Unity is Strength: Enhancing Precision in Reentrancy Vulnerability Detection of Smart Contract Analysis Tools
Zexu Wang, Jiachi Chen, Zibin Zheng, Peilin Zheng, Yu Zhang, Weizhe Zhang
TL;DR
This work tackles persistent false positives in Reentrancy vulnerability detection for smart contracts by introducing ReEP, a two-phase framework that first uses targeted state search to prune the analysis space and then applies cross-contract symbolic execution to verify vulnerability path reachability. ReEP leverages existing detectors (Origin Tools), a Function Dependency Graph, and a State Maximal Correlation CFG to guide efficient analysis, and instrumentalizes cross-contract analysis with a Global Storage and a Call-Return Monitor to maintain correct contract contexts. Empirically, ReEP substantially boosts precision (average from ~0.5% to ~73%), preserves recall on a standard dataset, and demonstrates strong extensibility by merging up to six detectors to reach 83.6% precision. The approach unites static/dynamic techniques, reduces manual verification workload, and enables scalable detection of evolving Reentrancy patterns in real-world contracts, with open-source availability for community use.
Abstract
Reentrancy is one of the most notorious vulnerabilities in smart contracts, resulting in significant digital asset losses. However, many previous works indicate that current Reentrancy detection tools suffer from high false positive rates. Even worse, recent years have witnessed the emergence of new Reentrancy attack patterns fueled by intricate and diverse vulnerability exploit mechanisms. Unfortunately, current tools face a significant limitation in their capacity to adapt and detect these evolving Reentrancy patterns. Consequently, ensuring precise and highly extensible Reentrancy vulnerability detection remains critical challenges for existing tools. To address this issue, we propose a tool named ReEP, designed to reduce the false positives for Reentrancy vulnerability detection. Additionally, ReEP can integrate multiple tools, expanding its capacity for vulnerability detection. It evaluates results from existing tools to verify vulnerability likelihood and reduce false positives. ReEP also offers excellent extensibility, enabling the integration of different detection tools to enhance precision and cover different vulnerability attack patterns. We perform ReEP to eight existing state-of-the-art Reentrancy detection tools. The average precision of these eight tools increased from the original 0.5% to 73% without sacrificing recall. Furthermore, ReEP exhibits robust extensibility. By integrating multiple tools, the precision further improved to a maximum of 83.6%. These results demonstrate that ReEP effectively unites the strengths of existing works, enhances the precision of Reentrancy vulnerability detection tools.