【Author】
Ye, Jiaming; Ma, Mingliang; Lin, Yun; Sui, Yulei; Xue, Yinxing
【Source】2020 ACM/IEEE 42ND INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: COMPANION PROCEEDINGS (ICSE-COMPANION 2020)
【Abstract】Reentrancy bugs in smart contracts caused a devastating financial loss in 2016, considered as one of the most severe vulnerabilities in smart contracts. Most of the existing general-purpose security tools for smart contracts have claimed to be able to detect reentrancy bugs. In this paper, we present Clairvoyance, a cross-function and cross-contract static analysis by identifying infeasible paths to detect reentrancy vulnerabilities in smart contracts. To reduce FPs, we have summarized five major path protective techniques (PPTs) to support fast yet precise path feasibility checking. We have implemented our approach and compared Clairvoyance with three state-of-the-art tools on 17770 real-worlds contracts. The results show that Clairvoyance yields the best detection accuracy among all the tools.
【Keywords】reentrancy detection; path feasibility analysis; cross contract analysis; smart contract security
【标题】Clairvoyance:检测智能合约中实际可重入漏洞的交叉合约静态分析
【摘要】智能合约的重入漏洞在2016年造成了毁灭性的财务损失,被认为是智能合约最严重的漏洞之一。大多数现有的智能合约通用安全工具都声称能够检测重入漏洞。在本文中,我们提出了Clairvoyance,这是一种跨功能和跨合约的静态分析,通过识别不可行的路径来检测智能合约中的可重入漏洞。为了减少FPs,我们总结了五种主要的路径保护技术(ppt),以支持快速而精确的路径可行性检查。我们已经实现了我们的方法,并将千里眼与三种最先进的工具对17770个现实世界的合同进行了比较。结果表明,千里眼的检测精度是所有工具中最好的。
【关键词】可重入性检测;路径的可行性分析;交叉合约分析;智能合约安全
评论