Protecting smart contracts of Decentralized Finance systems against Reentrancy attacks

Bachelor thesis (2021)

Authors

N. El Coudi El Amrani Electrical Engineering, Mathematics and Computer Science

Contributors

O. Ersoy Data-Intensive Systems - EEMCS (supervisor 1)
Z. Erkin Cyber Security - EEMCS (supervisor 2)
Julián Urbano (coach)
Faculty
Electrical Engineering, Mathematics and Computer Science
Copyright: © 2021 Nafie El Coudi El Amrani
Smart contracts Decentralized Finance Systems Reentrancy attacks
More Info
expand_more

Published Date

01-07-2021

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

Reentrancy attacks target smart contracts of Decentralized Finance systems that contain coding errors caused by developers. This type of attacks caused, in the past 5 years, the loss of over 400 million USD. Several countermeasures were developed that use patterns to detect reentrancy attacks on smart contracts before deployment on the Ethereum blockchain. However, the smart contracts are by default public and immutable once deployed on the blockchain. That is why the research question is: How can we protect smart contracts of DeFi systems deployed on the Ethereum blockchain that are known to be vulnerable to reentrancy attacks? A solution that detects reentrancy attacks on smart contracts after their deployment is presented in this paper. It flags transactions when a difference is found between the users' funds on both the application and protocol layers before and after each transaction using special made smart wallets. A proof of concept shows that the proposed solution can detect reentrancy attempts and stop them during the execution phase of smart contracts.