A New Approach to Prevent Reentrant Attack in Solidity Smart Contracts

  • Chunyan DongEmail author
  • Yuanhong Li
  • Liang Tan
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1176)


Currently, Solidity is a high-level language for smart contracts that need to run on Ethereum virtual machines, it is being promoted with the widespread use of Ethereum. However, the Solidity has a feature of fallback function, makes it easier for attackers to use fallback function to launch reentrant attack, which may cause huge economic losses about the user. Therefore, a new method based on Solidity and Condition-Orientated programming is proposed to prevent reentrant attack. This method separates conditional branches and major logical state changes, encapsulates the separated conditional branches into multiple modifiers and defines a global state variable, packages the state of the state variable in the modifier, and finally uses the modifier as a precondition for the transfer function in the smart contract. When an attacker reenters the transfer function in the smart contract, the reentrant attack can be prevented by controlling state variable. The experimental results show that this method not only makes the logic of the contract code more reasonable, but also effective.


Blockchain Smart contract Solidity Reentrant attack 



This work is supported by National Natural Science Foundation of China under grants 61373162, Sichuan Science and Technology Support Project under grants 2019YFG0183, and Visual Computing and Virtual Reality Sichuan Provincial Key Laboratory Project under grants KJ201402.


  1. 1.
    Shuai, W., Liwei, O., Yong, Y., Xiaochun, N., Xuan, H., Feiyue, W.: Blockchain-enabled smart contracts: architecture, applications, and future trends. IEEE Trans. Syst. Man Cybern. Syst., 1–12 (2019). Scholar
  2. 2.
    Yong, Y., Feiyue, W.: Blockchain: the state of the art and future trends. Acta Autom. Sin., 481–494 (2016).
  3. 3.
    Haiwu, H., Zehua, C.: Survey of smart contract technology and application based on blockchain. J. Comput. Res. Dev., 112–126 (2018). CNKI:SUN:JFYZ.0.2018-11-010Google Scholar
  4. 4.
    A peer-to-peer electronic cash system.
  5. 5.
    A Next-Generation Smart Contract and Decentralized Application Platform.
  6. 6.
    A secure decentralised generalised transaction ledger (eip-150 revision).
  7. 7.
    Making sense of blockchain smart contract.
  8. 8.
    Alexander, M., Markus, F.: Security vulnerabilities in ethereum smart contracts. In: Proceedings of the 20th International Conference on Information Integration and Web-based Applications & Services, pp. 375–380. ACM, New York (2018).
  9. 9.
    Néstor, A.D., Jordi, H.J., Pino, C.G.: Smart contracts based on blockchain for logistics management. In: Proceedings of the 1st International Conference on Internet of Things and Machine Learning. ACM, New York (2017).
  10. 10.
    Konstantinos, C., Michael, D.: Blockchains and smart contracts for the Internet of Things. IEEE Access, 2292–2303. Scholar
  11. 11.
    Schrans, F., Eisenbach, S., Drossopoulou, S.: Writing safe smart contracts in Flint. In: Programming 2018 Companion Conference Companion of the 2nd International Conference on Art, Science, and Engineering of Programming, pp. 218–219. ACM, New York (2018).
  12. 12.
    Nick, S.: Smart Contracts: 12 Use Cases for Business & Beyond. Chamber of Digital Commerce (2016)Google Scholar
  13. 13.
    Liwei, O., Shuai, W., Yong, Y., Xiaochun, N., Feiyue, W.: Smart contracts: architecture and research progresses. Acta Autom. Sin., 445–457.
  14. 14.
    Shuang, S., Ke, W., Hyong, S.K.: Smartsupply: smart contract based validation for supply chain blockchain. In: 2018 IEEE International Conference on Internet of Things, Canada. IEEE (2018).
  15. 15.
    Bhabendu, K.M., Soumyashree, S.P., Debasish, J.: An overview of smart contract and use cases in blockchain technology. In: 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), India. IEEE (2018).
  16. 16.
    A new programming language for writing smart contracts on Ethereum.
  17. 17.
    Santiago, B., Henrique, R., Marcus, D., Stéphane, D.: SmartInspect: solidity smart contract inspector. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), Italy. IEEE (2018).
  18. 18.
    Hegedűs, P.: Towards analyzing the complexity landscape of solidity based ethereum smart contracts. In: 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pp. 35–39.
  19. 19.
    Hildenbrandt, E., Saxena, M., Rodrigues, N.: KEVM: a complete formal semantics of the ethereum virtual machine. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), UK, pp. 204–217. IEEE.
  20. 20.
    Ence, Z., Song, H., Bingfeng, P., Jun, S., Yashihide, N., Kazuhiro, Y.: Security assurance for smart contract. In: 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), France, pp. 1–5. IEEE.
  21. 21.
    Karthikeyan, B., Antoine, D.L., Cedric, F., Anitha, G., Georges, G.: Short paper: formal verification of smart contracts. In: 11th ACM Workshop on Programming Languages and Analysis for Security (PLAS), pp. 91–96Google Scholar
  22. 22.
  23. 23.
    Chao, L., Han, L., Zhao, C., Zhong, C., Bangdao, C., Bill, R.: ReGuard: finding reentrancy bugs in smart contracts. In: Proceedings of the 40th International Conference on Software Engineering: Companion Proceedings, pp. 65–68. ACM, New York (2018).
  24. 24.
    Maximilian, W., Uwe, Z.: Smart contracts: security patterns in the ethereum ecosystem and solidity. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), Italy, pp. 2–8. IEEE (2018).
  25. 25.
    Ardit, D.: Ethereum Smart Contracts: Security Vulnerabilities and Security Tools. Norwegian University of Science and Technology (NTNU)Google Scholar
  26. 26.
    Delmolino, K., Arnett, M., Kosba, A., Miller, A., Shi, E.: Step by step towards creating a safe smart contract: lessons and insights from a cryptocurrency lab. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 79–94. Springer, Heidelberg (2016). Scholar
  27. 27.
    Michael, C.: Obsidian: a safer blockchain programming language. In: Proceedings of the 39th International Conference on Software Engineering Companion, USA, pp. 97–99. IEEE Press (2017).
  28. 28.
    Loi, L., Duc-Hiep, C., Hrishi, O., Prateek, S., Aquinas, H.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269. ACM, New York.
  29. 29.
    A comprehensive list of known attack methods and common defense patterns.
  30. 30.

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.College of Computer ScienceSichuan Normal UniversityChengduChina
  2. 2.Sichuan Institute of Science and Technology InformationChengduChina
  3. 3.Institute of Computing Technology, Chinese Academy of SciencesBeijingChina

Personalised recommendations