Abstract
Currently, Solidity is a high-level language for smart contracts that need to run on Ethereum virtual machines, it is being promoted with the widespread use of Ethereum. However, the Solidity has a feature of fallback function, makes it easier for attackers to use fallback function to launch reentrant attack, which may cause huge economic losses about the user. Therefore, a new method based on Solidity and Condition-Orientated programming is proposed to prevent reentrant attack. This method separates conditional branches and major logical state changes, encapsulates the separated conditional branches into multiple modifiers and defines a global state variable, packages the state of the state variable in the modifier, and finally uses the modifier as a precondition for the transfer function in the smart contract. When an attacker reenters the transfer function in the smart contract, the reentrant attack can be prevented by controlling state variable. The experimental results show that this method not only makes the logic of the contract code more reasonable, but also effective.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Shuai, W., Liwei, O., Yong, Y., Xiaochun, N., Xuan, H., Feiyue, W.: Blockchain-enabled smart contracts: architecture, applications, and future trends. IEEE Trans. Syst. Man Cybern. Syst., 1–12 (2019). https://doi.org/10.1109/tsmc.2019.2895123
Yong, Y., Feiyue, W.: Blockchain: the state of the art and future trends. Acta Autom. Sin., 481–494 (2016). https://doi.org/10.16383/j.aas.2016.c160158
Haiwu, H., Zehua, C.: Survey of smart contract technology and application based on blockchain. J. Comput. Res. Dev., 112–126 (2018). CNKI:SUN:JFYZ.0.2018-11-010
A peer-to-peer electronic cash system. http://www.bitcoin.org/bitcoin.pdf
A Next-Generation Smart Contract and Decentralized Application Platform. https://github.com/ethereum/wiki/wiki/White-Paper
A secure decentralised generalised transaction ledger (eip-150 revision). https://github.com/ethereum/yellowpaper/raw/2c6fba1400e321734ccec19cb5d9cb32a51ffc44/paper.pdf
Making sense of blockchain smart contract. https://www.coindesk.com/making-sense-smart-contracts
Alexander, M., Markus, F.: Security vulnerabilities in ethereum smart contracts. In: Proceedings of the 20th International Conference on Information Integration and Web-based Applications & Services, pp. 375–380. ACM, New York (2018). https://doi.org/10.1145/3282373.3282419
Néstor, A.D., Jordi, H.J., Pino, C.G.: Smart contracts based on blockchain for logistics management. In: Proceedings of the 1st International Conference on Internet of Things and Machine Learning. ACM, New York (2017). https://doi.org/10.1145/3109761.3158384
Konstantinos, C., Michael, D.: Blockchains and smart contracts for the Internet of Things. IEEE Access, 2292–2303. https://doi.org/10.1109/access.2016.2566339
Schrans, F., Eisenbach, S., Drossopoulou, S.: Writing safe smart contracts in Flint. In: Programming 2018 Companion Conference Companion of the 2nd International Conference on Art, Science, and Engineering of Programming, pp. 218–219. ACM, New York (2018). https://doi.org/10.1145/3191697.3213790
Nick, S.: Smart Contracts: 12 Use Cases for Business & Beyond. Chamber of Digital Commerce (2016)
Liwei, O., Shuai, W., Yong, Y., Xiaochun, N., Feiyue, W.: Smart contracts: architecture and research progresses. Acta Autom. Sin., 445–457. https://doi.org/10.16383/j.aas.c180586
Shuang, S., Ke, W., Hyong, S.K.: Smartsupply: smart contract based validation for supply chain blockchain. In: 2018 IEEE International Conference on Internet of Things, Canada. IEEE (2018). https://doi.org/10.1109/cybermatics_2018.2018.00186
Bhabendu, K.M., Soumyashree, S.P., Debasish, J.: An overview of smart contract and use cases in blockchain technology. In: 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), India. IEEE (2018). https://doi.org/10.1109/icccnt.2018.8494045
A new programming language for writing smart contracts on Ethereum. https://solidity.readthedocs.io/en/develop/
Santiago, B., Henrique, R., Marcus, D., Stéphane, D.: SmartInspect: solidity smart contract inspector. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), Italy. IEEE (2018). https://doi.org/10.1109/iwbose.2018.8327566
Hegedűs, P.: Towards analyzing the complexity landscape of solidity based ethereum smart contracts. In: 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pp. 35–39. https://doi.org/10.1145/3194113.3194119
Hildenbrandt, E., Saxena, M., Rodrigues, N.: KEVM: a complete formal semantics of the ethereum virtual machine. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), UK, pp. 204–217. IEEE. https://doi.org/10.1109/csf.2018.00022
Ence, Z., Song, H., Bingfeng, P., Jun, S., Yashihide, N., Kazuhiro, Y.: Security assurance for smart contract. In: 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), France, pp. 1–5. IEEE. https://doi.org/10.1109/ntms.2018.8328743
Karthikeyan, B., Antoine, D.L., Cedric, F., Anitha, G., Georges, G.: Short paper: formal verification of smart contracts. In: 11th ACM Workshop on Programming Languages and Analysis for Security (PLAS), pp. 91–96
Condition-Orientated Programming. https://medium.com/@gavofyork/condition-orientated-programming-969f6ba0161a
Chao, L., Han, L., Zhao, C., Zhong, C., Bangdao, C., Bill, R.: ReGuard: finding reentrancy bugs in smart contracts. In: Proceedings of the 40th International Conference on Software Engineering: Companion Proceedings, pp. 65–68. ACM, New York (2018). https://doi.org/10.1145/3183440.3183495
Maximilian, W., Uwe, Z.: Smart contracts: security patterns in the ethereum ecosystem and solidity. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), Italy, pp. 2–8. IEEE (2018). https://doi.org/10.1109/iwbose.2018.8327565
Ardit, D.: Ethereum Smart Contracts: Security Vulnerabilities and Security Tools. Norwegian University of Science and Technology (NTNU)
Delmolino, K., Arnett, M., Kosba, A., Miller, A., Shi, E.: Step by step towards creating a safe smart contract: lessons and insights from a cryptocurrency lab. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 79–94. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_6
Michael, C.: Obsidian: a safer blockchain programming language. In: Proceedings of the 39th International Conference on Software Engineering Companion, USA, pp. 97–99. IEEE Press (2017). https://doi.org/10.1109/icse-c.2017.150
Loi, L., Duc-Hiep, C., Hrishi, O., Prateek, S., Aquinas, H.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269. ACM, New York. https://doi.org/10.1145/2976749.2978309
A comprehensive list of known attack methods and common defense patterns. https://ethfans.org/posts/comprehensive-list-of-common-attacks-and-defense-part-1
Ethereum Reentrant Attack Paradigm. https://blog.csdn.net/Programmer_CJC/article/details/85987234
Acknowledgements
This work is supported by National Natural Science Foundation of China under grants 61373162, Sichuan Science and Technology Support Project under grants 2019YFG0183, and Visual Computing and Virtual Reality Sichuan Provincial Key Laboratory Project under grants KJ201402.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Dong, C., Li, Y., Tan, L. (2020). A New Approach to Prevent Reentrant Attack in Solidity Smart Contracts. In: Si, X., et al. Blockchain Technology and Application. CBCC 2019. Communications in Computer and Information Science, vol 1176. Springer, Singapore. https://doi.org/10.1007/978-981-15-3278-8_6
Download citation
DOI: https://doi.org/10.1007/978-981-15-3278-8_6
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-3277-1
Online ISBN: 978-981-15-3278-8
eBook Packages: Computer ScienceComputer Science (R0)