Analysis and Enhancement of Smart Contract Re-Entrancy Vulnerability Detection Methods

Abstract

Analysis and Enhancement of Smart Contract Re-Entrancy Vulnerability Detection Methods Yuguang Jin Dept. of Computer Science and Engineering The Graduate School of Hanyang University Supervised by Prof. Heekuck Oh Ethernet smart contracts are deployed and executed in peer-to-peer networks based on consensus-driven blockchains, widely applied across various applications. Due to their high transparency, smart contracts have become a target for numerous attackers. Since the discovery of the first Ethereum block in 2015, several security incidents have occurred. In 2016, a reentrancy vulnerability in smart contracts led to devastating financial losses, considered one of the most severe vulnerabilities in smart contracts. Researchers have proposed various automated security tools to detect vulnerabilities, but their real-world impact remains uncertain. In this paper, our goal is to clarify the effectiveness of automated security tools in identifying vulnerabilities that could lead to significant attacks and their overall usage in the industry. We evaluate three state-of-the-art automated security tools. Previous research has primarily focused on identifying vulnerabilities in individual smart contracts without considering interactions between multiple contracts. Due to a lack of analysis of fine-grained context information during cross-contract calls, existing methods often result in a significant number of false positives and negatives. Consequently, we aim to conduct a comprehensive analysis of existing smart contract vulnerability detection tools regarding their capabilities in detecting re- entrancy vulnerabilities. Additionally, we aim to identify limitations in these tools. To address these limitations, we propose enhancements. Finally, to demonstrate the effectiveness of our proposed improvements, we developed a detection tool based on Mythril. We then compared this new tool with existing ones, particularly in terms of their ability to detect re-entrancy vulnerabilities. The results confirm that our proposed enhancements effectively improve the detection capabilities of re-entrancy vulnerabilities.