Skip to main content
SpringerLink
Log in

A New Approach to Prevent Reentrant Attack in Solidity Smart Contracts

  • Conference paper
  • First Online:
Blockchain Technology and Application (CBCC 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1176))

Included in the following conference series:

Abstract

Currently, Solidity is a high-level language for smart contracts that need to run on Ethereum virtual machines, it is being promoted with the widespread use of Ethereum. However, the Solidity has a feature of fallback function, makes it easier for attackers to use fallback function to launch reentrant attack, which may cause huge economic losses about the user. Therefore, a new method based on Solidity and Condition-Orientated programming is proposed to prevent reentrant attack. This method separates conditional branches and major logical state changes, encapsulates the separated conditional branches into multiple modifiers and defines a global state variable, packages the state of the state variable in the modifier, and finally uses the modifier as a precondition for the transfer function in the smart contract. When an attacker reenters the transfer function in the smart contract, the reentrant attack can be prevented by controlling state variable. The experimental results show that this method not only makes the logic of the contract code more reasonable, but also effective.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Shuai, W., Liwei, O., Yong, Y., Xiaochun, N., Xuan, H., Feiyue, W.: Blockchain-enabled smart contracts: architecture, applications, and future trends. IEEE Trans. Syst. Man Cybern. Syst., 1–12 (2019). https://doi.org/10.1109/tsmc.2019.2895123

    Article  Google Scholar 

  2. Yong, Y., Feiyue, W.: Blockchain: the state of the art and future trends. Acta Autom. Sin., 481–494 (2016). https://doi.org/10.16383/j.aas.2016.c160158

  3. Haiwu, H., Zehua, C.: Survey of smart contract technology and application based on blockchain. J. Comput. Res. Dev., 112–126 (2018). CNKI:SUN:JFYZ.0.2018-11-010

    Google Scholar 

  4. A peer-to-peer electronic cash system. http://www.bitcoin.org/bitcoin.pdf

  5. A Next-Generation Smart Contract and Decentralized Application Platform. https://github.com/ethereum/wiki/wiki/White-Paper

  6. A secure decentralised generalised transaction ledger (eip-150 revision). https://github.com/ethereum/yellowpaper/raw/2c6fba1400e321734ccec19cb5d9cb32a51ffc44/paper.pdf

  7. Making sense of blockchain smart contract. https://www.coindesk.com/making-sense-smart-contracts

  8. Alexander, M., Markus, F.: Security vulnerabilities in ethereum smart contracts. In: Proceedings of the 20th International Conference on Information Integration and Web-based Applications & Services, pp. 375–380. ACM, New York (2018). https://doi.org/10.1145/3282373.3282419

  9. Néstor, A.D., Jordi, H.J., Pino, C.G.: Smart contracts based on blockchain for logistics management. In: Proceedings of the 1st International Conference on Internet of Things and Machine Learning. ACM, New York (2017). https://doi.org/10.1145/3109761.3158384

  10. Konstantinos, C., Michael, D.: Blockchains and smart contracts for the Internet of Things. IEEE Access, 2292–2303. https://doi.org/10.1109/access.2016.2566339

    Article  Google Scholar 

  11. Schrans, F., Eisenbach, S., Drossopoulou, S.: Writing safe smart contracts in Flint. In: Programming 2018 Companion Conference Companion of the 2nd International Conference on Art, Science, and Engineering of Programming, pp. 218–219. ACM, New York (2018). https://doi.org/10.1145/3191697.3213790

  12. Nick, S.: Smart Contracts: 12 Use Cases for Business & Beyond. Chamber of Digital Commerce (2016)

    Google Scholar 

  13. Liwei, O., Shuai, W., Yong, Y., Xiaochun, N., Feiyue, W.: Smart contracts: architecture and research progresses. Acta Autom. Sin., 445–457. https://doi.org/10.16383/j.aas.c180586

  14. Shuang, S., Ke, W., Hyong, S.K.: Smartsupply: smart contract based validation for supply chain blockchain. In: 2018 IEEE International Conference on Internet of Things, Canada. IEEE (2018). https://doi.org/10.1109/cybermatics_2018.2018.00186

  15. Bhabendu, K.M., Soumyashree, S.P., Debasish, J.: An overview of smart contract and use cases in blockchain technology. In: 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), India. IEEE (2018). https://doi.org/10.1109/icccnt.2018.8494045

  16. A new programming language for writing smart contracts on Ethereum. https://solidity.readthedocs.io/en/develop/

  17. Santiago, B., Henrique, R., Marcus, D., Stéphane, D.: SmartInspect: solidity smart contract inspector. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), Italy. IEEE (2018). https://doi.org/10.1109/iwbose.2018.8327566

  18. Hegedűs, P.: Towards analyzing the complexity landscape of solidity based ethereum smart contracts. In: 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pp. 35–39. https://doi.org/10.1145/3194113.3194119

  19. Hildenbrandt, E., Saxena, M., Rodrigues, N.: KEVM: a complete formal semantics of the ethereum virtual machine. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), UK, pp. 204–217. IEEE. https://doi.org/10.1109/csf.2018.00022

  20. Ence, Z., Song, H., Bingfeng, P., Jun, S., Yashihide, N., Kazuhiro, Y.: Security assurance for smart contract. In: 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), France, pp. 1–5. IEEE. https://doi.org/10.1109/ntms.2018.8328743

  21. Karthikeyan, B., Antoine, D.L., Cedric, F., Anitha, G., Georges, G.: Short paper: formal verification of smart contracts. In: 11th ACM Workshop on Programming Languages and Analysis for Security (PLAS), pp. 91–96

    Google Scholar 

  22. Condition-Orientated Programming. https://medium.com/@gavofyork/condition-orientated-programming-969f6ba0161a

  23. Chao, L., Han, L., Zhao, C., Zhong, C., Bangdao, C., Bill, R.: ReGuard: finding reentrancy bugs in smart contracts. In: Proceedings of the 40th International Conference on Software Engineering: Companion Proceedings, pp. 65–68. ACM, New York (2018). https://doi.org/10.1145/3183440.3183495

  24. Maximilian, W., Uwe, Z.: Smart contracts: security patterns in the ethereum ecosystem and solidity. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), Italy, pp. 2–8. IEEE (2018). https://doi.org/10.1109/iwbose.2018.8327565

  25. Ardit, D.: Ethereum Smart Contracts: Security Vulnerabilities and Security Tools. Norwegian University of Science and Technology (NTNU)

    Google Scholar 

  26. Delmolino, K., Arnett, M., Kosba, A., Miller, A., Shi, E.: Step by step towards creating a safe smart contract: lessons and insights from a cryptocurrency lab. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 79–94. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_6

    Chapter  Google Scholar 

  27. Michael, C.: Obsidian: a safer blockchain programming language. In: Proceedings of the 39th International Conference on Software Engineering Companion, USA, pp. 97–99. IEEE Press (2017). https://doi.org/10.1109/icse-c.2017.150

  28. Loi, L., Duc-Hiep, C., Hrishi, O., Prateek, S., Aquinas, H.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269. ACM, New York. https://doi.org/10.1145/2976749.2978309

  29. A comprehensive list of known attack methods and common defense patterns. https://ethfans.org/posts/comprehensive-list-of-common-attacks-and-defense-part-1

  30. Ethereum Reentrant Attack Paradigm. https://blog.csdn.net/Programmer_CJC/article/details/85987234

Download references

Acknowledgements

This work is supported by National Natural Science Foundation of China under grants 61373162, Sichuan Science and Technology Support Project under grants 2019YFG0183, and Visual Computing and Virtual Reality Sichuan Provincial Key Laboratory Project under grants KJ201402.

Author information

Authors and Affiliations

  1. College of Computer Science, Sichuan Normal University, Chengdu, 610101, Sichuan, China

    Chunyan Dong & Liang Tan

  2. Sichuan Institute of Science and Technology Information, Chengdu, 610016, Sichuan, China

    Yuanhong Li

  3. Institute of Computing Technology, Chinese Academy of Sciences, Beijing, 100190, China

    Liang Tan

Authors
  1. Chunyan Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuanhong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Liang Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chunyan Dong .

Editor information

Editors and Affiliations

  1. Fudan University, Shanghai, China

    Xueming Si

  2. Huazhong University of Science and Technology, Wuhan, China

    Hai Jin

  3. Chinese Academy of Sciences, Beijing, China

    Yi Sun

  4. Central University of Finance and Economics, Beijing, China

    Jianming Zhu

  5. Central University of Finance and Economics, Beijing, China

    Liehuang Zhu

  6. Harbin University of Science and Technology, Harbin, China

    Xianhua Song

  7. National Academy of Guo Ding, Harbin, China

    Zeguang Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dong, C., Li, Y., Tan, L. (2020). A New Approach to Prevent Reentrant Attack in Solidity Smart Contracts. In: Si, X., et al. Blockchain Technology and Application. CBCC 2019. Communications in Computer and Information Science, vol 1176. Springer, Singapore. https://doi.org/10.1007/978-981-15-3278-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-3278-8_6

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-3277-1

  • Online ISBN: 978-981-15-3278-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation