An evaluation of the reentrancy vulnerability on GoQuorum-based smartcontracts
S.M. Op den Orth (TU Delft - Electrical Engineering, Mathematics and Computer Science)
K. Liang – Mentor (TU Delft - Cyber Security)
H. Chen – Graduation committee member (TU Delft - Cyber Security)
O.E. Scharenborg – Coach (TU Delft - Multimedia Computing)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Within the context of the Ethereum blockchain protocol, reentrancy is a well-known and well-researched smart contract vulnerability. However, when considering GoQuorum, an Ethereum soft fork, barely any research discussing smart contract vulnerabilities exists. This report aims to partly fill this research gap by evaluating the reentrancy smart contract vulnerability in the context of a GoQuorum network. First, the reentrancy attack was demonstrated and its attack features evaluated. Then any known countermeasures were collected. Moreover, it was proposed that some GoQuorum features may also be used as mitigation techniques. Finally, each countermeasure was assessed and categorized. Of all the methods, the checks-effects-interactions pattern is the most direct way to deal with the reentrancy vulnerability. To maximize contract security, however, it is advised to use a combination of the specified prevention and mitigation techniques.