Advertisement

A New Approach to Prevent Reentrant Attack in Solidity Smart Contracts

  • Chunyan DongEmail author
  • Yuanhong Li
  • Liang Tan
Conference paper
  • 7 Downloads
Part of the Communications in Computer and Information Science book series (CCIS, volume 1176)

Abstract

Currently, Solidity is a high-level language for smart contracts that need to run on Ethereum virtual machines, it is being promoted with the widespread use of Ethereum. However, the Solidity has a feature of fallback function, makes it easier for attackers to use fallback function to launch reentrant attack, which may cause huge economic losses about the user. Therefore, a new method based on Solidity and Condition-Orientated programming is proposed to prevent reentrant attack. This method separates conditional branches and major logical state changes, encapsulates the separated conditional branches into multiple modifiers and defines a global state variable, packages the state of the state variable in the modifier, and finally uses the modifier as a precondition for the transfer function in the smart contract. When an attacker reenters the transfer function in the smart contract, the reentrant attack can be prevented by controlling state variable. The experimental results show that this method not only makes the logic of the contract code more reasonable, but also effective.

Keywords

Blockchain Smart contract Solidity Reentrant attack 

Notes

Acknowledgements

This work is supported by National Natural Science Foundation of China under grants 61373162, Sichuan Science and Technology Support Project under grants 2019YFG0183, and Visual Computing and Virtual Reality Sichuan Provincial Key Laboratory Project under grants KJ201402.

References

  1. 1.
    Shuai, W., Liwei, O., Yong, Y., Xiaochun, N., Xuan, H., Feiyue, W.: Blockchain-enabled smart contracts: architecture, applications, and future trends. IEEE Trans. Syst. Man Cybern. Syst., 1–12 (2019).  https://doi.org/10.1109/tsmc.2019.2895123CrossRefGoogle Scholar
  2. 2.
    Yong, Y., Feiyue, W.: Blockchain: the state of the art and future trends. Acta Autom. Sin., 481–494 (2016).  https://doi.org/10.16383/j.aas.2016.c160158
  3. 3.
    Haiwu, H., Zehua, C.: Survey of smart contract technology and application based on blockchain. J. Comput. Res. Dev., 112–126 (2018). CNKI:SUN:JFYZ.0.2018-11-010Google Scholar
  4. 4.
    A peer-to-peer electronic cash system. http://www.bitcoin.org/bitcoin.pdf
  5. 5.
    A Next-Generation Smart Contract and Decentralized Application Platform. https://github.com/ethereum/wiki/wiki/White-Paper
  6. 6.
    A secure decentralised generalised transaction ledger (eip-150 revision). https://github.com/ethereum/yellowpaper/raw/2c6fba1400e321734ccec19cb5d9cb32a51ffc44/paper.pdf
  7. 7.
    Making sense of blockchain smart contract. https://www.coindesk.com/making-sense-smart-contracts
  8. 8.
    Alexander, M., Markus, F.: Security vulnerabilities in ethereum smart contracts. In: Proceedings of the 20th International Conference on Information Integration and Web-based Applications & Services, pp. 375–380. ACM, New York (2018).  https://doi.org/10.1145/3282373.3282419
  9. 9.
    Néstor, A.D., Jordi, H.J., Pino, C.G.: Smart contracts based on blockchain for logistics management. In: Proceedings of the 1st International Conference on Internet of Things and Machine Learning. ACM, New York (2017).  https://doi.org/10.1145/3109761.3158384
  10. 10.
    Konstantinos, C., Michael, D.: Blockchains and smart contracts for the Internet of Things. IEEE Access, 2292–2303.  https://doi.org/10.1109/access.2016.2566339CrossRefGoogle Scholar
  11. 11.
    Schrans, F., Eisenbach, S., Drossopoulou, S.: Writing safe smart contracts in Flint. In: Programming 2018 Companion Conference Companion of the 2nd International Conference on Art, Science, and Engineering of Programming, pp. 218–219. ACM, New York (2018).  https://doi.org/10.1145/3191697.3213790
  12. 12.
    Nick, S.: Smart Contracts: 12 Use Cases for Business & Beyond. Chamber of Digital Commerce (2016)Google Scholar
  13. 13.
    Liwei, O., Shuai, W., Yong, Y., Xiaochun, N., Feiyue, W.: Smart contracts: architecture and research progresses. Acta Autom. Sin., 445–457.  https://doi.org/10.16383/j.aas.c180586
  14. 14.
    Shuang, S., Ke, W., Hyong, S.K.: Smartsupply: smart contract based validation for supply chain blockchain. In: 2018 IEEE International Conference on Internet of Things, Canada. IEEE (2018).  https://doi.org/10.1109/cybermatics_2018.2018.00186
  15. 15.
    Bhabendu, K.M., Soumyashree, S.P., Debasish, J.: An overview of smart contract and use cases in blockchain technology. In: 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), India. IEEE (2018).  https://doi.org/10.1109/icccnt.2018.8494045
  16. 16.
    A new programming language for writing smart contracts on Ethereum. https://solidity.readthedocs.io/en/develop/
  17. 17.
    Santiago, B., Henrique, R., Marcus, D., Stéphane, D.: SmartInspect: solidity smart contract inspector. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), Italy. IEEE (2018).  https://doi.org/10.1109/iwbose.2018.8327566
  18. 18.
    Hegedűs, P.: Towards analyzing the complexity landscape of solidity based ethereum smart contracts. In: 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pp. 35–39.  https://doi.org/10.1145/3194113.3194119
  19. 19.
    Hildenbrandt, E., Saxena, M., Rodrigues, N.: KEVM: a complete formal semantics of the ethereum virtual machine. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), UK, pp. 204–217. IEEE.  https://doi.org/10.1109/csf.2018.00022
  20. 20.
    Ence, Z., Song, H., Bingfeng, P., Jun, S., Yashihide, N., Kazuhiro, Y.: Security assurance for smart contract. In: 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), France, pp. 1–5. IEEE.  https://doi.org/10.1109/ntms.2018.8328743
  21. 21.
    Karthikeyan, B., Antoine, D.L., Cedric, F., Anitha, G., Georges, G.: Short paper: formal verification of smart contracts. In: 11th ACM Workshop on Programming Languages and Analysis for Security (PLAS), pp. 91–96Google Scholar
  22. 22.
  23. 23.
    Chao, L., Han, L., Zhao, C., Zhong, C., Bangdao, C., Bill, R.: ReGuard: finding reentrancy bugs in smart contracts. In: Proceedings of the 40th International Conference on Software Engineering: Companion Proceedings, pp. 65–68. ACM, New York (2018).  https://doi.org/10.1145/3183440.3183495
  24. 24.
    Maximilian, W., Uwe, Z.: Smart contracts: security patterns in the ethereum ecosystem and solidity. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), Italy, pp. 2–8. IEEE (2018).  https://doi.org/10.1109/iwbose.2018.8327565
  25. 25.
    Ardit, D.: Ethereum Smart Contracts: Security Vulnerabilities and Security Tools. Norwegian University of Science and Technology (NTNU)Google Scholar
  26. 26.
    Delmolino, K., Arnett, M., Kosba, A., Miller, A., Shi, E.: Step by step towards creating a safe smart contract: lessons and insights from a cryptocurrency lab. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 79–94. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53357-4_6CrossRefGoogle Scholar
  27. 27.
    Michael, C.: Obsidian: a safer blockchain programming language. In: Proceedings of the 39th International Conference on Software Engineering Companion, USA, pp. 97–99. IEEE Press (2017).  https://doi.org/10.1109/icse-c.2017.150
  28. 28.
    Loi, L., Duc-Hiep, C., Hrishi, O., Prateek, S., Aquinas, H.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269. ACM, New York.  https://doi.org/10.1145/2976749.2978309
  29. 29.
    A comprehensive list of known attack methods and common defense patterns. https://ethfans.org/posts/comprehensive-list-of-common-attacks-and-defense-part-1
  30. 30.

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.College of Computer ScienceSichuan Normal UniversityChengduChina
  2. 2.Sichuan Institute of Science and Technology InformationChengduChina
  3. 3.Institute of Computing Technology, Chinese Academy of SciencesBeijingChina

Personalised recommendations