期刊文献+

基于符号执行的智能合约漏洞检测方案 被引量:16

Smart contract vulnerability detection scheme based on symbol execution
下载PDF
导出
摘要 随着区块链技术的应用推广,智能合约的数量呈现爆发式增长,而智能合约的漏洞将给用户带来巨大损失。但目前研究侧重于以太坊智能合约的语义分析、符号执行的建模与优化等,没有详细描述利用符号执行技术检测智能合约漏洞流程,以及如何检测智能合约常见漏洞。为此,在分析以太坊智能合约的运行机制和常见漏洞原理的基础上,利用符号执行技术检测智能合约漏洞。首先基于以太坊字节码构建智能合约执行控制流图,再根据智能合约漏洞特点设计相应的约束条件,利用约束求解器生成软件测试用例,检测常见的整型溢出、权限控制、Call注入、重入攻击等智能合约漏洞。实验结果表明,所提检测方案具有良好的检测效果,对Awesome-Buggy-ERC20-Tokens漏洞库中70份含漏洞的智能合约的漏洞检测正确率达85%。 Smart contract is one of the core technologies of blockchain,and its security and reliability are very important.With the popularization of blockchain application,the number of smart contracts has increased explosively.And the vulnerabilities of smart contracts will bring huge losses to users.However,the current research focuses on the semantic analysis of Ethereum smart contracts,the modeling and optimization of symbolic execution,and does not specifically describe the process of detecting smart contract vulnerabilities using symbolic execution technology,and how to detect common vulnerabilities in smart contracts.Based on the analysis of the operation mechanism and common vulnerabilities of Ethereum smart contract,the symbol execution technology was used to detect vulnerabilities in smart contracts.Firstly,the smart contract control flow graph was constructed based on Ethereum bytecode,then the corresponding constraint conditions were designed according to the characteristics of smart contract vulnerabilities,and the constraint solver was used to generate software test cases to detect the common vulnerabilities of smart contracts such as integer overflow,access control,call injection and reentry attack.The experimental results show that the proposed detection scheme has good detection effect,and has the accuracy of smart contract vulnerability detection up to 85%on 70 smart contracts with vulnerabilities in Awesome-Buggy-ERC20-Tokens.
作者 赵伟 张问银 王九如 王海峰 武传坤 ZHAO Wei;ZHANG Wenyin*;WANG Jiuru;WANG Haifeng;WU Chuankun(School of Information Science and Engineering,Linyi University,Linyi Shandong 276002,China;School of Computer Science and Engineering,Shandong University of Science and Technology,Qingdao Shandong 266000,China)
出处 《计算机应用》 CSCD 北大核心 2020年第4期947-953,共7页 journal of Computer Applications
基金 山东省重点研发计划项目(2017CXGC0701,2019GNC106027)。
关键词 区块链 智能合约 符号执行 漏洞分析 以太坊 blockchain smart contract symbol execution vulnerability analysis Ethereum
  • 相关文献

参考文献5

二级参考文献23

  • 1王彤彤,韩文报,王航.基于安全需求的软件漏洞分析模型[J].计算机科学,2007,34(9):287-289. 被引量:5
  • 2Brumley D, Poosankam P, et al. Automatic patch-based exploit generation is possible: techniques and implieations[C]// SP' 08: Proceedings of the IEEE Security and Privacy Symposium. NJ: IEEE, 2008:143-157.
  • 3Miller B P, Fredriksenl. An empirical Study of the reliability of UNIX utilities [J]. Communications of the ACM, 1990,33(12) : 32-44.
  • 4Miller Barton P, Gergogy C, Fresriek M. An empirical study of the robustness of MacOS applications using random testing[C]// Proceedings of the 1st International Workshop on Random Tes- ting. New York: ACM, 2006 : 46-54.
  • 5Cowbc, Pu C, et al. StackGuard : Automatic adaptive detection and prevention of buffer-overflow attacks[C] // Proceedings of the 7th conference on USENIX Security Symposium. Berkeley, 1998..5-13.
  • 6King J C. Symbolic execution and program testing[C]//Commu- nications of the ACM. 1976:385-394.
  • 7Cadar C, Ganesh V, et al. EXE: Autornatically generating inputs of death[C] // CCS'06: Proceedings of the 13th ACM Confe- rence on Computer and Communieations Security. New York: ACM, 2006 : 322-335.
  • 8Luk C-K, Robert C, et al. Pin.. building customized program an- alysis tools with dynamic instrumentation[C]//PLDI05 : Procee- dings of the ACM SIGPLAN Conference on Programming Lan- guage Design and Implementation. New York: ACM, 2005 : 190- 200.
  • 9De Moura, Leonardo, Bjmer, et al. Z3: an efficient SMT Solver [C]//TACAS: Proceedings 14th International Conference. Ber- lin: Springer, 2008 : 337-340.
  • 10魏瑜豪,张玉清.基于Fuzzing的MP3播放软件漏洞发掘技术[J].计算机工程,2007,33(24):158-160. 被引量:28

共引文献141

同被引文献137

引证文献16

二级引证文献101

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部