Eric Ngo

Publication Date

Spring 2024

Degree Type

Master's Project

Degree Name

Master of Science in Computer Science (MSCS)

Department

Computer Science

First Advisor

Thomas Austin

Second Advisor

Katerina Potika

Third Advisor

Genya Ishigaki

Keywords

Blockchain, Reentrancy Attack, Smart Contract, Interpreter

Abstract

Smart contracts, while revolutionizing the blockchain with their immutable nature, are prone to attacks such the reentrancy attack. This attack allows malicious adversaries to repeately enter a contract before previous executions are completed. SpartanScript, a custom dialect of Scheme, is a way for developers to write and develop contracts in an experimental blockchain environment like SpartanGold. Compared to cryptocurrencies that use a virtual machine to run on the blockchain, SpartanScript utilizes a simplified interpreter for rapid prototyping. However, SpartanScript does not have a way to detect and warn developers of reentrancy vulnerabilities. Hence, there is a need to implement reliable reentrancy prevention during smart contract development.

This project modifies SpartanScript’s interpreter to check smart contract functions that deal with transactions and mark any reentrant vulnerabilities. The addition of new detection functions and the define-r expression checks for locks, modifiers, the checks-effects-interactions pattern, and other vulnerabilities. To demonstrate SpartanScript’s new prevention measures, various reentrancy attacks, such as basic, cross-function, and cross-contracts were created in contracts. Key strategies on how to detect such attacks are implemented in the interpreter so that it warns the developer when such vulnerabilities arises. The results showcased the modified SpartanScript’s ability to identify and mark most vulnerable contracts successfully.

Download

Available for download on Thursday, May 22, 2025

Share

COinS