Abstract | ||
---|---|---|
Smart contracts enabled a new way to perform cryptocurrency transactions over blockchains. While this emerging technique introduces free-of-conflicts and transparency, smart contract itself is vulnerable. As a special form of computer program, smart contract can hardly get rid of bugs. Even worse, an exploitable security bug can lead to catastrophic consequences, e.g., loss of cryptocurrency/money. In this demo paper, we focus on the most common type of security bugs in smart contracts, i.e., reentrancy bug, which caused the famous DAO attack with a loss of 60 million US dollars. We presented ReGuard, an fuzzing-based analyzer to automatically detect reentrancy bugs in Ethereum smart contracts. Specifically, ReGuard performs fuzz testing on smart contracts by iteratively generating random but diverse transactions. Based on the runtime traces, ReGuard further dynamically identifies reentrancy vulnerabilities. In the preliminary evaluation, we have analyzed 5 existing Ethereum contracts. ReGuard automatically flagged 7 previously unreported reentrancy bugs. A demo video of ReGuard is at https://youtu.be/XxJ3_-cmUiY.
|
Year | DOI | Venue |
---|---|---|
2018 | 10.1145/3183440.3183495 | ICSE (Companion Volume) |
Keywords | Field | DocType |
Smart contract, reentrancy bug, dynamic analysis | Fuzz testing,Computer security,Computer science,Software bug,Automaton,Real-time computing,Security bug,Computer program,Cryptocurrency,Smart contract,Reentrancy | Conference |
ISSN | ISBN | Citations |
2574-1926 | 978-1-4503-5663-3 | 15 |
PageRank | References | Authors |
0.81 | 6 | 6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Chao Liu | 1 | 31 | 2.29 |
Han Liu | 2 | 69 | 8.01 |
Zhao Cao | 3 | 15 | 0.81 |
Zhong Chen | 4 | 31 | 7.12 |
Bangdao Chen | 5 | 15 | 0.81 |
Bill Roscoe | 6 | 15 | 0.81 |