Combating Reentrancy Bugs on Sharded Blockchains
- URL: http://arxiv.org/abs/2506.05932v1
- Date: Fri, 06 Jun 2025 09:57:03 GMT
- Title: Combating Reentrancy Bugs on Sharded Blockchains
- Authors: Roman Kashitsyn, Robin Künzler, Ognjen Marić, Lara Schmid,
- Abstract summary: Reentrancy is a well-known source of smart contract bugs on sharded blockchains.<n>We study the features of this model and its effect on reentrancy bugs on three examples.<n>We present novel Rust and Motoko patterns that can be leveraged on ICP to solve these issues.
- Score: 0.0
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: Reentrancy is a well-known source of smart contract bugs on Ethereum, leading e.g. to double-spending vulnerabilities in DeFi applications. But less is known about this problem in other blockchains, which can have significantly different execution models. Sharded blockchains in particular generally use an asynchronous messaging model that differs substantially from the synchronous and transactional model of Ethereum. We study the features of this model and its effect on reentrancy bugs on three examples: the Internet Computer (ICP) blockchain, NEAR Protocol, and MultiversX. We argue that this model, while useful for improving performance, also makes it easier to introduce reentrancy bugs. For example, reviews of the pre-production versions of some of the most critical ICP smart contracts found that 66% (10/15) of the reviewed contracts -- written by expert authors -- contained reentrancy bugs of medium or high severity, with potential damages in tens of millions of dollars. We evaluate existing Ethereum programming techniques (in particular the effects-checks-interactions pattern, and locking) to prevent reentrancy bugs in the context of this new messaging model and identify some issues with them. We then present novel Rust and Motoko patterns that can be leveraged on ICP to solve these issues. Finally, we demonstrate that the formal verification tool TLA+ can be used to find and eliminate such bugs in real world smart contracts on sharded blockchains.
Related papers
- Decompiling Smart Contracts with a Large Language Model [51.49197239479266]
Despite Etherscan's 78,047,845 smart contracts deployed on (as of May 26, 2025), a mere 767,520 ( 1%) are open source.<n>This opacity necessitates the automated semantic analysis of on-chain smart contract bytecode.<n>We introduce a pioneering decompilation pipeline that transforms bytecode into human-readable and semantically faithful Solidity code.
arXiv Detail & Related papers (2025-06-24T13:42:59Z) - Copy-and-Paste? Identifying EVM-Inequivalent Code Smells in Multi-chain Reuse Contracts [30.94426976245966]
More developers are reusing Solidity contracts on other compatible blockchains.<n>This inconsistency reveals design flaws in reused contracts, exposing code smells that hinder code reusability.<n>In this paper, we conducted the first empirical study to reveal the causes and characteristics of EVM-Inequivalent Code Smells.
arXiv Detail & Related papers (2025-04-10T09:37:19Z) - BlockFound: Customized blockchain foundation model for anomaly detection [47.04595143348698]
BlockFound is a customized foundation model for anomaly blockchain transaction detection.
We introduce a series of customized designs to model the unique data structure of blockchain transactions.
BlockFound is the only method that successfully detects anomalous transactions on Solana with high accuracy.
arXiv Detail & Related papers (2024-10-05T05:11:34Z) - Generative AI-enabled Blockchain Networks: Fundamentals, Applications,
and Case Study [73.87110604150315]
Generative Artificial Intelligence (GAI) has emerged as a promising solution to address challenges of blockchain technology.
In this paper, we first introduce GAI techniques, outline their applications, and discuss existing solutions for integrating GAI into blockchains.
arXiv Detail & Related papers (2024-01-28T10:46:17Z) - Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examination and Codification of Vulnerabilities in Prominent Blockchains [0.0]
In this paper, we propose the most complete list of smart contract vulnerabilities with a detailed explanation of each one of them.
In addition, we propose a new codification system that facilitates the communication of those vulnerabilities between developers and researchers.
arXiv Detail & Related papers (2023-12-01T11:01:06Z) - Secure compilation of rich smart contracts on poor UTXO blockchains [0.8192907805418581]
We present ILLUM, an Intermediate-Level Language for the UTXO Model.
We define a compiler from ILLUM to a bare-bone UTXO blockchain with loop-free scripts.
We exploit covenants, a mechanism for preserving scripts along chains of transactions.
arXiv Detail & Related papers (2023-05-16T15:40:18Z) - Blockchain Large Language Models [65.7726590159576]
This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions.
The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System.
arXiv Detail & Related papers (2023-04-25T11:56:18Z) - Graph Neural Networks Enhanced Smart Contract Vulnerability Detection of
Educational Blockchain [4.239144309557045]
This paper proposes a graph neural network based vulnerability detection for smart contracts in educational blockchains.
The experimental results show that the proposed method is effective for the vulnerability detection of smart contracts.
arXiv Detail & Related papers (2023-03-08T09:58:58Z) - An Empirical Study on Real Bug Fixes from Solidity Smart Contract
Projects [37.39791127265096]
We conduct an empirical study on historical bug fixes from 46 real-world Solidity smart contract projects.
We distill four findings during the process to explore these four questions.
We provide actionable implications to improve the current approaches to fixing bugs in Solidity smart contracts.
arXiv Detail & Related papers (2022-10-21T14:26:53Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z) - Quantum Multi-Solution Bernoulli Search with Applications to Bitcoin's
Post-Quantum Security [67.06003361150228]
A proof of work (PoW) is an important cryptographic construct enabling a party to convince others that they invested some effort in solving a computational task.
In this work, we examine the hardness of finding such chain of PoWs against quantum strategies.
We prove that the chain of PoWs problem reduces to a problem we call multi-solution Bernoulli search, for which we establish its quantum query complexity.
arXiv Detail & Related papers (2020-12-30T18:03:56Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.