Clairvoyance

Static program analysis still plays a key role in detecting and fixing vulnerabilities (e.g., reentrancy) in smart contracts. However, the existing static analyzers still suffer from two major limitations:

• lack of inter-contract analysis
• lack of path feasibility due to the techniques used by programmers to prevent reentrancy (e.g.,permission controls, hard-coded addresses and execution locks).

In this work, we present Clairvoyance, a cross-function and cross-contract static analysis by identifying infeasible paths for detecting reentrancy vulnerabilities in smart contracts.

Note

To reduce FNs, we enable, for the first time, a cross-contract call chain analysis by tracking possibly tainted paths. To reduce FPs, we have conducted extensive empirical studies and summarized five major path protective techniques (PPTs) to support fast yet precise path feasibility checking.

We have implemented our approach and compared Clairvoyance with three state-of-the-art approaches on 17770 real-worlds contracts. Results show that Clairvoyance yields the best detection accuracy among all tools and also finds 76 unknown reentrancy vulnerabilities. In addition, Clairvoyance is comparable to the fastest rule-based tool (i.e., Slither) in analysis time, but significantly faster than verification-based tools Oyente and Securify.

In this website, we sample some vulnerable smart contract code which are pointed out by Clairvoyance and show our exploits. Each exploit consists of the metadata of contract (e.g. transaction count, ethers it involved), the exploit code and concise explanations. Exploits will be continuously updated in the future.

Supplementary Materials:

1. FPs Overlapping

Please see FP Venn Diagram

2. Our Dataset

We publish the dataset which has been used in our empirical study and evaluations in empirical study data (11714 contracts) and evaluation data (17770 contracts). Paricularly, the dataset used in our empirical study is directly crawled from Ethereum block chain. To differ from empirical study dataset, in evaluations, we firstly obtain smart contract deployment addresses from Google BigQuery public dataset, introduced in https://cloud.google.com/blog/products/data-analytics/ethereum-bigquery-public-dataset-smart-contract-analytics. Then we download contracts by accessing the Etherscan API with smart contract deployment addresses.

3. F1 Score of Tools

To compare the tools used in experiment and assess their effectiveness intuitively, we calculate the f1 scores and list them in the following table.

	Slither	Oyente	Securify	Clairvoyance
Precision	1.85%	14.28%	0.49%	73.80%
Recall	2.45%	3.27%	2.45%	100.0%
F1 Score	2.10%	5.32%	0.81%	84.92%

Online Service:

We provide online detection service in http://47.100.164.141:8080/. For detection usage, please paste your suspicious smart contract code into the edit area. The detection process will start if you press the “go” button. The report of vulnerabilities will be listed.

Precisions and Case Studys:

• FPs Venn Diagram
• Attack 01
• Attack 02
• Attack 03
• Attack 04
• Attack 05
• Attack 06
• Attack 07
• Attack 08
• Attack 09
• Attack 10
• Attack 11
• Attack 12
• Attack 13
• Attack 14
• Attack 15
• Attack 16
• Attack 17
• Attack 18
• Attack 19
• Attack 20