La Trobe
1170587_Alkhalifah,A_2021.pdf (4.72 MB)

A Mechanism to Detect and Prevent Ethereum Blockchain Smart Contract Reentrancy Attacks

Download (4.72 MB)
journal contribution
posted on 22.07.2021, 05:04 by Ayman Alkhalifah, Alex Ng, Paul A Watters, A S M KayesA S M Kayes
In Ethereum blockchain, smart contracts are immutable, public, and distributed. However, they are subject to many vulnerabilities stemming from coding errors made by developers. Seven cybersecurity incidents occurred in Ethereum smart contracts between 2016 and 2018, which led to financial losses estimated to be over US$ 289 million. Reentrancy vulnerability was the cause of two of these incidents, and the impacts went far beyond financial loss. Several reentrancy countermeasures are available, which are based on predefined patterns that are used to prevent vulnerability exploitation before the deployment of a smart contract; however, several limitations have been identified in these countermeasures. Motivated by all these issues, the objective of this article is to help developers improve the cybersecurity of smart contracts by proposing a solution that calculates the difference between the contract balance and the total balance of all participants in a smart contract before and after any operation in a transaction that changes its state. Proof-of-concept implementations show that this solution can provide a detection and prevention mechanism against reentrancy attacks during the execution of any smart contract.

History

Publication Date

17/02/2021

Journal

Frontiers in Computer Science

Volume

3

Publisher

Frontiers Media SA

ISSN

2624-9898

Rights Statement

The Author reserves all moral rights over the deposited text and must be credited if any re-use occurs. Documents deposited in OPAL are the Open Access versions of outputs published elsewhere. Changes resulting from the publishing process may therefore not be reflected in this document. The final published version may be obtained via the publisher’s DOI. Please note that additional copyright and access restrictions may apply to the published version.

Usage metrics

Categories

Licence

Exports