A bytecode-based integrated detection and repair method for reentrancy vulnerabilities in smart contracts

被引：0

作者：

Feng Z. ^{[1
]}

Feng Y. ^{[2
,3
]}

He H. ^{[1
]}

Zhang W. ^{[2
,3
,4
]}

Zhang Y. ^{[1
,3
]}

机构：

[1] School of Cyberspace Science, Harbin Institute of Technology, Harbin

[2] School of Computer Science and Technology, Harbin Institute of Technology, Shenzhen

[3] Department of New Networks, Peng Cheng Laboratory, Shenzhen

[4] Guangdong Provincial Key Laboratory of Novel Security Intelligence Technologies, Shenzhen

来源：

IET Blockchain | 2024年 / 4卷 / 03期

基金：

中国国家自然科学基金;

关键词：

artificial intelligence and data science; blockchain platforms models and analysis; contracts; data mining; ethereum;

D O I：

10.1049/blc2.12043

中图分类号：

学科分类号：

摘要：

The reentrancy vulnerability in smart contracts has caused significant losses in the digital currency economy. Existing solutions for detecting and repairing this vulnerability are limited in scope and lack a comprehensive framework. Additionally, there is currently a lack of guidance methods for effectively pinpointing the location of vulnerabilities. The proposed bytecode-level method addresses these challenges by incorporating a detection module, an auxiliary localization module, and a repair module. An opcode classification method is introduced using vulnerability features and a BiLSTM-Attention-based sequence model to enhance detection accuracy. To overcome difficulties in vulnerability localization, an auxiliary localization method based on data flow and control flow analysis is proposed, enabling developers to better locate vulnerabilities. Current reentrancy vulnerability repair methods are analyzed and strategies for three reachable patterns are proposed. The bytecode rewriting strategy utilizes Trampoline technology for repair, while a fuel optimization method reduces bytecode generation length to optimize gas costs. Through extensive experimental validation, the effectiveness and superiority of the proposed methods are confirmed, further validating the feasibility of the entire framework. Experimental results demonstrate that the framework offers enhanced protection against reentrancy vulnerability attacks in smart contracts. © 2023 The Authors. IET Blockchain published by John Wiley & Sons Ltd on behalf of The Institution of Engineering and Technology.

引用

页码：235 / 251

共 33 条

[1] Nakamoto S., Bitcoin: A peer-to-peer electronic cash system
[2] Buterin V., Ethereum whitepaper
[3] EOS building a new future
[4] Neo smart economy
[5] Luu L., Chu D., Olickel H., Et al., Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254-269, (2016)
[6] Torres C., Schutte J., State R., Osiris: Hunting for integer bugs in ethereum smart contracts, Proceedings of the 34th Annual Computer Security Applications Conference, pp. 664-676, (2018)
[7] Mueller B., A framework for bug hunting on the ethereum blockchain produced no results
[8] Kalra S., Goel S., Dhawan M., Et al., ZEUS: Analyzing safety of smart contracts, Network and Distributed System Security Symposium, pp. 26-35, (2018)
[9] Zhuang L., Smart contract vulnerability detection using graph neural network, International Joint Conferences on Artificial Intelligence Organization, pp. 3283-3290, (2020)
[10] Huang J., Zhou K.X., Et al., Smart contract vulnerability detection model based on multi-task learning, Sensors, 22, 5, (2022)

← 1 2 3 4 →