{"title":"A bytecode-based integrated detection and repair method for reentrancy vulnerabilities in smart contracts","authors":"Zijun Feng, Yuming Feng, Hui He, Weizhe Zhang, Yu Zhang","doi":"10.1049/blc2.12043","DOIUrl":null,"url":null,"abstract":"<p>The reentrancy vulnerability in smart contracts has caused significant losses in the digital currency economy. Existing solutions for detecting and repairing this vulnerability are limited in scope and lack a comprehensive framework. Additionally, there is currently a lack of guidance methods for effectively pinpointing the location of vulnerabilities. The proposed bytecode-level method addresses these challenges by incorporating a detection module, an auxiliary localization module, and a repair module. An opcode classification method is introduced using vulnerability features and a BiLSTM-Attention-based sequence model to enhance detection accuracy. To overcome difficulties in vulnerability localization, an auxiliary localization method based on data flow and control flow analysis is proposed, enabling developers to better locate vulnerabilities. Current reentrancy vulnerability repair methods are analyzed and strategies for three reachable patterns are proposed. The bytecode rewriting strategy utilizes Trampoline technology for repair, while a fuel optimization method reduces bytecode generation length to optimize gas costs. Through extensive experimental validation, the effectiveness and superiority of the proposed methods are confirmed, further validating the feasibility of the entire framework. Experimental results demonstrate that the framework offers enhanced protection against reentrancy vulnerability attacks in smart contracts.</p>","PeriodicalId":100650,"journal":{"name":"IET Blockchain","volume":"4 3","pages":"235-251"},"PeriodicalIF":0.0000,"publicationDate":"2023-09-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/blc2.12043","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Blockchain","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/blc2.12043","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The reentrancy vulnerability in smart contracts has caused significant losses in the digital currency economy. Existing solutions for detecting and repairing this vulnerability are limited in scope and lack a comprehensive framework. Additionally, there is currently a lack of guidance methods for effectively pinpointing the location of vulnerabilities. The proposed bytecode-level method addresses these challenges by incorporating a detection module, an auxiliary localization module, and a repair module. An opcode classification method is introduced using vulnerability features and a BiLSTM-Attention-based sequence model to enhance detection accuracy. To overcome difficulties in vulnerability localization, an auxiliary localization method based on data flow and control flow analysis is proposed, enabling developers to better locate vulnerabilities. Current reentrancy vulnerability repair methods are analyzed and strategies for three reachable patterns are proposed. The bytecode rewriting strategy utilizes Trampoline technology for repair, while a fuel optimization method reduces bytecode generation length to optimize gas costs. Through extensive experimental validation, the effectiveness and superiority of the proposed methods are confirmed, further validating the feasibility of the entire framework. Experimental results demonstrate that the framework offers enhanced protection against reentrancy vulnerability attacks in smart contracts.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
