Welcome back: a systematic literature review of smart contract reentrancy and countermeasures

Background: Smart contracts are revolutionizing the way two or more parties subscribe and apply an agreement. The main reason is that they promise to increase efficiency, transparency, and security. However, their inherent vulnerabilities can lead to automated exploits, resulting in significant resource losses. Among these, reentrancy is one of the most impactful security flaws. Over the past few years, reentrancy vulnerabilities have caused substantial financial damage and threatened the viability of entire blockchain ecosystems. Therefore, investigating whether reentrancy can be effectively mitigated and exploring the methodologies designed to address it is crucial. Methodology: The present paper aims to provide a comprehensive understanding of the impact of reentrancy vulnerabilities in Ethereum smart contracts and to assess the theoretical and practical approaches proposed to counter them. By following the PRISMA framework, we conduct a literature review of academic publications to identify, screen, and analyze relevant studies on detection and mitigation techniques. Results: Our findings indicate that the estimated financial loss due to reentrancy attacks amounted to around 350 million USD by 2023, with increasing frequency and profitability of incidents. Despite advancements in mitigation tools, particularly machine learning, they only partially address vulnerabilities and remain ineffective against zero-day attacks. Contribution: This paper identifies critical challenges in reentrancy detection, including the lack of standardized benchmarks and data on zero-day vulnerabilities. It emphasizes the need for unified datasets and evaluation frameworks to facilitate fair comparisons, improving detection effectiveness. Additionally, it highlights the need for tools addressing all four reentrancy vulnerability types and reporting performance results.