Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks

Rodler, Michael; Li, Wenting; Karame, Ghassan; Davi, Lucas

doi:10.14722/ndss.2019.23413

Cited by 134 publications

(162 citation statements)

References 17 publications

Supporting

Mentioning

162

Contrasting

Order By: Relevance

“…This research aims to present a practical tool to detect bugs from online contracts in bytecode format. Our tool roots the same assumption with previous techniques [Luu et al 2016;Nikolić et al 2018;Rodler et al 2018;Tsankov et al 2018] that aim to find bugs rather than rigorous verification, which would come with its own set of challenges, such as the typical lack of nontrivial and complete contract-specific properties.…”

Section: Soundness and Completenessmentioning

confidence: 83%

“…Some other research, including MADMAX, which focuses on a set of gas-focused vulnerabilities associated with denial-of-service attack [Grech et al 2018], and TeEther [Krupp and Rossow 2018], which synthesizes exploitation towards online contracts, is orthogonal to our work. In addition, some runtime monitoring techniques enforce data-flow integrity to defeat reentrancy attacks [Rodler et al 2018]. We also notice a line of research work verifying smart contracts with formal methods [Amani et al 2018;Bhargavan et al 2016;Grishchenko et al 2018;Hildenbrandt et al 2018;Hirai 2017].…”

Section: Related Workmentioning

confidence: 97%

“…The initiating cause of EO bugs is the nondeterministic scheduling as well. There could exist even tricker reentrancy attack vectors by crossing different contracts [Rodler et al 2018]. For instance, EVM enables łcontract delegationž for a contract to outsource its global storage and computations to some online library contracts with common reusable functionalities.…”

Section: Overview Of Payment Bugs Detectable By Npcheckermentioning

confidence: 99%

“…In addition, a contract is allowed to create another contract, where the constructor function of the newly-created contract is called for initialization. However, a newly-created contract could perform (malicious) reentrancy by redirecting the execution flow from its constructor to functions of its creator [Rodler et al 2018]. As studied in recent research, such cross-contract reentrancy attacks can impede existing static bug detectors, because it is not feasible to analyze individual contracts to reveal such hidden defects.…”

Section: Overview Of Payment Bugs Detectable By Npcheckermentioning

confidence: 99%

“…Meanwhile, abnormal behaviors are monitored during online execution by instrumenting the Ethereum Virtual Machine (EVM). Most of these existing approaches utilize appropriate predefined vulnerability patterns which can only be found by experts [ConsenSys 2018;Jiang et al 2018;Kalra et al 2018;Luu et al 2016;Rodler et al 2018;Tsankov et al 2018]. Hence, our capability of finding defects and identifying contract vulnerabilities is limited by the currently known patterns.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Detecting nondeterministic payment bugs in Ethereum smart contracts

Wang

Zhang

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

The term łsmart contractsž has become ubiquitous to describe an enormous number of programs uploaded to the popular Ethereum blockchain system. Despite rapid growth of the smart contract ecosystem, errors and exploitations have been constantly reported from online contract systems, which has put financial stability at risk with losses totaling millions of US dollars. Most existing research focuses on pinpointing specific types of vulnerabilities using known patterns. However, due to the lack of awareness of the inherent nondeterminism in the Ethereum blockchain system and how it affects the funds transfer of smart contracts, there can be unknown vulnerabilities that may be exploited by attackers to access numerous online smart contracts. In this paper, we introduce a methodical approach to understanding the inherent nondeterminism in the Ethereum blockchain system and its (unwanted) influence on contract payments. We show that our new focus on nondeterminism-related smart contract payment bugs captures the root causes of many common vulnerabilities without relying on any known patterns and also encompasses recently disclosed issues that are not handled by existing research. To do so, we introduce techniques to systematically model components in the contract execution context and to expose various nondeterministic factors that are not yet fully understood. We further study how these nondeterministic factors impact contract funds transfer using information flow tracking. The technical challenge of detecting nondeterministic payments lies in discovering the contract global variables subtly affected by read-write hazards because of unpredictable transaction scheduling and external callee behavior. We show how to augment and instrument a contract program into a representation that simulates the execution of a large subset of the contract behavior. The instrumented code is then analyzed to flag nondeterministic global variables using off-the-shelf model checkers. We implement the proposed techniques as a practical tool named NPChecker (Nondeterministic Payment Checker) and evaluate it on 30K online contracts (3,075 distinct) collected from the Ethereum mainnet. NPChecker has successfully detected nondeterministic payments in 1,111 online contracts with reasonable cost. Further investigation reports high precision of NPChecker (only four false positives in a manual study of 50 contracts). We also show that NPChecker unveils contracts vulnerable to recently-disclosed attack vectors. NPChecker can identify all six new vulnerabilities or variants of common smart contract vulnerabilities that are missed by existing research relying on a łcontract vulnerability checklist. ž CCS Concepts: • Software and its engineering → General programming languages.

show abstract

Section: Soundness and Completenessmentioning

confidence: 83%

Section: Related Workmentioning

confidence: 97%

Section: Overview Of Payment Bugs Detectable By Npcheckermentioning

confidence: 99%

Section: Overview Of Payment Bugs Detectable By Npcheckermentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Detecting nondeterministic payment bugs in Ethereum smart contracts

Wang

Zhang

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

A Generalized Formal Semantic Framework for Smart Contracts

Jiao

Lin

Sun

2020

Fundamental Approaches to Software Engineering

View full text Add to dashboard Cite

Smart contracts can be regarded as one of the most popular blockchain-based applications. The decentralized nature of the blockchain introduces vulnerabilities absent in other programs. Furthermore, it is very difficult, if not impossible, to patch a smart contract after it has been deployed. Therefore, smart contracts must be formally verified before they are deployed on the blockchain to avoid attacks exploiting these vulnerabilities. There is a recent surge of interest in analyzing and verifying smart contracts. While most of the existing works either focus on EVM bytecode or translate Solidity contracts into programs in intermediate languages for analysis and verification, we believe that a direct executable formal semantics of the high-level programming language of smart contracts is necessary to guarantee the validity of the verification. In this work, we propose a generalized formal semantic framework based on a general semantic model of smart contracts. Furthermore, this framework can directly handle smart contracts written in different high-level programming languages through semantic extensions and facilitates the formal verification of security properties with the generated semantics.

show abstract

Trust Me If You Can: Trusted Transformation Between (JSON) Schemas to Support Global Authentication of Education Credentials

Grassberger

Hörandner

et al. 2021

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks

Cited by 134 publications

References 17 publications

Detecting nondeterministic payment bugs in Ethereum smart contracts

Detecting nondeterministic payment bugs in Ethereum smart contracts

A Generalized Formal Semantic Framework for Smart Contracts

Trust Me If You Can: Trusted Transformation Between (JSON) Schemas to Support Global Authentication of Education Credentials

Contact Info

Product

Resources

About