Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
153 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Uncover the Premeditated Attacks: Detecting Exploitable Reentrancy Vulnerabilities by Identifying Attacker Contracts (2403.19112v1)

Published 28 Mar 2024 in cs.CR and cs.SE

Abstract: Reentrancy, a notorious vulnerability in smart contracts, has led to millions of dollars in financial loss. However, current smart contract vulnerability detection tools suffer from a high false positive rate in identifying contracts with reentrancy vulnerabilities. Moreover, only a small portion of the detected reentrant contracts can actually be exploited by hackers, making these tools less effective in securing the Ethereum ecosystem in practice. In this paper, we propose BlockWatchdog, a tool that focuses on detecting reentrancy vulnerabilities by identifying attacker contracts. These attacker contracts are deployed by hackers to exploit vulnerable contracts automatically. By focusing on attacker contracts, BlockWatchdog effectively detects truly exploitable reentrancy vulnerabilities by identifying reentrant call flow. Additionally, BlockWatchdog is capable of detecting new types of reentrancy vulnerabilities caused by poor designs when using ERC tokens or user-defined interfaces, which cannot be detected by current rule-based tools. We implement BlockWatchdog using cross-contract static dataflow techniques based on attack logic obtained from an empirical study that analyzes attacker contracts from 281 attack incidents. BlockWatchdog is evaluated on 421,889 Ethereum contract bytecodes and identifies 113 attacker contracts that target 159 victim contracts, leading to the theft of Ether and tokens valued at approximately 908.6 million USD. Notably, only 18 of the identified 159 victim contracts can be reported by current reentrancy detection tools.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (61)
  1. 2022. Hacker drains $1.4 million worth of ETH from NFT lender Omni. https://www.theblock.co/post/156800/hacker-drains-1-4-million-worth-of-eth-from-nft-lender-omni Section: Hacks.
  2. 2022. Medium – Where good ideas find you. https://medium.com/
  3. alchemy 2023. alchemy. https://www.alchemy.com/.
  4. The Oracle Problem in Software Testing: A Survey. IEEE Transactions on Software Engineering 41, 5 (2015), 507–525. https://doi.org/10.1109/TSE.2014.2372785
  5. Antonia Bertolino. 2007. Software testing research: Achievements, challenges, dreams. In Future of Software Engineering (FOSE’07). IEEE, 85–103.
  6. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs.. In OSDI, Vol. 8. 209–224.
  7. Smartian: Enhancing smart contract fuzzing with static and dynamic data-flow analyses. In 2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 227–239.
  8. consensys 2023. Consensys. https://consensys.net/.
  9. C.R.E.A.M. Finance 2023. C.R.E.A.M. Finance. https://docs.cream.finance/.
  10. EIP 2023. Ethereum Improvement Proposals. https://eips.ethereum.org/.
  11. eip-55 2023. EIP-55. https://eips.ethereum.org/EIPS/eip-55.
  12. ERC-3156: Flash Loans 2023. ERC-3156: Flash Loans. https://eips.ethereum.org/EIPS/eip-3156.
  13. erc1155 2023. ERC-1155 MULTI-TOKEN STANDARD. https://ethereum.org/en/developers/docs/standards/tokens/erc-1155/.
  14. erc777 2022. ERC-777 TOKEN STANDARD. https://ethereum.org/en/developers/docs/standards/tokens/erc-777/.
  15. etherscan 2023. Etherscan - The Ethereum Blockchain Explorer. https://etherscan.io/.
  16. Madmax: Surviving out-of-gas conditions in ethereum smart contracts. Proceedings of the ACM on Programming Languages 2, OOPSLA (2018), 1–27.
  17. Elipmoc: advanced decompilation of Ethereum smart contracts. Proceedings of the ACM on Programming Languages 6, OOPSLA1 (2022), 1–27.
  18. Harvard CodeBlue 2018. EIP-721: Non-Fungible Token Standard. https://eips.ethereum.org/EIPS/eip-721.
  19. ivisor 2021. Visor Finance Suffers another DeFi Hack as Losses Mount Up to $8.2M. https://www.fxempire.com/news/article/defi-protocols-have-lost-680-million-so-far-in-2021-795829.
  20. Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 259–269.
  21. Zeus: analyzing safety of smart contracts.. In Ndss. 1–12.
  22. DeFiTainter: Detecting Price Manipulation Vulnerabilities in DeFi Protocols. In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. 1144–1156.
  23. Johannes Krupp and Christian Rossow. 2018. teether: Gnawing at ethereum to automatically exploit smart contracts. In 27th {normal-{\{{USENIX}normal-}\}} Security Symposium ({normal-{\{{USENIX}normal-}\}} Security 18). 1317–1333.
  24. lendfme 2020. About Recent Uniswap and Lendf.Me Reentrancy Attacks. https://medium.com/imtoken/about-recent-uniswap-and-lendf-me-reentrancy-attacks-7cebe834cb3.
  25. A survey on the security of blockchain systems. Future generation computer systems 107 (2020), 841–853.
  26. SmartDagger: a bytecode-based static analysis approach for detecting cross-contract vulnerability. In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis. 752–764.
  27. Reguard: finding reentrancy bugs in smart contracts. In Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings. 65–68.
  28. Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. 254–269.
  29. Bernhard Mueller. 2018. Smashing ethereum smart contracts for fun and real profit. HITB SECCONF Amsterdam 9 (2018), 54.
  30. Mythril 2023. Mythril. https://mythril-classic.readthedocs.io/en/master/module-list.html.
  31. sfuzz: An efficient adaptive fuzzer for solidity smart contracts. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. 778–788.
  32. Finding the greedy, prodigal, and suicidal contracts at scale. In Proceedings of the 34th annual computer security applications conference. 653–663.
  33. Standardising smart contracts: Automatically inferring ERC standards. In 2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). IEEE, 192–195.
  34. peckshield 2023. Peckshield - Industry Leading Blockchain Security Company. https://peckshield.com/.
  35. Daniel Perez and Benjamin Livshits. 2021. Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited.. In USENIX Security Symposium. 1325–1341.
  36. Phalcon 2023. Powerful Transaction Explorer Designed For DeFi Community. https://explorer.phalcon.xyz/.
  37. primitivefinance 2023. Whitehack by Primitive Finance: MOST FUNDS ARE SAFE. User action required. https://primitivefinance.medium.com/whitehack-by-primitive-finance-most-funds-are-safe-user-action-required-4dd31c387b8.
  38. The blockchain imitation game. arXiv preprint arXiv:2303.17877 (2023).
  39. Sailfish: A framework for large scale data processing. In Proceedings of the Third ACM Symposium on Cloud Computing. 1–14.
  40. revest 2022. Revest Finance Vulnerabilities: More than Re-entrancy. https://blocksecteam.medium.com/revest-finance-vulnerabilities-more-than-re-entrancy-1609957b742f.
  41. Sereum: Protecting existing smart contracts against re-entrancy attacks. arXiv preprint arXiv:1812.05934 (2018).
  42. Securify 2.0 2023. Securify 2.0. https://github.com/eth-sri/securify2.
  43. Donna Spencer. 2009. Card sorting: Designing usable categories. Rosenfeld Media.
  44. Effectively generating vulnerable transaction sequences in smart contracts with reinforcement learning-guided fuzzing. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering. 1–12.
  45. Evil under the sun: understanding and discovering attacks on Ethereum decentralized applications. In 30th USENIX Security Symposium (USENIX Security 21). 1307–1324.
  46. Nick Szabo. 1997. Formalizing and securing relationships on public networks. First monday (1997).
  47. Frontrunner jones and the raiders of the dark forest: An empirical study of frontrunning on the ethereum blockchain. arXiv preprint arXiv:2102.03347 (2021).
  48. Securify: Practical security analysis of smart contracts. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 67–82.
  49. Twitter 2023. Twitter. https://twitter.com/.
  50. UniswapV2 2023. UniswapV2. https://github.com/Uniswap/v2-core/blob/master/contracts/UniswapV2Pair.sol.
  51. uniswap_v3 2023. The Uniswap V3 Smart Contracts. https://docs.uniswap.org/contracts/v3/overvie.
  52. web3py 2023. web3py. https://web3py.readthedocs.io/en/stable/web3.eth.html.
  53. Sok: Decentralized finance (defi). In Proceedings of the 4th ACM Conference on Advances in Financial Technologies. 30–46.
  54. whitehats 2023. Why White Hat Hackers Are Vital to the Crypto Ecosystem. https://www.coindesk.com/layer2/2022/02/23/why-white-hat-hackers-are-vital-to-the-crypto-ecosystem/.
  55. Kaidong Wu. 2019. An empirical study of blockchain-based decentralized applications. arXiv preprint arXiv:1902.04969 (2019).
  56. Cross-contract static analysis for detecting practical reentrancy vulnerabilities in smart contracts. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering. 1029–1040.
  57. Definition and Detection of Defects in NFT Smart Contracts. In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (Seattle, WA, USA) (ISSTA 2023). Association for Computing Machinery, New York, NY, USA, 373–384. https://doi.org/10.1145/3597926.3598063
  58. Reentrancy vulnerability detection and localization: A deep learning based two-phase approach. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering. 1–13.
  59. An overview on smart contracts: Challenges, advances and platforms. Future Generation Computer Systems 105 (2020), 475–491.
  60. Turn the Rudder: A Beacon of Reentrancy Detection for Smart Contracts on Ethereum. arXiv:2303.13770 [cs.SE]
  61. An ever-evolving game: Evaluation of real-world attacks and defenses in ethereum ecosystem. In Proceedings of the 29th USENIX Conference on Security Symposium. 2793–2809.
Citations (5)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets