【Author】
Xue, Yinxing; Ma, Mingliang; Lin, Yun; Sui, Yulei; Ye, Jiaming; Peng, Tianyong
【Source】2020 35TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE 2020)
【Abstract】Reentrancy bugs, one of the most severe vulnerabilities in smart contracts, have caused huge financial loss in recent years. Researchers have proposed many approaches to detecting them. However, empirical studies have shown that these approaches suffer from undesirable false positives and false negatives, when the code under detection involves the interaction between multiple smart contracts. In this paper, we propose an accurate and efficient cross-contract reentrancy detection approach in practice. Rather than design rule-of-thumb heuristics, we conduct a large empirical study of 11714 real-world contracts from Etherscan against three well-known general-purpose security tools for reentrancy detection. We manually summarized the reentrancy scenarios where the state-of-the-art approaches cannot address. Based on the empirical evidence, we present CLAIRVOYANCE, a cross-function and cross-contract static analysis to detect reentrancy vulnerabilities in real world with significantly higher accuracy. To reduce false negatives, we enable, for the first time, a cross-contract call chain analysis by tracking possibly tainted paths. To reduce false positives, we systematically summarized five major path protective techniques (PPTs) to support fast yet precise path feasibility checking. We implemented our approach and compared CLAIRVOYANCE with five state-of-the-art tools on 17770 real-worlds contracts. The results show that CLAIRVOYANCE yields the best detection accuracy among all the five tools and also finds 101 unknown reentrancy vulnerabilities.
【Keywords】reentrancy vulnerabilities; static taint analysis; cross-contract analysis; smart contracts
【标题】用于检测智能合约中实际可重入漏洞的交叉合约静态分析
【摘要】可重入漏洞是智能合约最严重的漏洞之一,近年来已经造成了巨大的经济损失。研究人员提出了许多检测它们的方法。然而,实证研究表明,当被检测的代码涉及多个智能合约之间的交互时,这些方法会遭受不必要的误报和误报。在本文中,我们提出了一种准确、高效的交叉契约重入检测方法。我们对Etherscan的11714个真实合同进行了大规模的实证研究,而不是采用经验法则来进行启发性设计,研究对象是三种著名的通用安全工具,用于可重入检测。我们手工总结了最先进的方法无法解决的可重入场景。基于经验证据,我们提出了CLAIRVOYANCE,这是一种跨功能、跨合约的静态分析,能够以更高的精度检测现实世界中的可重入漏洞。为了减少假否定,我们首次通过跟踪可能受污染的路径来实现交叉契约调用链分析。为了减少误报,我们系统地总结了5种主要的路径保护技术(PPTs),以支持快速而精确的路径可行性检查。我们实施了我们的方法,并将千里眼与五种最先进的工具对17770份真实世界的合同进行了比较。结果表明,在所有五种工具中,CLAIRVOYANCE的检测精度最好,并且发现了101个未知的重入漏洞。
【关键词】可重入性漏洞;静态污染分析;cross-contract分析;智能合约
评论