Novel Vulnerability Detection Techniques for Ethereum-based Smart Contracts

Date

2023-12

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Smart contract (SC) is an extension of BlockChain technology. Ethereum BlockChain was the first to incorporate SC and thus started a new era of cryptocurrencies and electronic transactions. Solidity helps to program the SCs. Still, soon after Solidity’s emergence in 2014, Solidity-based SCs suffered many attacks that deprived the SC account holders of their precious funds. The main reason for these attacks was the presence of vulnerabilities in Smart Contracts (SCs). The attackers exploit the vulnerabilities through malicious external calls, resulting in the loss of Ether. One can blame the reentrancy attack for this wicked act. Several previous endeavors detected the reentrancy vulnerability by creating testing tools using static analysis like Remix. However, these approaches do not execute the programs; hence, we cannot confirm their results. We developed TechyTech tool in our research that detects reentrancy, tx.origin, selfdestruct, and locked Ether vulnerabilities using novel dynamic analysis approaches based upon Ether transfers. We named our Ether transfer approaches involuntary (i.e., unintended transfer), terminating, and no transfer. Additionally, we use a tree-based categorization string to distinguish the tx.origin and reentrancy vulnerabilities because we are detecting both along with their variations using involuntary transfers. Further, our research discusses multiple SC-related issues like the hijacked stack, deployed owner, and non-generation of transaction receipts in connection with reentrant calls, which we could not find in previous work. Using an example, we demonstrate how the actual Ether transfer is greater than the intended due to reentrancy. We acknowledge that due to dynamic analysis, TechyTech may suffer from VMExceptions. The SC’s drawback requires tools to test the SCs, and this testing paves the way for research on vulnerability detection techniques. Our survey paper comprehensively reviews 42 SC tools and presents the vulnerability detection techniques (VDTs) of the several previously discussed tools by dividing them into general and specific classes. Finally, we also classify SCs’ vulnerability detection techniques to standardize the approaches. Thus, our study will help SC developers and security analysts to streamline the security of SCs and reduce the chances of malicious monetary transfers.


Embargo status: Restricted until 01/2027. To request the author grant access, click on the PDF link to the left.

Description

Keywords

Smart Contracts, Vulnerability Detection Techniques, TechyTech, selfdestruct, reentrancy, tx.origin,, locked Ether, Attacker, Victim

Citation