Detecting Reentrancy Vulnerabilities for Solidity Smart Contracts With Contract Standards-Based Rules

Abstract

The reentrancy vulnerability is one of the most notorious vulnerabilities of smart contracts. It enables attackers to hijack the control flow of a smart contract by invoking a function as the entry point and then re-invoking a function as the reentry point before the execution of the entry point ends. Although several approaches have been proposed to detect this vulnerability, they still face two main limitations. Firstly, existing approaches oversimplify the rules for identifying entry and reentry points, and many even neglect reentry point identification during vulnerability detection. Secondly, most existing approaches overlook the flow of state variables that are not promptly updated, a critical aspect of the reentrancy vulnerability. To address the limitations mentioned above, this article proposes a novel static analysis framework for reentry vulnerability detection. We formulate the reentrancy vulnerability detection as entry and reentry point identification with the state variable flow tracking. Based on the insight that most smart contracts are implemented following various technical standards, we utilize static analysis with standard-based rules to identify potential entry and reentry points. This is achieved by detecting the presence of hijackable and exploitable operations inside the smart contract. Meanwhile, we also conduct state variable flow tracking by the static taint analysis. To verify the effectiveness of our proposed approach, we construct three different datasets. Then We compare our approach with eight state-of-the-art smart contract vulnerability detectors, and our tool outperforms these baselines in detecting more vulnerable samples with fewer false positive samples. Meanwhile, our approach achieves a relatively shorter detection time with better detection results, striking a trade-off between effectiveness and efficiency.