Write a Blog >>
ASE 2020
Mon 21 - Fri 25 September 2020 Melbourne, Australia
ASE 2020 (series) / Research Papers /

Cross-Contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts

Yinxing Xue, Mingliang Ma, Yun Lin, Yulei Sui, Jiaming Ye, Tianyong Peng
ASE 2020 Research Papers
Thu 24 Sep 2020 09:10 - 09:30 at Kangaroo - Software Security and Trust (2) Chair(s): Raula Gaikovina Kula

Reentrancy bugs, one of the most severe vulnerabilities in smart contracts, has caused huge financial loss in recent years. Researchers have proposed general-purpose and rule-based approaches to detecting them. However, empirical studies have shown that they usually suffer from undesirable false positives and false negatives, especially when the code under detection involves the interaction between multiple smart contracts. In this paper, we propose an accurate and efficient cross-contract reentracy detection approach in practice. Rather than design rule-of-thumb heuristics, we conduct a large empirical study of 11714 real-world contracts from Etherscan against three well-known general-purpose security tools for reentrancy detection. We manually summarized the reentrancy scenarios where state-of-the-art approaches cannot address. Based on the empirical evidence, we present Clairvoyance, a cross-function and cross-contract static analysis to detect reentrancy vulnerabilities in real world with significantly higher accuracy. To reduce false negatives, we enable, for the first time, a cross-contract call chain analysis by tracking possibly tainted paths. To reduce false positives, we systematically summarized five major path protective techniques (PPTs) to support fast yet precise path feasibility checking. We implemented our approach and compared Clairvoyance with five state-of-the-art tools on 17770 real-worlds contracts. The results show that Clairvoyance yields the best detection accuracy among all the tools and also finds 101 unknown reentrancy vulnerabilities.

small-avatar
Yinxing Xue
small-avatar
Mingliang Ma
University of Science and Technology of China
Yun Lin
Yun Lin
National University of Singapore
Yulei Sui
Yulei Sui
University of Technology Sydney, Australia
Australia
small-avatar
Jiaming Ye
University of Science and Technology of China
small-avatar
Tianyong Peng
University of Science and Technology of China

Thu 24 Sep
Times are displayed in time zone: (UTC) Coordinated Universal Time

09:10 - 10:10: Software Security and Trust (2)Research Papers / Tool Demonstrations / Industry Showcase at Kangaroo
Chair(s): Raula Gaikovina KulaNAIST
09:10 - 09:30
Talk		Cross-Contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts
Research Papers
Yinxing Xue, Mingliang MaUniversity of Science and Technology of China, Yun LinNational University of Singapore, Yulei SuiUniversity of Technology Sydney, Australia, Jiaming YeUniversity of Science and Technology of China, Tianyong PengUniversity of Science and Technology of China
09:30 - 09:50
Talk		Code-based Vulnerability Detection in Node.js Applications: How far are we?
Industry Showcase
Bodin ChinthanetNara Institute of Science and Technology, Serena Elisa PontaSAP Security Research, Henrik PlateSAP Security Research, Antonino SabettaSAP Security Research, Raula Gaikovina KulaNAIST, Takashi IshioNara Institute of Science and Technology, Kenichi MatsumotoNara Institute of Science and Technology
09:50 - 10:00
Talk		SmartBugs: A Framework to Analyze Solidity Smart Contracts
Tool Demonstrations
João F. FerreiraINESC-ID and IST, University of Lisbon, Pedro CruzIST, University of Lisbon, Portugal, Thomas DurieuxKTH Royal Institute of Technology, Sweden, Rui AbreuFaculty of Engineering, University of Porto, Portugal

Cross-Contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts Research Papers

Session: Software Security and Trust (2) Thu 24 Sep 2020 09:10 - 10:10 Chair(s): Raula Gaikovina KulaNAIST

Reentrancy bugs, one of the most severe vulnerabilities in smart contracts, has caused huge financial loss in recent years. Researchers have proposed general-purpose and rule-based approaches to detecting them. However, empirical studies have shown that they usually suffer from undesirable false positives and false negatives, especially when the code under detection involves the interaction between multiple smart contracts. In this paper, we propose an accurate and efficient cross-contract reentracy detection approach in practice. Rather than design rule-of-thumb heuristics, we conduct a large empirical study of 11714 real-world contracts from Etherscan against three well-known general-purpose security tools for reentrancy detection. We manually summarized the reentrancy scenarios where state-of-the-art approaches cannot address. Based on the empirical evidence, we present Clairvoyance, a cross-function and cross-contract static analysis to detect reentrancy vulnerabilities in real world with significantly higher accuracy. To reduce false negatives, we enable, for the first time, a cross-contract call chain analysis by tracking possibly tainted paths. To reduce false positives, we systematically summarized five major path protective techniques (PPTs) to support fast yet precise path feasibility checking. We implemented our approach and compared Clairvoyance with five state-of-the-art tools on 17770 real-worlds contracts. The results show that Clairvoyance yields the best detection accuracy among all the tools and also finds 101 unknown reentrancy vulnerabilities.

small-avatar
Yinxing Xue
small-avatar
Mingliang Ma
University of Science and Technology of China
Yun Lin
Yun Lin
National University of Singapore
Yulei Sui
Yulei Sui
University of Technology Sydney, Australia
Australia
small-avatar
Jiaming Ye
University of Science and Technology of China
small-avatar
Tianyong Peng
University of Science and Technology of China
All Details Close

Code-based Vulnerability Detection in Node.js Applications: How far are we? Industry Showcase

Session: Software Security and Trust (2) Thu 24 Sep 2020 09:10 - 10:10 Chair(s): Raula Gaikovina KulaNAIST

With one of the largest available collection of reusable packages, the JavaScript runtime environment Node.js is one of the most popular programming applications. With recent work showing evidence that known vulnerabilities being prevalent in both an Open Source and industry, we propose and implement a viable code-based vulnerability detection tool in Node.js applications. Our case study lists the challenges when implementing this Node.js vulnerable code detector.

Bodin Chinthanet
Bodin Chinthanet
Nara Institute of Science and Technology
Japan
small-avatar
Serena Elisa Ponta
SAP Security Research
small-avatar
Henrik Plate
SAP Security Research
Antonino Sabetta
Antonino Sabetta
SAP Security Research
France
Raula Gaikovina Kula
Raula Gaikovina Kula
NAIST
Japan
Takashi Ishio
Takashi Ishio
Nara Institute of Science and Technology
Japan
small-avatar
Kenichi Matsumoto
Nara Institute of Science and Technology
All Details Close

SmartBugs: A Framework to Analyze Solidity Smart Contracts Tool Demonstrations

Session: Software Security and Trust (2) Thu 24 Sep 2020 09:10 - 10:10 Chair(s): Raula Gaikovina KulaNAIST
Session: Tool Demo Showcase (3) Thu 24 Sep 2020 10:20 - 11:20 Chair(s): Csaba NagySoftware Institute - USI, Lugano, Switzerland

Over the last few years, there has been substantial research on automated analysis, testing, and debugging of Ethereum smart contracts. However, it is not trivial to compare and reproduce that research.

To address this, we present SmartBugs, an extendable and easy-to-use execution framework that simplifies the execution of analysis tools on smart contracts written in Solidity, the primary language used in Ethereum.

SmartBugs is currently distributed with support for 10 tools and two datasets of Solidity contracts. The first dataset can be used to evaluate the precision of analysis tools, as it contains 143 annotated vulnerable contracts with 208 tagged vulnerabilities. The second dataset contains 47,518 unique contracts collected through Etherscan.

We discuss how SmartBugs supported the largest experimental setup to date both in the number of tools and in execution time. Moreover, we show how it enables easy integration and comparison of analysis tools by presenting a new extension to the tool Smartcheck that improves substantially the detection of vulnerabilities related to the DASP10 categories Bad Randomness, Time Manipulation, and Access Control (identified vulnerabilities increased from 11% to 24%).

João F. Ferreira
João F. Ferreira
INESC-ID and IST, University of Lisbon
Portugal
small-avatar
Pedro Cruz
IST, University of Lisbon, Portugal
Thomas Durieux
Thomas Durieux
KTH Royal Institute of Technology, Sweden
Sweden
Rui Abreu
Rui Abreu
Faculty of Engineering, University of Porto, Portugal
Portugal
All Details Close