Computer Science ›› 2022, Vol. 49 ›› Issue (3): 52-61.doi: 10.11896/jsjkx.210700004
• Novel Distributed Computing Technology and System • Previous Articles Next Articles
ZHANG Ying-li, MA Jia-li, LIU Zi-ang, LIU Xin, ZHOU Rui
CLC Number:
[1]WEI A,HUANG Z Y,ZHOU M A.Research on Smart Contract Security and Implementation Specifications[J].Information Security and Technology,2020,11(3):44-49. [2]YUAN Y,WANG F Y.Current status and prospects of blockchain technology development[J].Acta Automatica Sinica,2016,42(4):481-494. [3]YIN M,MALKHI D,REITER M K,et al.HotStuff:BFT Consensus in the Lens of Blockchain[J].arXiv:1803.05069,2019. [4]KIAYIAS A,MILLER A,ZINDROS D.Non-interactive proofs of proof-of-work[C]//International Conference on Financial Cryptography and Data Security.Cham:Springer,2020:505-522. [5]BUTERIN V.A next-generation smart contract and decentra-lized application platform[EB/OL].https://the -blockchain.com/docs/Ethereum_white_paper-a_next_generation_smart_contract_and_decentralized_application_platform-vitalik-buterin.pdf. [6]FU M L,WU L F,HONG Z,et al.Research on mining techno-logy of smart contract security vulnerabilities[J].Journal of Computer Applications,2019,39(7):1959-1966. [7]SHIER C,MEHAR M I,GIAMBATTISTA A,et al.Under-standing a Revolutionary and Flawed Grand Experiment in Blockchain:The DAO Attack[J].Social Science Electronic Publishing,2017. [8]SeeBug[EB/OL].https://paper.seebug.org/. [9]BUTERIN V.Ethereum:a next-generation smart contract and decentralized application platform[EB/OL].https://bitcoinmagazine.com/articles/ethereum-next-generation-cryptocurrency-decentralized-application-platform-1390528211/. [10]NI Y D,ZHANG C,YIN T T.A Review of Research on Smart Contract Security Vulnerabilities[J].Journal of Information Security,2020,5(3):78-99. [11]ATZEI N,BARTOLETTI M,CIMOLI T.A Survey of Attacks on Ethereum Smart Contracts (SoK)[C]//International Confe-rence on Principles of Security and Trust.2017:164-186. [12]SUN J,HUANG S,ZHENG C,et al.Mutation testing for integer overflow in ethereum smart contracts[J].Tsinghua Science and Technology,2022,27(1):27-40. [13]HESSENAUER S.Batch Overflow bug on Ethereum ERC20 token contracts and SafeMath[EB/OL].https://blog.matryx.ai/batch-overflow-bug-on-ethereum-erc20-token-contracts-and-safe-math-f9ebcc137434. [14]ARIAS L,SPAGNUOLO F,GIORDANO F,et al.OpenZeppelin [EB/OL].https://github.com/OpenZeppelin/openzeppelin-Solidity. [15]KotET-Post-MortemInvestigation[EB/OL].https://www.kingoftheether.com/postmortem.html. [16]YE Z B,YAN B.Summary of symbolic execution research[J].Computer Science,2018,45(s1):28-35. [17]LOI L,DUC-HIEP C,HRISHI O,et al.Making Smart Con-tracts Smarter[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS ’16).New York,NY,USA:Association for Computing Machi-nery,2016:254-269. [18]MOURA L D,LOPES N,WINTERSTEIGER C M.Z3Prover/z3:The Z3 Theorem Prover[EB/OL].https://github.com/Z3Prover/z3. [19]ZOU Q C,WU R P,MA J X,et al.Research progress of constraint solving problems in symbolic execution[J].Journal of Beijing University of Technology,2019,39(9):957-966. [20]TORRES C F,SCHÜTTE J,STATE R.Osiris:Hunting for Integer Bugs in Ethereum Smart Contracts[C]//Proceedings of the 34th Annual Computer Security Applications Conference (ACSAC’18).New York,NY,USA:Association for Computing Machinery,2018:664-676. [21]TIKHOMIROV S,VOSKRESENSKAYA E,IVANITSKIY I,et al.SmartCheck:Static Analysis of Ethereum Smart Contracts[C]// 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).2018:9-16. [22]KRUPP J,ROSSOW C.TEETHER:gnawing at ethereum to automatically exploit smart contracts[C]//Proceedings of the 27th USENIX Conference on Security Symposium (SEC’18).USA:USENIX Association,2018:1317-1333. [23]TORRES C F,STEICHEN M,STATE R.The art of the scam:demystifying honeypots in ethereum smart contracts[C]//Proceedings of the 28th USENIX Conference on Security Sympo-sium (SEC ’19).USA:USENIX Association,2019:1591-1607. [24]NIKOLIC I,KOLLURI A,SERGEY I,et al.Finding TheGreedy,Prodigal,and Suicidal Contracts at Scale[C]//Procee-dings of the 34th Annual Computer Security Applications Conference.2018:653-663. [25]MOSSBERG M,MANZANO F,HENNENFENT E,et al.Manticore:A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts[C]//2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE).2019:1186-1189. [26]BRENT L,JURISEVIC A,KONG M,et al.Vandal:A Scalable Security Analysis Framework for Smart Contracts[EB/OL].https://arxiv.org/abs/1809.03981. [27]ZHANG X,LI Z J.Review of fuzzy testing technology[J].Computer Science,2016(5):1-8. [28]GODEFROID P,LEVIN M,MOLNAR D,et al.Automatedwhitebox fuzz testing[C]//Proceedings of the Network and Distributed System Security Symposium,San Diego.https://patricegodefroid.github.io/public_psfiles/ndss2008.pdf. [29]MASI M.ContractFuzzer:fuzzing smart contracts for vulnerability detection[J].Computing Reviews,2019,60(12):467-468. [30]NGUYEN T D,PHAM L H,SUN J.SFuzz:an efficient adaptive fuzzer for solidity smart contracts[C]//Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (ICSE ’20).New York,NY,USA:Association for Computing Machinery,2020:778-788. [31]TORRES C F ,LANNILLO A K,GERVAIS A,et al.ConFuz-zius:A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts[C]//6th IEEE European Symposium on Security and Privacy.https://akiannillo.github.io/misc/publications/EUROSP2021_Torres.pdf. [32]WÜSTHOLZ V,CHRISTAKIS M.Harvey:A Greybox Fuzzer for Smart Contracts[C]//Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020).New York,NY,USA:Association for Computing Machinery,2020:1398-1409. [33]TSANKOV P,DAN A,DRACHSLER-COHEN D,et al.Securify:Practical Security Analysis of Smart Contracts[C]//Procee-dings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS ’18).New York,NY,USA:Association for Computing Machinery,2018:67-82. [34]VaaS[EB/OL].https://www.lianantech.com/. [35]IDELBERGER F,GOVERNATORI G,RIVERET R,et al.Evaluation of Logic-Based Smart Contracts for BlockchainSystems[C]//International Symposium on Rules and Rule Markup Languages for the Semantic Web.2016:167-183. [36]PERMENEV A,DIMITROV D,TSANKOV P,et al.VerX:Safety Verification of Smart Contracts[C]//2020 IEEE Symposium on Security and Privacy (SP).2020:1661-1677. [37]ZHU J,HU K,ZHANG B J.A review of formal verification methods for smart contracts[J].Acta Electronica Sinica,2021,49(4):792-804. [38]XU W,GLENN A F.Building Executable Secure Design Modelsfor Smart Contracts with Formal Methods[EB/OL].(2019-12-09)[2021-06-20].https://arxiv.org/abs/1912.04051. [39]WANG J,ZHAN N J,FENG X Y,et al.Overview of formalmethods[J].Journal of Software,2019,30(1):33-61. [40]GAO J,LIU H,LIU C,et al.EASYFLOW:Keep EthereumAway from Overflow[C]//2019 IEEE/ACM 41st International Conference on Software Engineering.2019:23-26. [41]Mythril:Security analysis tool for Ethereum smart contracts[EB/OL].[2021-06-20].https://pypi.org/project/mythril/. [42]BREIDENBACH L,DAIAN P,TRAM F,et al.Enter the hy-dra:towards principled bug bounties and exploit-resistant smart contracts[C]//Proceedings of the 27th USENIX Security Symposium.2018:1335-1352. [43]ZHAO J S,SONG M X,GAO X.Overview of the development and application of natural language processing[J].Information Technology and Informatization,2019(7):142-145. [44]WANG W,SONG J,XU G,et al.ContractWard:AutomatedVulnerability Detection Models for Ethereum Smart Contracts[J].IEEE Transactions on Network Science and Engineering,2021,8(2):1133-1144. [45]LIAO J,TSAI T,HE C,et al.SoliAudit:Smart Contract Vul-nerability Assessment Based on Machine Learning and Fuzz Testing[C]//2019 Sixth International Conference on Internet of Things:Systems,Management and Security (IOTSMS).2019:458-465. [46]LUTZ O,CHEN H,FEREIDOONI H,et al.ESCORT:Ethe-reum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning[EB/OL].[2021-06-20].https://arxiv.org/abs/2103.12607. [47]QIAN P,LIU Z,HE Q,et al.Towards Automated Reentrancy Detection for Smart Contracts Based on Sequential Models[J].IEEE Access,2020,8:19685-19695. [48]WANG R,YE K J,XU C Z.A smart contract vulnerability detection method based on deep learning:China Patent,2019112576541[P].2020-05-15. [49]MOMENI P,WANG Y,SAMAVI R.Machine Learning Model for Smart Contracts Security Analysis[C]//2019 17th International Conference on Privacy,Security and Trust (PST).2019:1-6. [50]GAO Z,JAYASUNDARA V,JIANG L,et al.SmartEmbed:A Tool for Clone and Bug Detection in Smart Contracts through Structural Code Embedding[C]//2019 IEEE International Conference on Software Maintenance and Evolution (ICSME).2019:394-397. [51]WENG J,CHEN X K,LI M,et al.An intelligent contract secu-rity vulnerability detection method based on machine learning:China Patent,2019109045392[P].2020-01-31. [52]ASHIZAWA N,YANAI N,CRUZ J P,et al.Eth2Vec:Learning Contract-Wide Code Representations for Vulnerability Detection on Ethereum Smart Contracts[C]//Proceedings of the 3rd ACM International Symposium on Blockchain and Secure Critical Infrastructure (BSCI ’21).New York,NY,USA:Association for Computing Machinery,2021:47-59. [53]ZHOU Y J.A method,device and storage medium for fuzz testing of smart contracts:CN Patent,112131115[P].2020-09-23. [54]GOGINENI A K,SWAYAMJYOTI S,SAHOO D,et al.Multi-Class classification of vulnerabilities in Smart Contracts using AWD-LSTM,with pre-trained encoder inspired from natural language processing[EB/OL].(2020-03-21)[2021-06-20].https://arxiv.org/abs/2004.00362v1. [55]ZOU Y,BAN B,XUE Y,et al.CCGraph:a PDG-based codeclone detector with approximate graph matching[C]//2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE).2020:931-942. [56]MC A,YUAN J,CG A,et al.Learning features from enhanced function call graphs for Android malware detection[J].Neurocomputing,2021,423:301-307. [57]ZHUANG Y,LIU Z,QIAN P,et al.Smart Contract Vulnerabi-lity Detection using Graph Neural Network[C]//Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence.2020:3283-3290. [58]HAN Z G,YUAN L,GENG J H,et al.Smart contract vulnerability detection methods,devices and electronic equipment:China Patent,2018101589863[P].2020-07-17. [59]WU Z,PAN S,CHEN F,et al.A comprehensive survey ongraph neural networks[J].IEEE Transactions on Neural Networks and Learning Systems,2020,32(1):4-24. [60]CAO S C,SUN X B,BO L B,et al.BGNN4VD:Constructing Bidirectional Graph Neural-Network for Vulnerability Detection[J].Information and Software Technology,2021,136:106576. [61]HUANG H D,KAO H Y.R2-D2:ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections[C]//2018 IEEE International Conference on Big Data (Big Data).2018:2633-2642. [62]HUANG H D.Hunting the Ethereum Smart Contract:Color-inspired Inspection of Potential Attacks[J].arXiv:1807.01868,2018. [63]YU Z,CAO R,TANG Q,et al.Order Matters:Semantic-Aware Neural Networks for Binary Code Similarity Detection[C]//Proceedings of the AAAI Conference on Artificial Intelligence.2020:1145-1152. [64]XU X,CHANG L,QIAN F,et al.Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS’17).2017:363-376. [65]HUANG B T,DING J,QIAN P,et al.An interpretable method for smart contract vulnerability detection based on codec:China Patent,2020108267923[P].2020-12-04. [66]LIU Z,QIAN P,WANG X,et al.Smart Contract Vulnerability Detection:From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion[C]//Proceedings of the Thirtieth International Joint Conference on Artificial Intelligence.2021:2751-2759. [67]ZHANG P,XIAO F,LUO X.A Framework and DataSet forBugs in Ethereum Smart Contracts[C]//2020 IEEE International Conference on Software Maintenance and Evolution (ICSME).2020:139-150. [68]IEEE Computer Society.IEEE Standard Classification for Software Anomalies[S].IEEE Std 1044-2009 (Revision of IEEE Std 1044-1993),2010. [69]CHEN J,XIA X,LO D,et al.Defining Smart Contract Defects on Ethereum[J].arXiv:1905.01467,2019. |
[1] | LENG Dian-dian, DU Peng, CHEN Jian-ting, XIANG Yang. Automated Container Terminal Oriented Travel Time Estimation of AGV [J]. Computer Science, 2022, 49(9): 208-214. |
[2] | NING Han-yang, MA Miao, YANG Bo, LIU Shi-chang. Research Progress and Analysis on Intelligent Cryptology [J]. Computer Science, 2022, 49(9): 288-296. |
[3] | WANG Zi-kai, ZHU Jian, ZHANG Bo-jun, HU Kai. Research and Implementation of Parallel Method in Blockchain and Smart Contract [J]. Computer Science, 2022, 49(9): 312-317. |
[4] | HE Qiang, YIN Zhen-yu, HUANG Min, WANG Xing-wei, WANG Yuan-tian, CUI Shuo, ZHAO Yong. Survey of Influence Analysis of Evolutionary Network Based on Big Data [J]. Computer Science, 2022, 49(8): 1-11. |
[5] | LI Yao, LI Tao, LI Qi-fan, LIANG Jia-rui, Ibegbu Nnamdi JULIAN, CHEN Jun-jie, GUO Hao. Construction and Multi-feature Fusion Classification Research Based on Multi-scale Sparse Brain Functional Hyper-network [J]. Computer Science, 2022, 49(8): 257-266. |
[6] | ZHANG Guang-hua, GAO Tian-jiao, CHEN Zhen-guo, YU Nai-wen. Study on Malware Classification Based on N-Gram Static Analysis Technology [J]. Computer Science, 2022, 49(8): 336-343. |
[7] | CHEN Ming-xin, ZHANG Jun-bo, LI Tian-rui. Survey on Attacks and Defenses in Federated Learning [J]. Computer Science, 2022, 49(7): 310-323. |
[8] | XIAO Zhi-hong, HAN Ye-tong, ZOU Yong-pan. Study on Activity Recognition Based on Multi-source Data and Logical Reasoning [J]. Computer Science, 2022, 49(6A): 397-406. |
[9] | FU Li-yu, LU Ge-hao, WU Yi-ming, LUO Ya-ling. Overview of Research and Development of Blockchain Technology [J]. Computer Science, 2022, 49(6A): 447-461. |
[10] | GAO Jian-bo, ZHANG Jia-shuo, LI Qing-shan, CHEN Zhong. RegLang:A Smart Contract Programming Language for Regulation [J]. Computer Science, 2022, 49(6A): 462-468. |
[11] | YAO Ye, ZHU Yi-an, QIAN Liang, JIA Yao, ZHANG Li-xiang, LIU Rui-liang. Android Malware Detection Method Based on Heterogeneous Model Fusion [J]. Computer Science, 2022, 49(6A): 508-515. |
[12] | MAO Dian-hui, HUANG Hui-yu, ZHAO Shuang. Study on Automatic Synthetic News Detection Method Complying with Regulatory Compliance [J]. Computer Science, 2022, 49(6A): 523-530. |
[13] | ZHOU Hang, JIANG He, ZHAO Yan, XIE Xiang-peng. Study on Optimal Scheduling of Power Blockchain System for Consensus Transaction ofEach Unit [J]. Computer Science, 2022, 49(6A): 771-776. |
[14] | WANG Fei, HUANG Tao, YANG Ye. Study on Machine Learning Algorithms for Life Prediction of IGBT Devices Based on Stacking Multi-model Fusion [J]. Computer Science, 2022, 49(6A): 784-789. |
[15] | LI Ya-ru, ZHANG Yu-lai, WANG Jia-chen. Survey on Bayesian Optimization Methods for Hyper-parameter Tuning [J]. Computer Science, 2022, 49(6A): 86-92. |
|