CSE Talk: Safe Reentrancy with Ethan Cecchetti

Speaker Name: 
Ethan Cecchetti
Start Time: 
Thursday, August 22, 2019 - 11:00am
End Time: 
Thursday, August 22, 2019 - 12:00pm
Location: 
Engineering 2 - Room 215
Organizer: 
CSE Professor Owen Arden

Abstract:

In 2016 attackers stole $50 million from the DAO, and Ethereum contract, using an unexpected callback. The attack drew enormous attention to so-called "reentrancy" vulnerabilities which impact not only smart contracts but also a variety of other settings where components must interact without mutual trust. The publicity resulted in a number of tools to detect potentially vulnerabilities and best practice recommendations that essentially remove reentrancy entirely.  

This talk will outline a notion of "safe reentrancy" and discuss how to enforce it. In particular, we use a mix of static and dynamic language-based techniques including an information flow type system that interacts with a dynamic locking construct.