Involuntary Transfer: A Vulnerability Pattern in Smart Contracts

Abstract

Read online

Smart Contracts (SCs) communicate with each other using external calls. Their interactions can be malicious, resulting in the loss of Ether. One can blame the reentrancy attack for this exploitation. Several previous endeavors detected the reentrancy vulnerability by creating testing tools using static analysis like Remix. However, these approaches do not execute the programs. Hence, we cannot confirm their actual results. In this paper, we present TechyTech that detects both reentrancy and ${\mathtt { tx.origin}}$ vulnerabilities using a novel dynamic analysis approach of involuntary transfer (i.e., unintended transfer). Henceforth, we use a tree-based categorization string to distinguish the two vulnerabilities and their variations. Further, our research discusses multiple SC-related issues like the hijackedStack, deployed owner, and non-generation of transaction receipts in connection with reentrant calls, which we could not find in previous work. Through an example, we demonstrate how the actual Ether transfer is greater than the intended due to reentrancy.

Keywords

• Dynamic analysis
• static analysis
• reentrancy
• smart contract
• solidity
• tx.origin%22%2C%22default_operator%22%3A%22AND%22%7D%7D%7D"> <monospace xmlns:ali="http://www.niso.org/schemas/ali/1.0/" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">tx.origin</monospace>