Unity is Strength: Enhancing Precision in Reentrancy Vulnerability Detection of Smart Contract Analysis Tools
CoRR(2024)
摘要
Reentrancy is one of the most notorious vulnerabilities in smart contracts,
resulting in significant digital asset losses. However, many previous works
indicate that current Reentrancy detection tools suffer from high false
positive rates. Even worse, recent years have witnessed the emergence of new
Reentrancy attack patterns fueled by intricate and diverse vulnerability
exploit mechanisms. Unfortunately, current tools face a significant limitation
in their capacity to adapt and detect these evolving Reentrancy patterns.
Consequently, ensuring precise and highly extensible Reentrancy vulnerability
detection remains critical challenges for existing tools. To address this
issue, we propose a tool named ReEP, designed to reduce the false positives for
Reentrancy vulnerability detection. Additionally, ReEP can integrate multiple
tools, expanding its capacity for vulnerability detection. It evaluates results
from existing tools to verify vulnerability likelihood and reduce false
positives. ReEP also offers excellent extensibility, enabling the integration
of different detection tools to enhance precision and cover different
vulnerability attack patterns. We perform ReEP to eight existing
state-of-the-art Reentrancy detection tools. The average precision of these
eight tools increased from the original 0.5
Furthermore, ReEP exhibits robust extensibility. By integrating multiple tools,
the precision further improved to a maximum of 83.6
that ReEP effectively unites the strengths of existing works, enhances the
precision of Reentrancy vulnerability detection tools.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要