poster

Clairvoyance: cross-contract static analysis for detecting practical reentrancy vulnerabilities in smart contracts

Authors:

Jiaming Ye,

Mingliang Ma,

Yun Lin,

Yulei Sui,

Yinxing XueAuthors Info & Claims

ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: Companion Proceedings

Pages 274 - 275

https://doi.org/10.1145/3377812.3390908

Published: 01 October 2020 Publication History

Get Access

Abstract

Reentrancy bugs in smart contracts caused a devastating financial loss in 2016, considered as one of the most severe vulnerabilities in smart contracts. Most of the existing general-purpose security tools for smart contracts have claimed to be able to detect reentrancy bugs. In this paper, we present Clairvoyance, a cross-function and cross-contract static analysis by identifying infeasible paths to detect reentrancy vulnerabilities in smart contracts. To reduce FPs, we have summarized five major path protective techniques (PPTs) to support fast yet precise path feasibility checking. We have implemented our approach and compared Clairvoyance with three state-of-the-art tools on 17770 real-worlds contracts. The results show that Clairvoyance yields the best detection accuracy among all the tools.

References

[1]

2015. Ethereum: Blockchain App Platform. https://www.ethereum.org/. Online; accessed 29 January 2019.

Google Scholar

[2]

2019. A Block Explorer and Analytics Platform for Ethereum. https://etherscan.io/. Online; accessed 29 January 2019.

Google Scholar

[3]

David Siegel. [n.d.]. Understanding the DAO Attack. Website. https://www.coindesk.com/understanding-dao-hack-journalists.

Google Scholar

[4]

Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making Smart Contracts Smarter. In CCS 2016. 254--269.

Digital Library

Google Scholar

[5]

trailofbits. 2019. Slither. github. https://github.com/trailofbits/slither.

Google Scholar

[6]

Petar Tsankov, Andrei Marian Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Bünzli, and Martin T. Vechev. 2018. Securify: Practical Security Analysis of Smart Contracts. In CCS 2018. 67--82.

Google Scholar

Cited By

View all

Zaazaa OEl Bakkali H(2024)SmartLLMSentry: A Comprehensive LLM Based Smart Contract Vulnerability Detection FrameworkJournal of Metaverse10.57019/jmv.14890604:2(126-137)Online publication date: 31-Dec-2024
https://doi.org/10.57019/jmv.1489060
Zheng X(2024)Research on blockchain smart contract technology based on resistance to quantum computing attacksPLOS ONE10.1371/journal.pone.030232519:5(e0302325)Online publication date: 23-May-2024
https://doi.org/10.1371/journal.pone.0302325
Chaliasos SCharalambous MZhou LGalanopoulou RGervais AMitropoulos DLivshits BRoychoudhury APaiva AAbreu RStorey M(2024)Smart Contract and DeFi Security Tools: Do They Meet the Needs of Practitioners?Proceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3623302(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3623302
Show More Cited By

Index Terms

Clairvoyance: cross-contract static analysis for detecting practical reentrancy vulnerabilities in smart contracts

Index terms have been assigned to the content through auto-classification.

Recommendations

A comprehensive survey of smart contract security: State of the art and research directions
Abstract
Future protocols in the digital society will be built on the foundation of smart contracts, which are code and algorithmic contracts. Smart contracts enable all phases of the contracting process without the need for outside parties by using ...
Highlights
- We introduce the background of Ethereum.
- Then, the security challenges faced by blockchain smart contracts are proposed.
- We summarize several types of smart contract security solutions related to the topic of smart contract ...
Vulnerability detection techniques for smart contracts: A systematic literature review
Abstract
The number of applications supported by blockchain smart contracts has been greatly increasing in recent years, with smart contracts now being used across several domains, such as the music industry, finance, and retail, to name a few. Despite ...
Highlights
- A categorization of smart contract vulnerability detection techniques.
- The identification of smart contract vulnerabilities that are the target of current vulnerability detection tools.
- An analysis of the datasets used in smart ...
Investigating Security Vulnerabilities and Tools of Blockchain Smart Contract: A Review
IC3-2023: Proceedings of the 2023 Fifteenth International Conference on Contemporary Computing

Smart contracts are simply computer programs. These programs are deployed on distributed nodes over the blockchain network. These are executed without the need for third-party authentication. Usually, smart contracts are used for transferring assets so ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: Companion Proceedings

June 2020

357 pages

ISBN:9781450371223

DOI:10.1145/3377812

General Chairs:
Gregg Rothermel
North Carolina State University
,
Doo-Hwan Bae
KAIST, South Korea

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

In-Cooperation

KIISE: Korean Institute of Information Scientists and Engineers
IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 2020

Check for updates

Author Tags

Qualifiers

Poster

Conference

ICSE '20

Sponsor:

SIGSOFT

ICSE '20: 42nd International Conference on Software Engineering

June 27 - July 19, 2020

Seoul, South Korea

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
343
Total Downloads

Downloads (Last 12 months)65
Downloads (Last 6 weeks)3

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Zaazaa OEl Bakkali H(2024)SmartLLMSentry: A Comprehensive LLM Based Smart Contract Vulnerability Detection FrameworkJournal of Metaverse10.57019/jmv.14890604:2(126-137)Online publication date: 31-Dec-2024
https://doi.org/10.57019/jmv.1489060
Zheng X(2024)Research on blockchain smart contract technology based on resistance to quantum computing attacksPLOS ONE10.1371/journal.pone.030232519:5(e0302325)Online publication date: 23-May-2024
https://doi.org/10.1371/journal.pone.0302325
Chaliasos SCharalambous MZhou LGalanopoulou RGervais AMitropoulos DLivshits BRoychoudhury APaiva AAbreu RStorey M(2024)Smart Contract and DeFi Security Tools: Do They Meet the Needs of Practitioners?Proceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3623302(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3623302
Zhou XWang QLiu YChen XHuang YZheng Z(2024)Are the smart contracts on Q&A site reliable?Software: Practice and Experience10.1002/spe.336155:1(29-48)Online publication date: 30-Jun-2024
https://doi.org/10.1002/spe.3361
García-Valls MChirivella-Ciruelos A(2023)Provenance Verification of Smart Contracts: Analysing the Cost of Ensuring Authenticity over the Logic Hosted in Blockchain NetworksInformation10.3390/info1501002415:1(24)Online publication date: 31-Dec-2023
https://doi.org/10.3390/info15010024
He YDong HWu HDuan Q(2023)Formal Analysis of Reentrancy Vulnerabilities in Smart Contract Based on CPNElectronics10.3390/electronics1210215212:10(2152)Online publication date: 9-May-2023
https://doi.org/10.3390/electronics12102152
Zaazaa OEl Bakkali H(2023)A systematic literature review of undiscovered vulnerabilities and tools in smart contract technologyJournal of Intelligent Systems10.1515/jisys-2023-003832:1Online publication date: 4-Sep-2023
https://doi.org/10.1515/jisys-2023-0038
Ye MNan YZheng ZWu DLi HJust RFraser G(2023)Detecting State Inconsistency Bugs in DApps via On-Chain Transaction Replay and FuzzingProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598057(298-309)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598057
Chirivella-Ciruelos AGarcía-Valls M(2023)Automating the verification of smart contracts in blockchain networks for improving security*2023 49th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)10.1109/SEAA60479.2023.00028(128-131)Online publication date: 6-Sep-2023
https://doi.org/10.1109/SEAA60479.2023.00028
Ramachandra AAishwarya PSharma AVerma ASaksham A(2023)A Smart Contract for Coffee Supply Chain2023 International Conference on Applied Intelligence and Sustainable Computing (ICAISC)10.1109/ICAISC58445.2023.10199528(1-7)Online publication date: 16-Jun-2023
https://doi.org/10.1109/ICAISC58445.2023.10199528
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

A comprehensive survey of smart contract security: State of the art and research directions

Vulnerability detection techniques for smart contracts: A systematic literature review

Investigating Security Vulnerabilities and Tools of Blockchain Smart Contract: A Review

Comments

Information

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations