ReenRepair: Automatic and semantic equivalent repair of reentrancy in smart contracts

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING Journal of Systems and Software Pub Date : 2024-05-22 DOI:10.1016/j.jss.2024.112107

Ruiyao Huang , Qingni Shen , Yuchen Wang , Yiqi Wu , Zhonghai Wu , Xiapu Luo , Anbang Ruan

{"title":"ReenRepair: Automatic and semantic equivalent repair of reentrancy in smart contracts","authors":"Ruiyao Huang , Qingni Shen , Yuchen Wang , Yiqi Wu , Zhonghai Wu , Xiapu Luo , Anbang Ruan","doi":"10.1016/j.jss.2024.112107","DOIUrl":null,"url":null,"abstract":"<div><p>Reentrancy, the most notorious vulnerability in smart contracts, has attracted extensive attention. To eliminate reentrancy before deploying contracts, there is a need to locate and repair the contracts. However, existing tools suffer from false positive localization, original semantics destruction, and high gas overhead. In this work, we propose a template-based gas-optimized reentrancy repair method with semantic maintenance. We avoid false positive locations from verifying the attack’s effectiveness, using connectivity and read–write dependencies. We design the semantic equivalence check algorithm based on the def-use chain. We optimize the lock and reordering templates for reentrancy repair and add semantic maintenance operations. We implement our tool, ReenRepair, and compare it with two state-of-the-art detection tools and two repair tools. The results show that ReenRepair yields good location precision, the highest repair rate, and the lowest gas overhead. All semantic changes caused by lock and 89.66% of semantic changes caused by reordering are successfully maintained.</p></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7000,"publicationDate":"2024-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems and Software","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0164121224001523","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

Reentrancy, the most notorious vulnerability in smart contracts, has attracted extensive attention. To eliminate reentrancy before deploying contracts, there is a need to locate and repair the contracts. However, existing tools suffer from false positive localization, original semantics destruction, and high gas overhead. In this work, we propose a template-based gas-optimized reentrancy repair method with semantic maintenance. We avoid false positive locations from verifying the attack’s effectiveness, using connectivity and read–write dependencies. We design the semantic equivalence check algorithm based on the def-use chain. We optimize the lock and reordering templates for reentrancy repair and add semantic maintenance operations. We implement our tool, ReenRepair, and compare it with two state-of-the-art detection tools and two repair tools. The results show that ReenRepair yields good location precision, the highest repair rate, and the lowest gas overhead. All semantic changes caused by lock and 89.66% of semantic changes caused by reordering are successfully maintained.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

ReenRepair：自动修复智能合约中的重入性并实现语义等同

重入性是智能合约中最臭名昭著的漏洞，已引起广泛关注。为了在部署合约前消除重入性，需要对合约进行定位和修复。然而，现有工具存在定位错误、原始语义被破坏和气体开销高等问题。在这项工作中，我们提出了一种基于模板的气体优化重入性修复方法，并具有语义维护功能。我们利用连通性和读写依赖性避免了验证攻击有效性时的假阳性定位。我们设计了基于 Def-use 链的语义等价性检查算法。我们优化了重入性修复的锁和重排序模板，并添加了语义维护操作。我们实现了我们的工具 ReenRepair，并将其与两款最先进的检测工具和两款修复工具进行了比较。结果表明，ReenRepair 具有良好的定位精度、最高的修复率和最低的气体开销。所有由锁定引起的语义变化和 89.66% 由重新排序引起的语义变化都得到了成功维护。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Journal of Systems and Software 工程技术-计算机：理论方法

CiteScore

8.60

自引率

5.70%

发文量

193

审稿时长

16 weeks

期刊介绍： The Journal of Systems and Software publishes papers covering all aspects of software engineering and related hardware-software-systems issues. All articles should include a validation of the idea presented, e.g. through case studies, experiments, or systematic comparisons with other approaches already in practice. Topics of interest include, but are not limited to: • Methods and tools for, and empirical studies on, software requirements, design, architecture, verification and validation, maintenance and evolution • Agile, model-driven, service-oriented, open source and global software development • Approaches for mobile, multiprocessing, real-time, distributed, cloud-based, dependable and virtualized systems • Human factors and management concerns of software development • Data management and big data issues of software systems • Metrics and evaluation, data mining of software development resources • Business and economic aspects of software development processes The journal welcomes state-of-the-art surveys and reports of practical experience for all of these topics.

期刊最新文献

FSECAM: A contextual thematic approach for linking feature to multi-level software architectural components Exploring emergent microservice evolution in elastic deployment environments An empirical study of AI techniques in mobile applications Information needs in bug reports for web applications Development and benchmarking of multilingual code clone detector