《计算机应用研究》|Application Research of Computers

面向智能合约漏洞检测的改进符号执行研究

Research on improved symbolic execution for smart contract vulnerability detection

免费全文下载 (已被下载 次)  
获取PDF全文
作者 李宗鸿,胡大裟,蒋玉明
机构 四川大学 a.计算机学院;b.四川省大数据分析与融合应用技术工程实验室,成都 610065
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2021)07-004-1943-04
DOI 10.19734/j.issn.1001-3695.2020.10.0353
摘要 由于区块链不可窜改的特性,部署到区块链上的智能合约不可更改。为了提高合约的安全性,防止智能合约出现整数溢出、短地址攻击、伪随机等问题,在合约部署之前需对合约进行漏洞检测。针对智能合约的整数溢出漏洞利用符号执行进行分析研究,对现有符号执行方法进行调查发现检测速度较慢,从而提出一种自底向上求解约束的改进符号执行方法,并结合深度优先与广度优先进行路径选择从而提高符号执行的代码覆盖率。实验结果表明,改进符号执行在选取的100份含溢出漏洞的智能合约中检测正确率达84%,平均检测效率提高了20%,在中等规模智能合约中检测效率提升显著,检测结果正确率较高。
关键词 区块链; 智能合约; 合约漏洞; 符号执行
基金项目 国家重点研发计划资助项目(2020YFB1707900)
四川省科技计划资助项目(2019YFG0400)
本文URL http://www.arocmag.com/article/01-2021-07-004.html
英文标题 Research on improved symbolic execution for smart contract vulnerability detection
作者英文名 Li Zonghong, Hu Dasha, Jiang Yuming
机构英文名 a.College of Computer Science,b.Big Data Analysis & Fusion Application Technology Engineering Laboratory of Sichuan Province,Sichuan University,Chengdu 610065,China
英文摘要 Due to the immutable nature of the blockchain, smart contracts that have been deployed on the blockchain cannot be changed. In order to improve the security of the contract and prevent the smart contract from integer overflow, short address attacks, pseudo-random, etc., it is necessary that perform vulnerability detection on the contract before the contract have been deployed. This paper analyzed and researched the symbolic execution of the integer overflow vulnerability of the smart contract, and the investigation found that the detection speed of existing symbolic execution methods was slow. Then this paper proposed an improved symbolic execution method for solving constraints from the bottom, which combined depth first and breadth first path selection to improve code coverage of symbolic execution. The experimental results show that the improved symbolic execution has a detection accuracy rate of 84% in the selected 100 smart contracts containing overflow vulnerabilities, and the average detection efficiency has increased by 20%. The detection efficiency in medium-scale smart contracts has increased significantly, and the detection results have a higher accuracy high.
英文关键词 blockchain; smart contract; contract vulnerability; symbolic execution
参考文献 查看稿件参考文献
 
收稿日期 2020/10/9
修回日期 2020/11/19
页码 1943-1946
中图分类号 TP309
文献标志码 A