A Data Consistency Insurance Method for Smart Contract  

作　　者：Jing Deng Xiaofei Xing Guoqiang Deng Ning Hu Shen Su Le Wang Md Zakirul Alam Bhuiyan 

机构地区：[1]School of Computer Science and Cyber Engineering,Guangzhou University,Guangzhou,510006,China [2]Information Network Engineering and Reasearch Center,South China University of Technology,Guangzhou,510640,China [3]Cyberspace Institute of Advanced Technology,Guangzhou University,Guangzhou,510006,China [4]Department of Computer and Information Sciences,Fordham University,New York,10458,USA

出　　处：《Computers, Materials & Continua》2023年第9期3783-3795,共13页计算机、材料和连续体（英文）

基　　金：supported byNationalKeyResearch andDevelopment Plan(Grant No.2018YFB1800701);Key-Area Research and Development Program of Guangdong Province 2020B0101090003,CCF-NSFOCUS Kunpeng Scientific Research Fund(CCF-NSFOCUS 2021010);National Natural Science Foundation of China(Grant Nos.61902083,62172115,61976064);Guangdong Higher Education Innovation Group 2020KCXTD007 and Guangzhou Higher Education Innovation Group(No.202032854);Guangzhou Fundamental Research Plan of“Municipalschool”Jointly Funded Projects(No.202102010445).

摘　　要：As one of the major threats to the current DeFi(Decentralized Finance)ecosystem,reentrant attack induces data inconsistency of the victim smart contract,enabling attackers to steal on-chain assets from DeFi projects,which could terribly do harm to the confidence of the blockchain investors.However,protecting DeFi projects from the reentrant attack is very difficult,since generating a call loop within the highly automatic DeFi ecosystem could be very practicable.Existing researchers mainly focus on the detection of the reentrant vulnerabilities in the code testing,and no method could promise the non-existent of reentrant vulnerabilities.In this paper,we introduce the database lock mechanism to isolate the correlated smart contract states from other operations in the same contract,so that we can prevent the attackers from abusing the inconsistent smart contract state.Compared to the existing resolutions of front-running,code audit,andmodifier,our method guarantees protection resultswith better flexibility.And we further evaluate our method on a number of de facto reentrant attacks observed from Etherscan.The results prove that our method could efficiently prevent the reentrant attack with less running cost.

关 键 词：Blockchain smart contract data consistency reentrancy attack 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]