Smart Contract Reentrancy Vulnerability Detection Based on Symbolic Execution
The exploitation of reentrancy vulnerabilities represents one of the most destructive attacks among the security issues related to smart contracts.Existing methods often suffer from high false negative rates.To address these issues,this paper proposes a reentrancy vulnerability detection method based on symbolic execution.This method utilizes static symbolic execution technology.By simulating the execution of Ethereum virtual machine instructions and connecting the public function control flow subgraph-which may be invoked multiple times by external contracts-to the control flow graph of the called contract,the system is capable of repeated simulations.The complete control flow graph of the intrusion attack,combined with contract state consistency detection,enables the detection of three different types of reentrancy vulnerabilities:same function,cross-function,and cross-contract types.The detection tool Lucifer,designed based on this method,was compared with related works such as Oyente,Securify,DefectChecker,and Sailfish using known label datasets,vulnerability injection datasets,custom datasets,and real Ethereum smart contract datasets.Experimental results show that Lucifer ranks first or second in terms of false positive rate,false negative rate,and fault tolerance,with an accuracy rate of 100%in some detection cases.Comprehensive evaluation indicators show that Lucifer's detection rate surpasses that of existing tools and that it has better identification capabilities for certain specific reentrancy contracts,particularly those involving mutex locks and function modifiers.Although Lucifer's detection time was longer,it remained within a controllable range,and no detection timeout were encountered.
smart contractreentrancy vulnerability detectionsymbolic executioncontrol flow graphcontract state consistency
国家科技期刊平台
NSTL
万方数据
