Computer Science

Computer Science ›› 2023, Vol. 50 ›› Issue (10): 336-342.doi: 10.11896/jsjkx.220900183

• Information Security • Previous Articles     Next Articles

Smart Contract Vulnerability Detection System Based on Ontology Reasoning

CHEN Ruixiang1, JIAO Jian1, WANG Ruohua2   

  1. 1 College of Computer Science,Beijing Information Science and Technology University,Beijing 100101,China
    2 Liupanshui Company of China Telecom Co.Ltd.,Liupanshui,Guizhou 553001,China
  • Received:2022-09-18 Revised:2023-03-06 Online:2023-10-10 Published:2023-10-10
  • About author:CHEN Ruixiang,born in 1997,postgraduate,is a member of China Computer Federation.His main research interests include network security and blockchain.JIAO Jian,born in 1978,Ph.D,professor,is a member of China Computer Federation.His main research interests include network security and blockchain.
  • Supported by:
    National Natural Science Foundation of China(61872044).

PDF (PC)

1221

Abstract: Withthe development of the blockchain,smart contract based on Ethereum has attracted more and more attention from all walks of life,but it has also faced more security threats.For the security problems of Ethereum smart contracts,various vulnerability detection methods have emerged,such as symbolic execution,formal verification,deep learning and other technologies.However,most of the existing methods have incomplete detection types and lack interpretability.To solve these problems,a smart contract vulnerability detection system based on ontology reasoning for Solidity high-level language level is designed and implemented.The smart contract vulnerability source code is parsed into an abstract syntax tree,and the information is extracted.The extracted information is used to construct the vulnerability detection ontology,and the reasoning engine is used to infer the ontology vulnerability.In the experiment,other detection tools are selected to compare with this system,and these tools are used to detect 100 intelligent combined source samples.The results show that the system has a good detection effect,it can detect va-rious types of smart contract loopholes and can give the information about the cause of the vulnerability.

Key words: Smart contract, Vulnerability detection, Ethereum, Blockchain, Ontology reasoning

CLC Number: 

  • TP309
[1]WU H,ZHANG Z,WANG S,et al.Peculiar:Smart contractvulnerability detection based on crucial data flow graph and pre-training techniques[C]//2021 IEEE 32nd International Sympo-sium on Software Reliability Engineering(ISSRE).IEEE,2021:378-389.
[2]LIU Z,QIAN P,WANG X,et al.Smart contract vulnerability detection:from pure neural network to interpretable graph feature and expert pattern fusion[J].arXiv:2106.09282,2021.
[3]ZHOU E,HUA S,PI B,et al.Security assurance for smart contract[C]//2018 9th IFIP International Conference on New Technologies,Mobility and Security(NTMS).IEEE,2018:1-5.
[4]WANG B,CHU H,ZHANG P,et al.Smart Contract Vulnerability Detection Using Code Representation Fusion[C]//2021 28th Asia-Pacific Software Engineering Conference(APSEC).IEEE,2021:564-565.
[5]FEIST J,GRIECO G,GROCE A.Slither:a static analysisframework for smart contracts[C]//2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain(WETSEB).IEEE,2019:8-15.
[6]BEOSIN-VAAS.Smart Contract Formal Verification Platform[EB/OL].[2022-06-17].https://vaas.beosin.com/#/home.
[7]NI Y D,ZHANG C,YIN T T.A Review of Smart Contract Security Vulnerability Research[J].Journal of Cyber Security,2020,5(3):78-99.
[8]FU M L,WU L F,HONG Z,et al.Research on vulnerability mining technique for smart contracts[J].Journal of Computer Applications,2019,39(7):1959-1966.
[9]NIKOLIĆ I,KOLLURI A,SERGEY I,et al.Finding the gree-dy,prodigal,and suicidal contracts at scale[C]//Proceedings of the 34th Annual Computer Security Applications Conference.2018:653-663.
[10]LUU L,CHU D H,OLICKEL H,et al.Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC Confe-rence on Computer and Communications Security.2016:254-269.
[11]GRISHCHENKO I,MAFFEI M,SCHNEIDEWIND C.A se-mantic framework for the security analysis of ethereum smart contracts[C]//International Conference on Principles of Security and Trust.Cham:Springer,2018:243-269.
[12]KALRA S,GOEL S,DHAWAN M,et al.Zeus:analyzing safety of smart contracts[C]//NDSS.2018:1-12.
[13]QIAN P,LIU Z,HE Q,et al.Towards automated reentrancy detection for smart contracts based on sequential models[J].IEEE Access,2020,8:19685-19695.
[14]ZHUANG Y,LIU Z,QIAN P,et al.Smart Contract Vulnerabi-lity Detection using Graph Neural Network[C]//IJCAI.2020:3283-3290.
[15]AST Explorer online tools [EB/OL].[2022-06-23].https://astexplorer.net/.
[16]Protégé official website [EB/OL].[2022-07-21].https://protege.stanford.edu/products.php.
[17]Protégé cellfie-plugin [EB/OL].[2022-07-21].https://github.com/protegeproject/cellfie-plugin.
[18]NIKOLIĆ I,KOLLURI A,SERGEY I,et al.Finding the gree-dy,prodigal,and suicidal contracts at scale[C]//Proceedings of the 34th Annual Computer Security Applications Conference.2018:653-663.
[19]Beauty Chain Integer Overflow [EB/OL].[2022-06-27].https://www.36kr.com/p/1722463027201.
[1] TONG Fei, SHAO Ranran. Study on Blockchain Based Access Control Model for Cloud Data [J]. Computer Science, 2023, 50(9): 16-25.
[2] ZHAO Mingmin, YANG Qiuhui, HONG Mei, CAI Chuang. Smart Contract Fuzzing Based on Deep Learning and Information Feedback [J]. Computer Science, 2023, 50(9): 117-122.
[3] WANG Junlu, LIU Qiang, ZHANG Ran, JI Wanting, SONG Baoyan. Blockchain-based Dual-branch Structure Expansion Model [J]. Computer Science, 2023, 50(8): 365-371.
[4] HUANG Baohua, PENG Li, ZHAO Weihong, CHEN Ningjiang. Practical Byzantine Consensus Algorithm Based on Verifiable Random Functions [J]. Computer Science, 2023, 50(6A): 220300064-6.
[5] LIN Feilong, YUE Yuedong, ZHENG Jianhui, CHEN Zhongyu, LI Minglu. Blockchain-based Identity Authentication and Authorization Mechanism [J]. Computer Science, 2023, 50(6A): 220700158-9.
[6] PAN Lu, LUO Tao, NIU Xinzheng. Restart and Recovery Algorithm Based on Distributed Cluster Nodes [J]. Computer Science, 2023, 50(6A): 220300205-6.
[7] YANG Jian, WANG Kaixuan. Tripartite Evolutionary Game Analysis of Medical Data Sharing Under Blockchain Architecture [J]. Computer Science, 2023, 50(6A): 221000080-7.
[8] TAN Pengliu, WANG Runshu, ZENG Wenhao, WANG Shikun, ZOU Wenshi. Overview of Blockchain Consensus Algorithms [J]. Computer Science, 2023, 50(6A): 220400200-12.
[9] ZHENG Hong, QIAN Shihui, LIU Zerun, DU Wen. Formal Verification of Supply Chain Contract Based on Coloured Petri Nets [J]. Computer Science, 2023, 50(6A): 220300220-7.
[10] XIAO Jian, YANG Min. Multi-factor Blockchain Private Key Protection Scheme Based on Secret Sharing [J]. Computer Science, 2023, 50(6): 307-312.
[11] LIU Wei, GUO Lingbei, XIA Yujie, SHE Wei, TIAN Zhao. Raft Consensus Algorithm Based on Credit Evaluation Model [J]. Computer Science, 2023, 50(6): 322-329.
[12] ZHANG Shue, TIAN Chengwei, LI Baogang. Review of Identity Authentication Research Based on Blockchain Technology [J]. Computer Science, 2023, 50(5): 329-347.
[13] PEI Cui, FAN Guisheng, YU Huiqun, YUE Yiming. Auction-based Edge Cloud Deadline-aware Task Offloading Strategy [J]. Computer Science, 2023, 50(4): 241-248.
[14] LIU Zerun, ZHENG Hong, QIU Junjie. Smart Contract Vulnerability Detection Based on Abstract Syntax Tree Pruning [J]. Computer Science, 2023, 50(4): 317-322.
[15] HE Jie, CAI Ruijie, YIN Xiaokang, LU Xuanting, LIU Shengli. Detection of Web Command Injection Vulnerability for Cisco IOS-XE [J]. Computer Science, 2023, 50(4): 343-350.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.