SoliTester: Detecting exploitable external-risky vulnerability in smart contracts using contract account triggering method

Abstract

The vulnerability in smart contracts (SCs) on the blockchain system may lead to severe security compromises. The SC can be invoked from an externally owned account (EOA) or a contract account (CA). The account a user creates to receive or send ether is an EOA. A CA contains codes that can interact with SCs. In Solidity SC, some vulnerabilities can only be exploited by the interactions between CAs and vulnerable SCs, which can be named external-risky vulnerabilities. Most state-of-the-art (SOTA) detectors detect external-risky vulnerabilities by executing contract codes as an EOA user, thus reporting many unexploitable vulnerabilities. Therefore, we propose a CA-triggering method to identify exploitable external-risky vulnerabilities in Solidity SCs. We first designed agent contracts to simulate CAs' interactions with the target SCs in the real blockchain environment. We then detect vulnerability exploitation by analyzing transaction logs between agent contracts and target SCs and identifying successful exploits. We implemented the CA-triggering method in a tool named SoliTester and evaluated it using three benchmark datasets, which contain three types of external-risky vulnerabilities, namely, Reentancy (RE), Unchecked Call (UcC), and TxOrigin (TO). The results show that SoliTester can efficiently detect exploitable external-risky vulnerabilities with significantly better precisions and recalls than SOTA detectors.