可重入
计算机安全
计算机科学
智能合约
一致性(知识库)
灵活性(工程)
危害
审计
业务
锁(火器)
风险分析(工程)
块链
会计
经济
工程类
法学
操作系统
人工智能
管理
政治学
机械工程
作者
Jing Deng,Xiaofei Xing,Guoqiang Deng,Ning Hu,Shen Su,Le Wang,Md Zakirul Alam Bhuiyan
标识
DOI:10.32604/cmc.2023.034116
摘要
As one of the major threats to the current DeFi (Decentralized Finance) ecosystem, reentrant attack induces data inconsistency of the victim smart contract, enabling attackers to steal on-chain assets from DeFi projects, which could terribly do harm to the confidence of the blockchain investors. However, protecting DeFi projects from the reentrant attack is very difficult, since generating a call loop within the highly automatic DeFi ecosystem could be very practicable. Existing researchers mainly focus on the detection of the reentrant vulnerabilities in the code testing, and no method could promise the non-existent of reentrant vulnerabilities. In this paper, we introduce the database lock mechanism to isolate the correlated smart contract states from other operations in the same contract, so that we can prevent the attackers from abusing the inconsistent smart contract state. Compared to the existing resolutions of front-running, code audit, and modifier, our method guarantees protection results with better flexibility. And we further evaluate our method on a number of de facto reentrant attacks observed from Etherscan. The results prove that our method could efficiently prevent the reentrant attack with less running cost.
科研通智能强力驱动
Strongly Powered by AbleSci AI