Temporarily Restricting Solidity Smart Contract Interactions

TL;DR

This paper investigates methods to temporarily restrict Solidity smart contract functions to prevent reentrancy and other exploits, addressing recent security breaches and cross-chain behavior inconsistencies.

Contribution

It introduces new techniques for time-based and transaction-based restrictions on smart contract functions, enhancing security against reentrancy attacks.

Findings

Identified that 2023 exploits could have been prevented with restrictions.

Dissected a new read-only reentrancy exploit class.

Highlighted cross-blockchain behavior differences.

Abstract

In this work we explore ways to restrict the ability to call Solidity smart contract functions for a specified duration. We describe methods to restrict functions from being called twice in the same transaction, block, or time period. This is related to the notion of non-reentrant functions, which are functions that can be called within a previous execution. These methods can be used to restrict interactions with entire sets of functions of smart contracts. We are motivated to revisit this topic for two reasons. First, we note that sixteen real-world smart contracts exploits in 2023 resulting in over $136M USD lost or stolen that could have been prevented by restricting function calls. As part of this survey, we dissect a new class of exploit that involves so-called read-only reentrancy: exploits that re-enter read-only functions to make smart contract state inconsistent in order to enable their exploitation. Second, while some of these approaches are simple, they may not always behave the same across different blockchains that support Solidity.