Protecting smart contracts of Decentralized Finance systems against Reentrancy attacks

Protecting smart contracts of Decentralized Finance systems against Reentrancy attacks

El Coudi El Amrani, Nafie (TU Delft Electrical Engineering, Mathematics and Computer Science; TU Delft Cyber Security)

Ersoy, O. (mentor)
Erkin, Z. (graduation committee)
Urbano, Julián (graduation committee)

Delft University of Technology

Computer Science and Engineering

CSE3000 Research Project

2021-07-01

Reentrancy attacks target smart contracts of Decentralized Finance systems that contain coding errors caused by developers. This type of attacks caused, in the past 5 years, the loss of over 400 million USD. Several countermeasures were developed that use patterns to detect reentrancy attacks on smart contracts before deployment on the Ethereum blockchain. However, the smart contracts are by default public and immutable once deployed on the blockchain. That is why the research question is: How can we protect smart contracts of DeFi systems deployed on the Ethereum blockchain that are known to be vulnerable to reentrancy attacks? A solution that detects reentrancy attacks on smart contracts after their deployment is presented in this paper. It flags transactions when a difference is found between the users' funds on both the application and protocol layers before and after each transaction using special made smart wallets. A proof of concept shows that the proposed solution can detect reentrancy attempts and stop them during the execution phase of smart contracts.

Reentrancy attacks
Decentralized Finance Systems
Smart contracts

http://resolver.tudelft.nl/uuid:f641edcf-5695-4248-81c1-07084b196c9b

Student theses

bachelor thesis

© 2021 Nafie El Coudi El Amrani