信息安全研究2025,Vol.11Issue(4):333-342,10.DOI:10.12379/j.issn.2096-1057.2025.04.06
基于多访问控制的智能合约重入攻击防御方法
Multi-access Controls for Defense Against Smart Contract Reentry Attacks
摘要
Abstract
In order to solve the problem of re-entry attacks caused by the vulnerability of smart contracts in handling external contract calls,a smart contract re-entry attack defense method based on Multiple Access Controls(MAC)is proposed.By using MAC,only the contract owner is allowed to make calls and prevent functions from repeatedly entering the same transaction during execution;at the same time,the state variable is modified to store the secure contract address and update the contract state.Finally,formal verification is used to run the defended smart contract.In this paper,we verifies the method with a bank deposit and withdrawal transaction model.The experimental results show that the smart contract using this defense method can effectively solve the problem of re-entry attacks when external contracts are invoked.Compared with other mainstream defense methods,it has higher feasibility,effectiveness,logical correctness and comprehensibility;compared with the undefended contract,the defended smart contract reduces the equivalent memory usage by 64.51%,and the running time is also shortened.关键词
智能合约/多访问控制/重入攻击/形式化验证/银行存取款Key words
smart contract/multiple access controls/reentry attacks/formal authentication/bank access分类
计算机与自动化引用本文复制引用
陈虹,谢金彤,金海波,武聪,马博宇..基于多访问控制的智能合约重入攻击防御方法[J].信息安全研究,2025,11(4):333-342,10.基金项目
国家自然科学基金项目(62173171) (62173171)
辽宁省教育厅科研项目(LJKFZ20220198) (LJKFZ20220198)
