top of the blockchain consensus protocol to enable people to make agreements in a transparent and conflict-free environment. The security vulnerabilities within those smart contracts are a potential threat to the applications and have caused huge financial losses to their users. In this paper, we present a framework that combines static and dynamic analysis to detect Reentrancy vulnerabilities in Ethereum smart contracts. This framework generates an attacker contract based on the ABI specifications of smart contracts under test and analyzes the contract interaction to precisely report Reentrancy vulnerability. We conducted a preliminary evaluation of our proposed framework on 5 modified smart contracts from Etherscan and our framework was able to detect the Reentrancy vulnerability in all our modified contracts. Our framework analyzes smart contracts statically to identify potentially vulnerable functions and then uses dynamic analysis to precisely confirm Reentrancy vulnerability, thus achieving increased performance and reduced false positives.