ReGuard finding reentrancy bugs in smart contracts

Smart contracts enabled a new way to perform cryptocurrency transactions over blockchains. While this emerging technique introduces free-of-conflicts and transparency, smart contract itself is vulnerable. As a special form of computer program, smart contract can hardly get rid of bugs. Even worse, a...

Full description

Saved in:
Bibliographic Details
Published in:2018 IEEE/ACM 40th International Conference on Software Engineering: Companion (ICSE-Companion) pp. 65 - 68
Main Authors: Liu, Chao, Liu, Han, Cao, Zhao, Chen, Zhong, Chen, Bangdao, Roscoe, Bill
Format: Conference Proceeding
Language:English
Published: New York, NY, USA ACM 27.05.2018
Series:ACM Conferences
Subjects:
Automata
C++ languages
Computer bugs
Contracts
dynamic analysis
Engines
Fuzzing
reentrancy bug
Security and privacy > Software and application security > Software security engineering
smart contract
reentrancy bug
smart contract
dynamic analysis
ISBN:145035663X, 9781450356633
ISSN:2574-1934
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Smart contracts enabled a new way to perform cryptocurrency transactions over blockchains. While this emerging technique introduces free-of-conflicts and transparency, smart contract itself is vulnerable. As a special form of computer program, smart contract can hardly get rid of bugs. Even worse, an exploitable security bug can lead to catastrophic consequences, e.g., loss of cryptocurrency/money. In this demo paper, we focus on the most common type of security bugs in smart contracts, i.e., reentrancy bug, which caused the famous DAO attack with a loss of 60 million US dollars. We presented ReGuard, an fuzzing-based analyzer to automatically detect reentrancy bugs in Ethereum smart contracts. Specifically, ReGuard performs fuzz testing on smart contracts by iteratively generating random but diverse transactions. Based on the runtime traces, ReGuard further dynamically identifies reentrancy vulnerabilities. In the preliminary evaluation, we have analyzed 5 existing Ethereum contracts. ReGuard automatically flagged 7 previously unreported reentrancy bugs. A demo video of ReGuard is at https://youtu.be/XxJ3_-cmUiY.
ISBN:145035663X
9781450356633
ISSN:2574-1934
DOI:10.1145/3183440.3183495