摘要
随着密码学和通信技术的发展,传统的纸质合约迎来了革命性的改变,基于密码学这种高科技上的数字化合同逐渐崭露头角,智能合约通过程序代码规定合约条款和触发条件,一旦满足出发条件合约便会自行执行。基于对智能合约存在的重入漏洞、整数溢出漏洞、拒绝服务攻击漏洞和时间戳依赖漏洞等安全漏洞进行的总结分析,提出了针对智能合约漏洞的形式化验证、符号执行、静态分析和污点分析等检测方法,并进行了相关的实验分析,最后提出了总结与展望。
With the development of cryptography and communication technology,traditional paper contracts have ushered in revolutionary changes.Based on cryptography,this high-tech digital contract has gradually emerged.Smart contracts specify contract terms and trigger conditions through program codes.Contracts that meet the starting conditions will be executed on their own.Based on a summary analysis of security vulnerabilities such as reentry vulnerabilities,integer overflow vulnerabilities,denial of service attack vulnerabilities,and timestamp dependency vulnerabilities in smart contracts.The detection methods such as formal verification,symbol execution,static analysis and stain analysis for smart contract vulnerabilities are proposed,and related experimental analysis is carried out,and finally put forward a summary and prospects.
作者
郑忠斌
王朝栋
蔡佳浩
ZHENG Zhong-bin;WANG Chao-dong;CAI Jia-hao(Industrial Internet Innovation Center(Shanghai)Co.,Ltd,Shanghai 200032,China;Shanghai University,Shanghai 201900,China)
出处
《信息安全与通信保密》
2020年第7期93-105,共13页
Information Security and Communications Privacy
关键词
智能合约
安全漏洞
检测方法
实验分析
smart contract
security breach
detection method
experiment analysis
