Protecting smart contracts of Decentralized Finance systems against Reentrancy attacks
N. El Coudi El Amrani (TU Delft - Electrical Engineering, Mathematics and Computer Science)
Oğuzhan Ersoy – Mentor (TU Delft - Data-Intensive Systems)
Z. Erkin – Graduation committee member (TU Delft - Cyber Security)
J. Urbano – Coach (TU Delft - Multimedia Computing)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Reentrancy attacks target smart contracts of Decentralized Finance systems that contain coding errors caused by developers. This type of attacks caused, in the past 5 years, the loss of over 400 million USD. Several countermeasures were developed that use patterns to detect reentrancy attacks on smart contracts before deployment on the Ethereum blockchain. However, the smart contracts are by default public and immutable once deployed on the blockchain. That is why the research question is: How can we protect smart contracts of DeFi systems deployed on the Ethereum blockchain that are known to be vulnerable to reentrancy attacks? A solution that detects reentrancy attacks on smart contracts after their deployment is presented in this paper. It flags transactions when a difference is found between the users' funds on both the application and protocol layers before and after each transaction using special made smart wallets. A proof of concept shows that the proposed solution can detect reentrancy attempts and stop them during the execution phase of smart contracts.