A Data Consistency Insurance Method for Smart Contract

As one of the major threats to the current DeFi (Decentralized Finance) ecosystem, reentrant attack induces data inconsistency of the victim smart contract, enabling attackers to steal on-chain assets from DeFi projects, which could terribly do harm to the confidence of the blockchain investors. However, protecting DeFi projects from the reentrant attack is very difficult, since generating a call loop within the highly automatic DeFi ecosystem could be very practicable. Existing researchers mainly focus on the detection of the reentrant vulnerabilities in the code testing, and no method could promise the non-existent of reentrant vulnerabilities. In this paper, we introduce the database lock mechanism to isolate the correlated smart contract states from other operations in the same contract, so that we can prevent the attackers from abusing the inconsistent smart contract state. Compared to the existing resolutions of front-running, code audit, and modifier, our method guarantees protection results with better flexibility. And we further evaluate our method on a number of de facto reentrant attacks observed from Etherscan. The results prove that our method could efficiently prevent the reentrant attack with less running cost.