Involuntary Transfer: A Vulnerability Pattern in Smart Contracts


Smart Contracts (SCs) communicate with each other using external calls. Their interactions can be malicious, resulting in the loss of Ether. One can blame the reentrancy attack for this exploitation. Several previous endeavors detected the reentrancy vulnerability by creating testing tools using static analysis like Remix. However, these approaches do not execute the programs; hence, we cannot confirm their results. In this paper, we present TechyTech that detects both reentrancy and tx.origin vulnerabilities using a novel dynamic analysis approach of involuntary transfer (i.e., unintended transfer). Henceforth, we use a tree-based categorization string to distinguish the two vulnerabilities and their variations. Further, our research discusses multiple SC-related issues like the hijacked stack, deployed owner, and non-generation of transaction receipts in connection with reentrant calls, which we could not find in previous work. Using an example, we demonstrate how the actual Ether transfer is greater than the intended due to reentrancy.We acknowledge that due to dynamic analysis, TechyTech may suffer from VMExceptions.


Authors cc-by-nc-nd


Blockchains, dynamic analysis, Dynamics, Receivers, reentrancy, smart contract, Smart contracts, Software, Solidity, Static analysis, static analysis, Static analysis, Testing, Transfer functions, tx.origin


Khan, Z.A., & Namin, A.S.. 2024. Involuntary Transfer: A Vulnerability Pattern in Smart Contracts. IEEE Access.