Loading…

A bytecode‐based integrated detection and repair method for reentrancy vulnerabilities in smart contracts

The reentrancy vulnerability in smart contracts has caused significant losses in the digital currency economy. Existing solutions for detecting and repairing this vulnerability are limited in scope and lack a comprehensive framework. Additionally, there is currently a lack of guidance methods for ef...

Full description

Saved in:
Bibliographic Details
Published in:IET blockchain 2024-09, Vol.4 (3), p.235-251
Main Authors: Feng, Zijun, Feng, Yuming, He, Hui, Zhang, Weizhe, Zhang, Yu
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The reentrancy vulnerability in smart contracts has caused significant losses in the digital currency economy. Existing solutions for detecting and repairing this vulnerability are limited in scope and lack a comprehensive framework. Additionally, there is currently a lack of guidance methods for effectively pinpointing the location of vulnerabilities. The proposed bytecode‐level method addresses these challenges by incorporating a detection module, an auxiliary localization module, and a repair module. An opcode classification method is introduced using vulnerability features and a BiLSTM‐Attention‐based sequence model to enhance detection accuracy. To overcome difficulties in vulnerability localization, an auxiliary localization method based on data flow and control flow analysis is proposed, enabling developers to better locate vulnerabilities. Current reentrancy vulnerability repair methods are analyzed and strategies for three reachable patterns are proposed. The bytecode rewriting strategy utilizes Trampoline technology for repair, while a fuel optimization method reduces bytecode generation length to optimize gas costs. Through extensive experimental validation, the effectiveness and superiority of the proposed methods are confirmed, further validating the feasibility of the entire framework. Experimental results demonstrate that the framework offers enhanced protection against reentrancy vulnerability attacks in smart contracts. We propose a bytecode‐based approach to solve the problem of detecting, locating, and repairing reentrancy vulnerabilities in smart contracts. By introducing a detection module, an auxiliary localization module, and a repairing module, we combine vulnerability features and sequence models to improve detection accuracy, use data flow and control flow analysis to assist in locating vulnerabilities and use Trampoline techniques and optimization strategies for bytecode rewriting and gas optimization.
ISSN:2634-1573
2634-1573
DOI:10.1049/blc2.12043