ReJection: A AST-Based Reentrancy Vulnerability Detection Method

Blockchain is deeply integrated into the vertical industry, and gradually forms an application ecosphere of blockchain in various industries. However, the security incidents of blockchain occur frequently, and especially smart contracts have become the badly-disastered area. So avoiding security incidents caused by smart contracts has become an essential topic for blockchain developing. Up to now, there is not generic method for the security auditing of smart contracts and most researchers have to use existing vulnerability detection technology. To reduce the high false rate of smart contract vulnerability detection, we use ReJection, a detection method based on abstract syntax tree (AST), to focus on the reentrancy vulnerability with obvious harm and features in smart contracts. ReJection consists of four steps. Firstly, ReJection obtains the AST corresponding to the contract by the smart contract compiler solc. Then, AST is preprocessed to eliminate redundant information. Thirdly, ReJection traverses the nodes of the AST and records the notations related to reentrancy vulnerabilities during the traversal, such as Danger-Transfer function, Checks-Effects-Interactions pattern and mutex mechanism. Finally, ReJection uses record information and predefined rules to determine whether the reentrancy vulnerability is occurred. ReJection is implemented based on Slither, which is an open-source smart contract vulnerability detection tool. Furthermore, we also use the open-source smart contract code as the test program to compare experimental results to verify the effects with the ReJection and Slither. The result highlights that the ReJection has higher detection accuracy for reentrancy vulnerability.