ReGuard finding reentrancy bugs in smart contracts

Smart contracts enabled a new way to perform cryptocurrency transactions over blockchains. While this emerging technique introduces free-of-conflicts and transparency, smart contract itself is vulnerable. As a special form of computer program, smart contract can hardly get rid of bugs. Even worse, a...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2018 IEEE/ACM 40th International Conference on Software Engineering: Companion (ICSE-Companion) s. 65 - 68
Hlavní autoři: Liu, Chao, Liu, Han, Cao, Zhao, Chen, Zhong, Chen, Bangdao, Roscoe, Bill
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: New York, NY, USA ACM 27.05.2018
Edice:ACM Conferences
Témata:
Automata
C++ languages
Computer bugs
Contracts
dynamic analysis
Engines
Fuzzing
reentrancy bug
Security and privacy > Software and application security > Software security engineering
smart contract
reentrancy bug
smart contract
dynamic analysis
ISBN:145035663X, 9781450356633
ISSN:2574-1934
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Smart contracts enabled a new way to perform cryptocurrency transactions over blockchains. While this emerging technique introduces free-of-conflicts and transparency, smart contract itself is vulnerable. As a special form of computer program, smart contract can hardly get rid of bugs. Even worse, an exploitable security bug can lead to catastrophic consequences, e.g., loss of cryptocurrency/money. In this demo paper, we focus on the most common type of security bugs in smart contracts, i.e., reentrancy bug, which caused the famous DAO attack with a loss of 60 million US dollars. We presented ReGuard, an fuzzing-based analyzer to automatically detect reentrancy bugs in Ethereum smart contracts. Specifically, ReGuard performs fuzz testing on smart contracts by iteratively generating random but diverse transactions. Based on the runtime traces, ReGuard further dynamically identifies reentrancy vulnerabilities. In the preliminary evaluation, we have analyzed 5 existing Ethereum contracts. ReGuard automatically flagged 7 previously unreported reentrancy bugs. A demo video of ReGuard is at https://youtu.be/XxJ3_-cmUiY.
ISBN:145035663X
9781450356633
ISSN:2574-1934
DOI:10.1145/3183440.3183495