Loading…
A bytecode‐based integrated detection and repair method for reentrancy vulnerabilities in smart contracts
The reentrancy vulnerability in smart contracts has caused significant losses in the digital currency economy. Existing solutions for detecting and repairing this vulnerability are limited in scope and lack a comprehensive framework. Additionally, there is currently a lack of guidance methods for ef...
Saved in:
Published in: | IET blockchain 2024-09, Vol.4 (3), p.235-251 |
---|---|
Main Authors: | , , , , |
Format: | Article |
Language: | English |
Subjects: | |
Citations: | Items that this one cites Items that cite this one |
Online Access: | Get full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | The reentrancy vulnerability in smart contracts has caused significant losses in the digital currency economy. Existing solutions for detecting and repairing this vulnerability are limited in scope and lack a comprehensive framework. Additionally, there is currently a lack of guidance methods for effectively pinpointing the location of vulnerabilities. The proposed bytecode‐level method addresses these challenges by incorporating a detection module, an auxiliary localization module, and a repair module. An opcode classification method is introduced using vulnerability features and a BiLSTM‐Attention‐based sequence model to enhance detection accuracy. To overcome difficulties in vulnerability localization, an auxiliary localization method based on data flow and control flow analysis is proposed, enabling developers to better locate vulnerabilities. Current reentrancy vulnerability repair methods are analyzed and strategies for three reachable patterns are proposed. The bytecode rewriting strategy utilizes Trampoline technology for repair, while a fuel optimization method reduces bytecode generation length to optimize gas costs. Through extensive experimental validation, the effectiveness and superiority of the proposed methods are confirmed, further validating the feasibility of the entire framework. Experimental results demonstrate that the framework offers enhanced protection against reentrancy vulnerability attacks in smart contracts.
We propose a bytecode‐based approach to solve the problem of detecting, locating, and repairing reentrancy vulnerabilities in smart contracts. By introducing a detection module, an auxiliary localization module, and a repairing module, we combine vulnerability features and sequence models to improve detection accuracy, use data flow and control flow analysis to assist in locating vulnerabilities and use Trampoline techniques and optimization strategies for bytecode rewriting and gas optimization. |
---|---|
ISSN: | 2634-1573 2634-1573 |
DOI: | 10.1049/blc2.12043 |