计算机科学 ›› 2023, Vol. 50 ›› Issue (10): 336-342.doi: 10.11896/jsjkx.220900183
陈瑞翔1, 焦健1, 王若华2
CHEN Ruixiang1, JIAO Jian1, WANG Ruohua2
摘要: 随着区块链的不断发展,基于以太坊的智能合约越发受到各界的广泛关注,但随之而来的是其面临着更多的安全威胁。针对以太坊智能合约的安全问题,出现了各种漏洞检测方法,如符号执行、形式化验证、深度学习等,但现有的检测方法能检测到的漏洞类型大多不全面,缺乏可解释性。针对这些问题,设计并实现了针对Solidity高级语言层面的基于本体推理的智能合约漏洞检测系统。该系统先把智能合约源码解析为抽象语法树,再进行合约信息抽取,利用抽取到的数据信息构建智能合约漏洞检测本体,并使用推理机进行本体推理。实验选取了其他检测工具与本系统进行对比,并使用这几种工具对100份智能合约样本进行检测。实验结果表明,所提系统的检测效果良好,能检测多种类型的智能合约漏洞,并能给出其漏洞的相关信息。
中图分类号:
[1]WU H,ZHANG Z,WANG S,et al.Peculiar:Smart contractvulnerability detection based on crucial data flow graph and pre-training techniques[C]//2021 IEEE 32nd International Sympo-sium on Software Reliability Engineering(ISSRE).IEEE,2021:378-389. [2]LIU Z,QIAN P,WANG X,et al.Smart contract vulnerability detection:from pure neural network to interpretable graph feature and expert pattern fusion[J].arXiv:2106.09282,2021. [3]ZHOU E,HUA S,PI B,et al.Security assurance for smart contract[C]//2018 9th IFIP International Conference on New Technologies,Mobility and Security(NTMS).IEEE,2018:1-5. [4]WANG B,CHU H,ZHANG P,et al.Smart Contract Vulnerability Detection Using Code Representation Fusion[C]//2021 28th Asia-Pacific Software Engineering Conference(APSEC).IEEE,2021:564-565. [5]FEIST J,GRIECO G,GROCE A.Slither:a static analysisframework for smart contracts[C]//2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain(WETSEB).IEEE,2019:8-15. [6]BEOSIN-VAAS.Smart Contract Formal Verification Platform[EB/OL].[2022-06-17].https://vaas.beosin.com/#/home. [7]NI Y D,ZHANG C,YIN T T.A Review of Smart Contract Security Vulnerability Research[J].Journal of Cyber Security,2020,5(3):78-99. [8]FU M L,WU L F,HONG Z,et al.Research on vulnerability mining technique for smart contracts[J].Journal of Computer Applications,2019,39(7):1959-1966. [9]NIKOLIĆ I,KOLLURI A,SERGEY I,et al.Finding the gree-dy,prodigal,and suicidal contracts at scale[C]//Proceedings of the 34th Annual Computer Security Applications Conference.2018:653-663. [10]LUU L,CHU D H,OLICKEL H,et al.Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC Confe-rence on Computer and Communications Security.2016:254-269. [11]GRISHCHENKO I,MAFFEI M,SCHNEIDEWIND C.A se-mantic framework for the security analysis of ethereum smart contracts[C]//International Conference on Principles of Security and Trust.Cham:Springer,2018:243-269. [12]KALRA S,GOEL S,DHAWAN M,et al.Zeus:analyzing safety of smart contracts[C]//NDSS.2018:1-12. [13]QIAN P,LIU Z,HE Q,et al.Towards automated reentrancy detection for smart contracts based on sequential models[J].IEEE Access,2020,8:19685-19695. [14]ZHUANG Y,LIU Z,QIAN P,et al.Smart Contract Vulnerabi-lity Detection using Graph Neural Network[C]//IJCAI.2020:3283-3290. [15]AST Explorer online tools [EB/OL].[2022-06-23].https://astexplorer.net/. [16]Protégé official website [EB/OL].[2022-07-21].https://protege.stanford.edu/products.php. [17]Protégé cellfie-plugin [EB/OL].[2022-07-21].https://github.com/protegeproject/cellfie-plugin. [18]NIKOLIĆ I,KOLLURI A,SERGEY I,et al.Finding the gree-dy,prodigal,and suicidal contracts at scale[C]//Proceedings of the 34th Annual Computer Security Applications Conference.2018:653-663. [19]Beauty Chain Integer Overflow [EB/OL].[2022-06-27].https://www.36kr.com/p/1722463027201. |
|