计算机科学 ›› 2022, Vol. 49 ›› Issue (3): 52-61.doi: 10.11896/jsjkx.210700004

• 新兴分布式计算技术与系统* 上一篇    下一篇

以太坊Solidity智能合约漏洞检测方法综述

张潆藜, 马佳利, 刘子昂, 刘新, 周睿   

  1. 兰州大学信息科学与工程学院 兰州730000
  • 收稿日期:2021-07-01 修回日期:2021-08-19 出版日期:2022-03-15 发布日期:2022-03-15
  • 通讯作者: 周睿(zr@lzu.edu.cn)
  • 作者简介:(zhangyingli2020@lzu.edu.cn)
  • 基金资助:
    国家重点研发计划(2020YFC0832500);甘肃省科技重大专项创新联合体项目(项目号1);国家自然科学基金(61402210);青海省科技计划(2020-GX-164);教育部-中国移动科研基金项目(MCM20170206);兰州大学中央高校基本科研业务费专项资金(lzujbky-2021-sp47,lzujbky-2020-sp02,lzujbky-2019-kb51,lzujbky-2018-k12)

Overview of Vulnerability Detection Methods for Ethereum Solidity Smart Contracts

ZHANG Ying-li, MA Jia-li, LIU Zi-ang, LIU Xin, ZHOU Rui   

  1. School of Information Science & Engineering,Lanzhou University,Lanzhou 730000,China
  • Received:2021-07-01 Revised:2021-08-19 Online:2022-03-15 Published:2022-03-15
  • About author:ZHANG Ying-li,born in 1997,postgra-duate.Her main research interests include web security and blockchain security.
    ZHOU Rui,born in 1981,associate professor.His main research interests include distributed systems,embedded systems and machine learning.
  • Supported by:
    National Key R & D Program of China(2020YFC0832500),Gansu Provincial Science and Technology Major Special Innovation Consortium Project(Project No.1),National Natural Science Foundation of China(61402210),Science and Technology Plan of Qinghai Province(2020-GX-164),Ministry of Education-China Mobile Research Foundation(MCM20170206) and Fundamental Research Funds for the Central Universities(lzujbky-2021-sp47,lzujbky-2020-sp02,lzujbky-2019-kb51,lzujbky-2018-k12).

摘要: 以太坊Solidity智能合约基于区块链技术,作为一种旨在以信息化方式传播、验证或执行的计算机协议,为各类分布式应用服务提供了基础。虽然落地还不足6年,但因其安全漏洞事件频繁爆发,且造成了巨大的经济损失,使得其安全性检查方面的研究备受关注。首先基于以太坊相关技术对智能合约的一些特殊机制和运行原理进行介绍,并根据智能合约的自身特性对一些出现频率较高的智能合约漏洞进行分析,然后从符号执行、模糊测试、形式化验证和污点分析等方面分类阐述了传统的主流智能合约漏洞检测工具。此外,为了应对层出不穷的新型漏洞以及提高漏洞检测效率的需求,将近年来基于机器学习的漏洞检测技术依据其问题转化方式的不同做了分类总结,并从文本处理、非欧几里得图和标准图像3个角度进行了简要介绍。最后,针对两类检测方向的不足之处,提出了建立相关标准化、规范化信息库以及衡量指标的建议。

关键词: 安全漏洞, 机器学习, 漏洞检测工具, 区块链, 智能合约

Abstract: Based on blockchain technology,Ethereum Solidity smart contract as a computer protocol is designed to spread,verify,or execute contracts in an informative way,and it provides a foundation for various distributed application services.Although implemented for less than six years,its security problems have frequently broken out and caused substantial financial losses,which attracts more attention in the security inspection research.This paper firstly introduces some specific mechanisms and operating principles of smart contracts based on Ethereum related techniques,and analyzes some smart contract vulnerabilities occurring frequently and deriving from the characteristics of smart contracts.Then,this paper explains the traditional mainstream smart contract vulnerability detecting tools in terms of symbolic execution,fuzzing,formal verification,and taint analysis.In addition,in order to cope with the endless new vulnerabilities and the need to improve the efficiency of detection,vulnerabilities detection based on machine learning in recent years is classified and summarized according to the various ways of problem transformation in three perspectives including text processing,non-Euclidean graph and standard image.Finally,this paper proposes to formulate more extensive and accurate standardized information database and measurement indicators towards the insufficiency of the detection methods in two directions.

Key words: Blockchain, Machine learning, Security vulnerability, Smart contracts, Vulnerability detection tools

中图分类号: 

  • TP311
[1]WEI A,HUANG Z Y,ZHOU M A.Research on Smart Contract Security and Implementation Specifications[J].Information Security and Technology,2020,11(3):44-49.
[2]YUAN Y,WANG F Y.Current status and prospects of blockchain technology development[J].Acta Automatica Sinica,2016,42(4):481-494.
[3]YIN M,MALKHI D,REITER M K,et al.HotStuff:BFT Consensus in the Lens of Blockchain[J].arXiv:1803.05069,2019.
[4]KIAYIAS A,MILLER A,ZINDROS D.Non-interactive proofs of proof-of-work[C]//International Conference on Financial Cryptography and Data Security.Cham:Springer,2020:505-522.
[5]BUTERIN V.A next-generation smart contract and decentra-lized application platform[EB/OL].https://the -blockchain.com/docs/Ethereum_white_paper-a_next_generation_smart_contract_and_decentralized_application_platform-vitalik-buterin.pdf.
[6]FU M L,WU L F,HONG Z,et al.Research on mining techno-logy of smart contract security vulnerabilities[J].Journal of Computer Applications,2019,39(7):1959-1966.
[7]SHIER C,MEHAR M I,GIAMBATTISTA A,et al.Under-standing a Revolutionary and Flawed Grand Experiment in Blockchain:The DAO Attack[J].Social Science Electronic Publishing,2017.
[8]SeeBug[EB/OL].https://paper.seebug.org/.
[9]BUTERIN V.Ethereum:a next-generation smart contract and decentralized application platform[EB/OL].https://bitcoinmagazine.com/articles/ethereum-next-generation-cryptocurrency-decentralized-application-platform-1390528211/.
[10]NI Y D,ZHANG C,YIN T T.A Review of Research on Smart Contract Security Vulnerabilities[J].Journal of Information Security,2020,5(3):78-99.
[11]ATZEI N,BARTOLETTI M,CIMOLI T.A Survey of Attacks on Ethereum Smart Contracts (SoK)[C]//International Confe-rence on Principles of Security and Trust.2017:164-186.
[12]SUN J,HUANG S,ZHENG C,et al.Mutation testing for integer overflow in ethereum smart contracts[J].Tsinghua Science and Technology,2022,27(1):27-40.
[13]HESSENAUER S.Batch Overflow bug on Ethereum ERC20 token contracts and SafeMath[EB/OL].https://blog.matryx.ai/batch-overflow-bug-on-ethereum-erc20-token-contracts-and-safe-math-f9ebcc137434.
[14]ARIAS L,SPAGNUOLO F,GIORDANO F,et al.OpenZeppelin [EB/OL].https://github.com/OpenZeppelin/openzeppelin-Solidity.
[15]KotET-Post-MortemInvestigation[EB/OL].https://www.kingoftheether.com/postmortem.html.
[16]YE Z B,YAN B.Summary of symbolic execution research[J].Computer Science,2018,45(s1):28-35.
[17]LOI L,DUC-HIEP C,HRISHI O,et al.Making Smart Con-tracts Smarter[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS ’16).New York,NY,USA:Association for Computing Machi-nery,2016:254-269.
[18]MOURA L D,LOPES N,WINTERSTEIGER C M.Z3Prover/z3:The Z3 Theorem Prover[EB/OL].https://github.com/Z3Prover/z3.
[19]ZOU Q C,WU R P,MA J X,et al.Research progress of constraint solving problems in symbolic execution[J].Journal of Beijing University of Technology,2019,39(9):957-966.
[20]TORRES C F,SCHÜTTE J,STATE R.Osiris:Hunting for Integer Bugs in Ethereum Smart Contracts[C]//Proceedings of the 34th Annual Computer Security Applications Conference (ACSAC’18).New York,NY,USA:Association for Computing Machinery,2018:664-676.
[21]TIKHOMIROV S,VOSKRESENSKAYA E,IVANITSKIY I,et al.SmartCheck:Static Analysis of Ethereum Smart Contracts[C]// 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).2018:9-16.
[22]KRUPP J,ROSSOW C.TEETHER:gnawing at ethereum to automatically exploit smart contracts[C]//Proceedings of the 27th USENIX Conference on Security Symposium (SEC’18).USA:USENIX Association,2018:1317-1333.
[23]TORRES C F,STEICHEN M,STATE R.The art of the scam:demystifying honeypots in ethereum smart contracts[C]//Proceedings of the 28th USENIX Conference on Security Sympo-sium (SEC ’19).USA:USENIX Association,2019:1591-1607.
[24]NIKOLIC I,KOLLURI A,SERGEY I,et al.Finding TheGreedy,Prodigal,and Suicidal Contracts at Scale[C]//Procee-dings of the 34th Annual Computer Security Applications Conference.2018:653-663.
[25]MOSSBERG M,MANZANO F,HENNENFENT E,et al.Manticore:A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts[C]//2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE).2019:1186-1189.
[26]BRENT L,JURISEVIC A,KONG M,et al.Vandal:A Scalable Security Analysis Framework for Smart Contracts[EB/OL].https://arxiv.org/abs/1809.03981.
[27]ZHANG X,LI Z J.Review of fuzzy testing technology[J].Computer Science,2016(5):1-8.
[28]GODEFROID P,LEVIN M,MOLNAR D,et al.Automatedwhitebox fuzz testing[C]//Proceedings of the Network and Distributed System Security Symposium,San Diego.https://patricegodefroid.github.io/public_psfiles/ndss2008.pdf.
[29]MASI M.ContractFuzzer:fuzzing smart contracts for vulnerability detection[J].Computing Reviews,2019,60(12):467-468.
[30]NGUYEN T D,PHAM L H,SUN J.SFuzz:an efficient adaptive fuzzer for solidity smart contracts[C]//Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (ICSE ’20).New York,NY,USA:Association for Computing Machinery,2020:778-788.
[31]TORRES C F ,LANNILLO A K,GERVAIS A,et al.ConFuz-zius:A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts[C]//6th IEEE European Symposium on Security and Privacy.https://akiannillo.github.io/misc/publications/EUROSP2021_Torres.pdf.
[32]WÜSTHOLZ V,CHRISTAKIS M.Harvey:A Greybox Fuzzer for Smart Contracts[C]//Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020).New York,NY,USA:Association for Computing Machinery,2020:1398-1409.
[33]TSANKOV P,DAN A,DRACHSLER-COHEN D,et al.Securify:Practical Security Analysis of Smart Contracts[C]//Procee-dings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS ’18).New York,NY,USA:Association for Computing Machinery,2018:67-82.
[34]VaaS[EB/OL].https://www.lianantech.com/.
[35]IDELBERGER F,GOVERNATORI G,RIVERET R,et al.Evaluation of Logic-Based Smart Contracts for BlockchainSystems[C]//International Symposium on Rules and Rule Markup Languages for the Semantic Web.2016:167-183.
[36]PERMENEV A,DIMITROV D,TSANKOV P,et al.VerX:Safety Verification of Smart Contracts[C]//2020 IEEE Symposium on Security and Privacy (SP).2020:1661-1677.
[37]ZHU J,HU K,ZHANG B J.A review of formal verification methods for smart contracts[J].Acta Electronica Sinica,2021,49(4):792-804.
[38]XU W,GLENN A F.Building Executable Secure Design Modelsfor Smart Contracts with Formal Methods[EB/OL].(2019-12-09)[2021-06-20].https://arxiv.org/abs/1912.04051.
[39]WANG J,ZHAN N J,FENG X Y,et al.Overview of formalmethods[J].Journal of Software,2019,30(1):33-61.
[40]GAO J,LIU H,LIU C,et al.EASYFLOW:Keep EthereumAway from Overflow[C]//2019 IEEE/ACM 41st International Conference on Software Engineering.2019:23-26.
[41]Mythril:Security analysis tool for Ethereum smart contracts[EB/OL].[2021-06-20].https://pypi.org/project/mythril/.
[42]BREIDENBACH L,DAIAN P,TRAM F,et al.Enter the hy-dra:towards principled bug bounties and exploit-resistant smart contracts[C]//Proceedings of the 27th USENIX Security Symposium.2018:1335-1352.
[43]ZHAO J S,SONG M X,GAO X.Overview of the development and application of natural language processing[J].Information Technology and Informatization,2019(7):142-145.
[44]WANG W,SONG J,XU G,et al.ContractWard:AutomatedVulnerability Detection Models for Ethereum Smart Contracts[J].IEEE Transactions on Network Science and Engineering,2021,8(2):1133-1144.
[45]LIAO J,TSAI T,HE C,et al.SoliAudit:Smart Contract Vul-nerability Assessment Based on Machine Learning and Fuzz Testing[C]//2019 Sixth International Conference on Internet of Things:Systems,Management and Security (IOTSMS).2019:458-465.
[46]LUTZ O,CHEN H,FEREIDOONI H,et al.ESCORT:Ethe-reum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning[EB/OL].[2021-06-20].https://arxiv.org/abs/2103.12607.
[47]QIAN P,LIU Z,HE Q,et al.Towards Automated Reentrancy Detection for Smart Contracts Based on Sequential Models[J].IEEE Access,2020,8:19685-19695.
[48]WANG R,YE K J,XU C Z.A smart contract vulnerability detection method based on deep learning:China Patent,2019112576541[P].2020-05-15.
[49]MOMENI P,WANG Y,SAMAVI R.Machine Learning Model for Smart Contracts Security Analysis[C]//2019 17th International Conference on Privacy,Security and Trust (PST).2019:1-6.
[50]GAO Z,JAYASUNDARA V,JIANG L,et al.SmartEmbed:A Tool for Clone and Bug Detection in Smart Contracts through Structural Code Embedding[C]//2019 IEEE International Conference on Software Maintenance and Evolution (ICSME).2019:394-397.
[51]WENG J,CHEN X K,LI M,et al.An intelligent contract secu-rity vulnerability detection method based on machine learning:China Patent,2019109045392[P].2020-01-31.
[52]ASHIZAWA N,YANAI N,CRUZ J P,et al.Eth2Vec:Learning Contract-Wide Code Representations for Vulnerability Detection on Ethereum Smart Contracts[C]//Proceedings of the 3rd ACM International Symposium on Blockchain and Secure Critical Infrastructure (BSCI ’21).New York,NY,USA:Association for Computing Machinery,2021:47-59.
[53]ZHOU Y J.A method,device and storage medium for fuzz testing of smart contracts:CN Patent,112131115[P].2020-09-23.
[54]GOGINENI A K,SWAYAMJYOTI S,SAHOO D,et al.Multi-Class classification of vulnerabilities in Smart Contracts using AWD-LSTM,with pre-trained encoder inspired from natural language processing[EB/OL].(2020-03-21)[2021-06-20].https://arxiv.org/abs/2004.00362v1.
[55]ZOU Y,BAN B,XUE Y,et al.CCGraph:a PDG-based codeclone detector with approximate graph matching[C]//2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE).2020:931-942.
[56]MC A,YUAN J,CG A,et al.Learning features from enhanced function call graphs for Android malware detection[J].Neurocomputing,2021,423:301-307.
[57]ZHUANG Y,LIU Z,QIAN P,et al.Smart Contract Vulnerabi-lity Detection using Graph Neural Network[C]//Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence.2020:3283-3290.
[58]HAN Z G,YUAN L,GENG J H,et al.Smart contract vulnerability detection methods,devices and electronic equipment:China Patent,2018101589863[P].2020-07-17.
[59]WU Z,PAN S,CHEN F,et al.A comprehensive survey ongraph neural networks[J].IEEE Transactions on Neural Networks and Learning Systems,2020,32(1):4-24.
[60]CAO S C,SUN X B,BO L B,et al.BGNN4VD:Constructing Bidirectional Graph Neural-Network for Vulnerability Detection[J].Information and Software Technology,2021,136:106576.
[61]HUANG H D,KAO H Y.R2-D2:ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections[C]//2018 IEEE International Conference on Big Data (Big Data).2018:2633-2642.
[62]HUANG H D.Hunting the Ethereum Smart Contract:Color-inspired Inspection of Potential Attacks[J].arXiv:1807.01868,2018.
[63]YU Z,CAO R,TANG Q,et al.Order Matters:Semantic-Aware Neural Networks for Binary Code Similarity Detection[C]//Proceedings of the AAAI Conference on Artificial Intelligence.2020:1145-1152.
[64]XU X,CHANG L,QIAN F,et al.Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS’17).2017:363-376.
[65]HUANG B T,DING J,QIAN P,et al.An interpretable method for smart contract vulnerability detection based on codec:China Patent,2020108267923[P].2020-12-04.
[66]LIU Z,QIAN P,WANG X,et al.Smart Contract Vulnerability Detection:From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion[C]//Proceedings of the Thirtieth International Joint Conference on Artificial Intelligence.2021:2751-2759.
[67]ZHANG P,XIAO F,LUO X.A Framework and DataSet forBugs in Ethereum Smart Contracts[C]//2020 IEEE International Conference on Software Maintenance and Evolution (ICSME).2020:139-150.
[68]IEEE Computer Society.IEEE Standard Classification for Software Anomalies[S].IEEE Std 1044-2009 (Revision of IEEE Std 1044-1993),2010.
[69]CHEN J,XIA X,LO D,et al.Defining Smart Contract Defects on Ethereum[J].arXiv:1905.01467,2019.
[1] 冷典典, 杜鹏, 陈建廷, 向阳.
面向自动化集装箱码头的AGV行驶时间估计
Automated Container Terminal Oriented Travel Time Estimation of AGV
计算机科学, 2022, 49(9): 208-214. https://doi.org/10.11896/jsjkx.210700028
[2] 宁晗阳, 马苗, 杨波, 刘士昌.
密码学智能化研究进展与分析
Research Progress and Analysis on Intelligent Cryptology
计算机科学, 2022, 49(9): 288-296. https://doi.org/10.11896/jsjkx.220300053
[3] 王子凯, 朱健, 张伯钧, 胡凯.
区块链与智能合约并行方法研究与实现
Research and Implementation of Parallel Method in Blockchain and Smart Contract
计算机科学, 2022, 49(9): 312-317. https://doi.org/10.11896/jsjkx.210800102
[4] 李瑶, 李涛, 李埼钒, 梁家瑞, Ibegbu Nnamdi JULIAN, 陈俊杰, 郭浩.
基于多尺度的稀疏脑功能超网络构建及多特征融合分类研究
Construction and Multi-feature Fusion Classification Research Based on Multi-scale Sparse Brain Functional Hyper-network
计算机科学, 2022, 49(8): 257-266. https://doi.org/10.11896/jsjkx.210600094
[5] 黄松, 杜金虎, 王兴亚, 孙金磊.
以太坊智能合约模糊测试技术研究综述
Survey of Ethereum Smart Contract Fuzzing Technology Research
计算机科学, 2022, 49(8): 294-305. https://doi.org/10.11896/jsjkx.220500069
[6] 张光华, 高天娇, 陈振国, 于乃文.
基于N-Gram静态分析技术的恶意软件分类研究
Study on Malware Classification Based on N-Gram Static Analysis Technology
计算机科学, 2022, 49(8): 336-343. https://doi.org/10.11896/jsjkx.210900203
[7] 何强, 尹震宇, 黄敏, 王兴伟, 王源田, 崔硕, 赵勇.
基于大数据的进化网络影响力分析研究综述
Survey of Influence Analysis of Evolutionary Network Based on Big Data
计算机科学, 2022, 49(8): 1-11. https://doi.org/10.11896/jsjkx.210700240
[8] 陈明鑫, 张钧波, 李天瑞.
联邦学习攻防研究综述
Survey on Attacks and Defenses in Federated Learning
计算机科学, 2022, 49(7): 310-323. https://doi.org/10.11896/jsjkx.211000079
[9] 李亚茹, 张宇来, 王佳晨.
面向超参数估计的贝叶斯优化方法综述
Survey on Bayesian Optimization Methods for Hyper-parameter Tuning
计算机科学, 2022, 49(6A): 86-92. https://doi.org/10.11896/jsjkx.210300208
[10] 赵璐, 袁立明, 郝琨.
多示例学习算法综述
Review of Multi-instance Learning Algorithms
计算机科学, 2022, 49(6A): 93-99. https://doi.org/10.11896/jsjkx.210500047
[11] 肖治鸿, 韩晔彤, 邹永攀.
基于多源数据和逻辑推理的行为识别技术研究
Study on Activity Recognition Based on Multi-source Data and Logical Reasoning
计算机科学, 2022, 49(6A): 397-406. https://doi.org/10.11896/jsjkx.210300270
[12] 傅丽玉, 陆歌皓, 吴义明, 罗娅玲.
区块链技术的研究及其发展综述
Overview of Research and Development of Blockchain Technology
计算机科学, 2022, 49(6A): 447-461. https://doi.org/10.11896/jsjkx.210600214
[13] 高健博, 张家硕, 李青山, 陈钟.
RegLang:一种面向监管的智能合约编程语言
RegLang:A Smart Contract Programming Language for Regulation
计算机科学, 2022, 49(6A): 462-468. https://doi.org/10.11896/jsjkx.210700016
[14] 卫宏儒, 李思月, 郭涌浩.
基于智能合约的秘密重建协议
Secret Reconstruction Protocol Based on Smart Contract
计算机科学, 2022, 49(6A): 469-473. https://doi.org/10.11896/jsjkx.210700033
[15] 蒋成满, 华保健, 樊淇梁, 朱洪军, 徐波, 潘志中.
Python虚拟机本地代码的安全性实证研究
Empirical Security Study of Native Code in Python Virtual Machines
计算机科学, 2022, 49(6A): 474-479. https://doi.org/10.11896/jsjkx.210600200
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!