Formal Analysis of Reentrancy Vulnerabilities in Smart Contract Based on CPN-Reference-Cited by-同舟云学术

Formal Analysis of Reentrancy Vulnerabilities in Smart Contract Based on CPN

Published:2023-05-09 Issue:10 Volume:12 Page:2152
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

He Yaqiong¹,Dong Hanjie¹^ORCID,Wu Huaiguang¹^ORCID,Duan Qianheng²

Affiliation:

1. College of Computer and Communication Engineering, Zhengzhou University of Light Industry, Zhengzhou 450001, China

2. Henan Key Laboratory of Network Cryptography Technology, Zhengzhou 450001, China

Abstract

A smart contract is a special form of computer program that runs on a blockchain and provides a new way to implement financial and business transactions in a conflict-free and transparent environment. In blockchain systems such as Ethereum, smart contracts can handle and autonomously transfer assets of considerable value to other parties. Hence, it is particularly important to ensure that smart contracts function as intended since bugs or vulnerabilities may lead, and indeed have led, to substantial economic losses and erosion of trust for blockchain. While a number of approaches and tools have been developed to find vulnerabilities, formal methods present the highest level of confidence in the security of smart contracts. In this paper, we propose a formal solution to model a smart contract based on colored Petri nets (CPNs). Herein, we focus on the most common type of security bugs in smart contract, i.e., reentrancy bugs, which led to a serious financial loss of around USD 34 million for the Cream Finance project in 2021. We present a hierarchical CPN modelling method to analyze potential security vulnerabilities at the contract’s source code level. Then, modeling analysis methods such as correlation matrix, state space report and state space graph generated via CPN Tools simulation are exploited for formal analysis of smart contracts. The example shows the full state space and wrong path in accordance with our expected results. Finally, the conclusion was verified on the Ethereum network based on the Remix platform.

Funder

Major Public Welfare Projects Foundation of Henan Province

Open Foundation of Henna Key Laboratory Cryptography

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/10/2152/pdf

Reference49 articles.

1. Bitcoin: A peer-to-peer electronic cash system;Nakamoto;Decentralized Bus. Rev.,2018

2. Blockchain technology: Beyond bitcoin;Crosby;Appl. Innov.,2016

3. A next-generation smart contract and decentralized application platform;Buterin;White Pap.,2014

4. Blass, E.O., and Kerschbaum, F. (2018). European Symposium on Research in Computer Security, Springer.

5. Smart contract development: Challenges and opportunities;Zou;IEEE Trans. Softw. Eng.,2019

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Provenance Verification of Smart Contracts: Analysing the Cost of Ensuring Authenticity over the Logic Hosted in Blockchain Networks;Information;2023-12-31

2. Preventing Ethereum Blockchain Re-Entrancy Attacks Using Smart Mutex Lock Sum;2023 4th International Conference on Computation, Automation and Knowledge Management (ICCAKM);2023-12-12

3. Automating the verification of smart contracts in blockchain networks for improving security*;2023 49th Euromicro Conference on Software Engineering and Advanced Applications (SEAA);2023-09-06