Smart contracts on the Ethereum blockchain continue to suffer from well-published problems. A particular example is the well-known smart contract reentrancy vulnerability, which continues to be exploited. In this article, we present preliminary work on a method which, given a smart contract that may be vulnerable to such a reentrancy attack, proceeds to attempt to automatically derive an "attacker" contract which can be used to successfully attack the vulnerable contract. The method uses property-based testing to generate, semi-randomly, large numbers of potential attacker contracts, and then proceeds to check whether any of them is a successful attacker. The method is illustrated using a case study where an attack is derived for a vulnerable contract.
@InProceedings{ballesteros_et_al:OASIcs.FMBC.2022.3, author = {Ballesteros, Ignacio and Benac-Earle, Clara and de Barrio, Luis Eduardo Bueso and Fredlund, Lars-\r{A}ke and Herranz, \'{A}ngel and Mari\~{n}o, Julio}, title = {{Automatic Generation of Attacker Contracts in Solidity}}, booktitle = {4th International Workshop on Formal Methods for Blockchains (FMBC 2022)}, pages = {3:1--3:14}, series = {Open Access Series in Informatics (OASIcs)}, ISBN = {978-3-95977-250-1}, ISSN = {2190-6807}, year = {2022}, volume = {105}, editor = {Dargaye, Zaynah and Schneidewind, Clara}, publisher = {Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik}, address = {Dagstuhl, Germany}, URL = {https://drops.dagstuhl.de/entities/document/10.4230/OASIcs.FMBC.2022.3}, URN = {urn:nbn:de:0030-drops-171840}, doi = {10.4230/OASIcs.FMBC.2022.3}, annote = {Keywords: Property-Based Testing, Smart Contracts, Reentrancy Attack} }
Feedback for Dagstuhl Publishing