Cross-Contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts

Xue, Y; Ma, M; Lin, Y; Sui, Y; Ye, J; Peng, T

Cross-Contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts

Xue, Y Ma, M Lin, Y Sui, Y

Ye, J Peng, T

Permalink

Publication Type:: Conference Proceeding
Citation:: Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020, 2020, pp. 1029-1040
Issue Date:: 2020-09-01

Closed Access

	Filename	Description	Size
	ase20.pdf	Accepted version	1.78 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Xue, Y
dc.contributor.author	Ma, M
dc.contributor.author	Lin, Y
dc.contributor.author	Sui, Y https://orcid.org/0000-0002-9510-6574
dc.contributor.author	Ye, J
dc.contributor.author	Peng, T
dc.date.accessioned	2021-01-28T00:04:51Z
dc.date.available	2021-01-28T00:04:51Z
dc.date.issued	2020-09-01
dc.identifier.citation	Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020, 2020, pp. 1029-1040
dc.identifier.isbn	9781450367684
dc.identifier.uri	http://hdl.handle.net/10453/145619
dc.description.abstract	© 2020 ACM. Reentrancy bugs, one of the most severe vulnerabilities in smart contracts, have caused huge financial loss in recent years. Researchers have proposed many approaches to detecting them. However, empirical studies have shown that these approaches suffer from undesirable false positives and false negatives, when the code under detection involves the interaction between multiple smart contracts. In this paper, we propose an accurate and efficient cross-contract reentrancy detection approach in practice. Rather than design rule-of-thumb heuristics, we conduct a large empirical study of 11714 real-world contracts from Etherscan against three well-known general-purpose security tools for reentrancy detection. We manually summarized the reentrancy scenarios where the state-of-the-art approaches cannot address. Based on the empirical evidence, we present Clairvoyance, a cross-function and cross-contract static analysis to detect reentrancy vulnerabilities in real world with significantly higher accuracy. To reduce false negatives, we enable, for the first time, a cross-contract call chain analysis by tracking possibly tainted paths. To reduce false positives, we systematically summarized five major path protective techniques (PPTs) to support fast yet precise path feasibility checking. We implemented our approach and compared Clairvoyance with five state-of-the-art tools on 17770 real-worlds contracts. The results show that Clairvoyance yields the best detection accuracy among all the five tools and also finds 101 unknown reentrancy vulnerabilities.
dc.language	en
dc.relation.ispartof	Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020
dc.relation.isbasedon	10.1145/3324884.3416553
dc.rights	info:eu-repo/semantics/closedAccess
dc.title	Cross-Contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts
dc.type	Conference Proceeding
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Strength - AAII - Australian Artificial Intelligence Institute
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
pubs.organisational-group	/University of Technology Sydney
utslib.copyright.status	closed_access	*
dc.date.updated	2021-01-28T00:04:03Z
pubs.publication-status	Published

Abstract:

© 2020 ACM. Reentrancy bugs, one of the most severe vulnerabilities in smart contracts, have caused huge financial loss in recent years. Researchers have proposed many approaches to detecting them. However, empirical studies have shown that these approaches suffer from undesirable false positives and false negatives, when the code under detection involves the interaction between multiple smart contracts. In this paper, we propose an accurate and efficient cross-contract reentrancy detection approach in practice. Rather than design rule-of-thumb heuristics, we conduct a large empirical study of 11714 real-world contracts from Etherscan against three well-known general-purpose security tools for reentrancy detection. We manually summarized the reentrancy scenarios where the state-of-the-art approaches cannot address. Based on the empirical evidence, we present Clairvoyance, a cross-function and cross-contract static analysis to detect reentrancy vulnerabilities in real world with significantly higher accuracy. To reduce false negatives, we enable, for the first time, a cross-contract call chain analysis by tracking possibly tainted paths. To reduce false positives, we systematically summarized five major path protective techniques (PPTs) to support fast yet precise path feasibility checking. We implemented our approach and compared Clairvoyance with five state-of-the-art tools on 17770 real-worlds contracts. The results show that Clairvoyance yields the best detection accuracy among all the five tools and also finds 101 unknown reentrancy vulnerabilities.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/145619