Formal verification of Reentrancy Vulnerability Based on CPN-Reference-Cited by-同舟云学术

Formal verification of Reentrancy Vulnerability Based on CPN

Published:2022-08-31 Issue: Volume: Page:
ISSN:
Container-title:
language:
Short-container-title:

Author:

He Yaqiong¹,Dong Hanjie¹,Wu Huaiguang¹,Duan Qianheng²

Affiliation:

1. Zhengzhou University of Light Industry

2. Henan Key Laboratory of Network Cryptography Technology

Abstract

Abstract A smart contract is a special form of computer program running on a blockchain, which provides a new way to implement financial and business transactions in a free-of-conflicts and transparent environment. In blockchain systems, such as Ethereum, smart contracts can handle and autonomously transfer assets of considerable value to other parties. Hence, it is particularly important to ensure that smart contracts function as intended since bugs or vulnerabilities may lead and indeed have led, to substantial economic losses and erosion of trust for blockchain. While a number of approaches and tools have been developed to find vulnerabilities, formal method presents the highest level of confidence about the security of smart contracts. In this paper, we propose a formal solution to model smart contract based on Colored Petri Net (CPN). Herein we focus on the most common type of security bugs in smart contract, i.e., reentrancy bug, which led to a serious financial loss of around $60 million in 2016. We present a hierarchical CPN modelling method to analyze potential security vulnerabilities at the contract’s source code level. Then modeling analysis methods such as correlation matrix, state space report and state space graph generated by CPN Tools simulation were exploited for formal analysis of smart contracts. The example shows the full state space and wrong path in accordance with our expected results. Finally, the conclusion was verified in the Ethereum network based on Remix platform.

Publisher

Research Square Platform LLC

Reference38 articles.

1. Amani S, Bégel M, Bortin M, et al. (2018) Towards verifying ethereum smart contract bytecode in Isabelle/HOL[C]//Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs. pp: 66–77.

2. Blass E O, Kerschbaum F. Strain (2018) A secure auction for blockchains[C]//European Symposium on Research in Computer Security. Springer, Cham, pp: 87–110.

3. Bai X, Cheng Z, Duan Z, et al. (2018) Formal modeling and verification of smart contracts[C]//Proceedings of the 2018 7th international conference on software and computer applications. pp: 322–326.

4. Buterin V. (2014) A next-generation smart contract and decentralized application platform[J]. white paper,

5. Chinen Y, Yanai N, Cruz J P, et al. (2020) RA: Hunting for re-entrancy attacks in ethereum smart contracts via static analysis[C]//2020 IEEE International Conference on Blockchain (Blockchain). IEEE, pp: 327–336.