ReSect: A Tool for Automated Analysis of Reentrancy Exploit Transactions on Blockchains

Yuqi Liu, Rui Xi, and Karthik Pattabiraman. To appear in the Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2026. (Acceptance rate: 20%). [ PDF | Talk ] (Code) Code Reproducible, Dataset Reproducible

Abstract: Reentrancy attacks continue to pose a significant threat to the reliability and security of blockchain smart contracts, often leading to substantial financial losses. While various tools aim to detect potential vulnerabilities, the crucial task of analyzing confirmed exploit transactions to understand their specific mechanics remains largely manual, hindering rapid incident response and systematic study. To address this gap, we introduce ReSect, an automated tool for the in-depth analysis of real-world reentrancy exploit transactions. ReSect accurately identifies even complex reentrancy attack transactions (e.g., cross-contract, read-only) by distinguishing contract roles using a novel address grouping heuristic based on deployment provenance. Upon detection, ReSect automatically extracts and characterizes key properties, such as the reentrancy scope and entry point. Our evaluation on a ground-truth dataset of real-world exploits demonstrates that ReSect achieves a 95.6% detection recall and 98.5% characterization accuracy, with a low false positive rate. Furthermore, with a typical analysis time of just 40 milliseconds, ReSect can be integrated into real-time monitoring systems.