License: Creative Commons Attribution 4.0 International license (CC BY 4.0)
When quoting this document, please refer to the following
DOI: 10.4230/OASIcs.FMBC.2022.3
URN: urn:nbn:de:0030-drops-171840
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2022/17184/
Go to the corresponding OASIcs Volume Portal

Ballesteros, Ignacio ; Benac-Earle, Clara ; de Barrio, Luis Eduardo Bueso ; Fredlund, Lars-Åke ; Herranz, Ángel ; Mariño, Julio

Automatic Generation of Attacker Contracts in Solidity

pdf-format:
OASIcs-FMBC-2022-3.pdf (0.6 MB)

Abstract

Smart contracts on the Ethereum blockchain continue to suffer from well-published problems. A particular example is the well-known smart contract reentrancy vulnerability, which continues to be exploited. In this article, we present preliminary work on a method which, given a smart contract that may be vulnerable to such a reentrancy attack, proceeds to attempt to automatically derive an "attacker" contract which can be used to successfully attack the vulnerable contract. The method uses property-based testing to generate, semi-randomly, large numbers of potential attacker contracts, and then proceeds to check whether any of them is a successful attacker. The method is illustrated using a case study where an attack is derived for a vulnerable contract.

BibTeX - Entry

@InProceedings{ballesteros_et_al:OASIcs.FMBC.2022.3,
  author =	{Ballesteros, Ignacio and Benac-Earle, Clara and de Barrio, Luis Eduardo Bueso and Fredlund, Lars-\r{A}ke and Herranz, \'{A}ngel and Mari\~{n}o, Julio},
  title =	{{Automatic Generation of Attacker Contracts in Solidity}},
  booktitle =	{4th International Workshop on Formal Methods for Blockchains (FMBC 2022)},
  pages =	{3:1--3:14},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-250-1},
  ISSN =	{2190-6807},
  year =	{2022},
  volume =	{105},
  editor =	{Dargaye, Zaynah and Schneidewind, Clara},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/opus/volltexte/2022/17184},
  URN =		{urn:nbn:de:0030-drops-171840},
  doi =		{10.4230/OASIcs.FMBC.2022.3},
  annote =	{Keywords: Property-Based Testing, Smart Contracts, Reentrancy Attack}
}

Keywords: Property-Based Testing, Smart Contracts, Reentrancy Attack
Collection: 4th International Workshop on Formal Methods for Blockchains (FMBC 2022)
Issue Date: 2022
Date of publication: 06.10.2022

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI