WEKO3
アイテム
RA: A Static Analysis Tool for Analyzing Re-Entrancy Attacks in Ethereum Smart Contracts
https://ipsj.ixsq.nii.ac.jp/records/212854
https://ipsj.ixsq.nii.ac.jp/records/212854beb4e417-9ad0-4dd6-b85c-9ebc625754f0
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6209005.pdf (984.3 kB)
|
Copyright (c) 2021 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2021-09-15 | |||||||||||||
| タイトル | ||||||||||||||
| タイトル | RA: A Static Analysis Tool for Analyzing Re-Entrancy Attacks in Ethereum Smart Contracts | |||||||||||||
| タイトル | ||||||||||||||
| 言語 | en | |||||||||||||
| タイトル | RA: A Static Analysis Tool for Analyzing Re-Entrancy Attacks in Ethereum Smart Contracts | |||||||||||||
| 言語 | ||||||||||||||
| 言語 | eng | |||||||||||||
| キーワード | ||||||||||||||
| 主題Scheme | Other | |||||||||||||
| 主題 | [特集:Society 5.0を実現するコンピュータセキュリティ技術(推薦論文)] ethereum, smart contracts, static analysis, EVM, symbolic execution, SMT solver | |||||||||||||
| 資源タイプ | ||||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||
| 資源タイプ | journal article | |||||||||||||
| 著者所属 | ||||||||||||||
| Osaka University | ||||||||||||||
| 著者所属 | ||||||||||||||
| Osaka University | ||||||||||||||
| 著者所属 | ||||||||||||||
| Osaka University | ||||||||||||||
| 著者所属 | ||||||||||||||
| National Institute of Technology, Nara College | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Osaka University | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Osaka University | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Osaka University | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| National Institute of Technology, Nara College | ||||||||||||||
| 著者名 |
Yuichiro, Chinen
× Yuichiro, Chinen
× Naoto, Yanai
× Jason, Paul Cruz
× Shingo, Okamura
|
|||||||||||||
| 著者名(英) |
Yuichiro, Chinen
× Yuichiro, Chinen
× Naoto, Yanai
× Jason, Paul Cruz
× Shingo, Okamura
|
|||||||||||||
| 論文抄録 | ||||||||||||||
| 内容記述タイプ | Other | |||||||||||||
| 内容記述 | Ethereum smart contracts are programs that are deployed and executed in a consensus-based blockchain managed by a peer-to-peer network. Several re-entrancy attacks that aim to steal Ether, the cryptocurrency used in Ethereum, stored in deployed smart contracts have been found in the recent years. A countermeasure to such attacks is based on dynamic analysis that executes the smart contracts themselves, but it requires the spending of Ether and knowledge of attack patterns for analysis in advance. In this paper, we present a static analysis tool named RA (Re-entrancy Analyzer), a combination of symbolic execution and equivalence checking by a satisfiability modulo theories solver to analyze vulnerability of smart contracts to re-entrancy attacks. In contrast to existing tools, RA supports analysis of inter-contract behaviors by using only the Ethereum Virtual Machine bytecodes of target smart contracts, i.e., even without prior knowledge of attack patterns and without spending Ether. Furthermore, RA can verify existence of vulnerability to re-entrancy attacks without execution of smart contracts and it does not provide false positives and false negatives. We also present an implementation of RA to evaluate its performance in analyzing the vulnerability of deployed smart contracts to re-entrancy attacks and show that RA can precisely determine which smart contracts are vulnerable. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.29(2021) (online) DOI http://dx.doi.org/10.2197/ipsjjip.29.537 ------------------------------ |
|||||||||||||
| 論文抄録(英) | ||||||||||||||
| 内容記述タイプ | Other | |||||||||||||
| 内容記述 | Ethereum smart contracts are programs that are deployed and executed in a consensus-based blockchain managed by a peer-to-peer network. Several re-entrancy attacks that aim to steal Ether, the cryptocurrency used in Ethereum, stored in deployed smart contracts have been found in the recent years. A countermeasure to such attacks is based on dynamic analysis that executes the smart contracts themselves, but it requires the spending of Ether and knowledge of attack patterns for analysis in advance. In this paper, we present a static analysis tool named RA (Re-entrancy Analyzer), a combination of symbolic execution and equivalence checking by a satisfiability modulo theories solver to analyze vulnerability of smart contracts to re-entrancy attacks. In contrast to existing tools, RA supports analysis of inter-contract behaviors by using only the Ethereum Virtual Machine bytecodes of target smart contracts, i.e., even without prior knowledge of attack patterns and without spending Ether. Furthermore, RA can verify existence of vulnerability to re-entrancy attacks without execution of smart contracts and it does not provide false positives and false negatives. We also present an implementation of RA to evaluate its performance in analyzing the vulnerability of deployed smart contracts to re-entrancy attacks and show that RA can precisely determine which smart contracts are vulnerable. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.29(2021) (online) DOI http://dx.doi.org/10.2197/ipsjjip.29.537 ------------------------------ |
|||||||||||||
| 書誌レコードID | ||||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||||
| 収録物識別子 | AN00116647 | |||||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 62, 号 9, 発行日 2021-09-15 |
|||||||||||||
| ISSN | ||||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||||
