ReDefender: Detecting Reentrancy Vulnerabilities in Smart Contracts Automatically

Abstract

As one of the most complex types of vulnerabilities, reentrancy poses a significant threat to smart contract development. Indeed, millions of dollars have evaporated due to reentrancy vulnerabilities of smart contracts in past years. In this article, we propose a new approach to detect reentrancy vulnerabilities using fuzz testing and develop a novel tool named ReDefender. Our approach consists of three main steps: 1) <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">preprocess contract to be detected:</i> when a contract is uploaded, its source code will be preprocessed to extract candidate pool for fuzzing and dependency graph which guides the automatic deployment of contracts; 2) <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">fuzzing input generation:</i> fuzzing input is generated to constitute transactions which will be sent to an agent contract to stimulate attacks, where runtime information is collected and recorded in the execution log during each execution; and 3) <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">vulnerability verification:</i> the execution log is analyzed to determine whether a reentrancy process occurs and whether the reentrancy process is malicious. We conduct comparative experiments on 204 tagged smart contracts and 90 injected contracts. The results show higher accuracy and lower false negative rate of ReDefender than that of the other three famous tools. Moreover, we conduct an experiment on 4776 real-world contracts demonstrating the ability of ReDefender to find reentrancy vulnerabilities that really cause economic losses.