Computer Science

Computer Science ›› 2021, Vol. 48 ›› Issue (11): 79-88.doi: 10.11896/jsjkx.210600117

• Blockchain Technology • Previous Articles     Next Articles

Survey of Vulnerability Detection Tools for Smart Contracts

TU Liang-qiong, SUN Xiao-bing, ZHANG Jia-le, CAI Jie, LI Bin, BO Li-li   

  1. School of Information Engineering,Yangzhou University,Yangzhou,Jiangsu 225127,China
  • Received:2021-06-16 Revised:2021-08-12 Online:2021-11-15 Published:2021-11-10
  • About author:TU Liang-qiong,born in 1996,postgra-duate.Her main research interests include smart contract security and so on.
    SUN Xiao-bing,born in 1985,Ph.D,professor,is a senior member of China Computer Federation.His main research interests include software analysis,maintenance and evolution.
  • Supported by:
    National Natural Science Foundation of China(61872312,61972335,62002309),Open Funds of State Key Laboratory for Novel Software Technology of Nanjing University(KFKT2020B15,KFKT2020B16),Yangzhou University Top-level Talents Support Program (2019),Six Talent Peaks Project in Jiangsu Province (RJFW-053),Jiangsu “333” Project,Cross-Disciplinary Project of the Animal Science Special Discipline of Yangzhou University (yzuxk202015) and Natural Science Foundation of the Jiangsu Higher Education Institutions of China (20KJB520024).

PDF (PC)

2947

Abstract: Smart contract is an important component of blockchain platform to realize transactions,which provides an effective solution to the trust problem between multi-party transactions.Smart contracts not only manage high value tokens but also have the characteristics of immutable,which lead to the security threats of smart contracts many times in recent years.At present,a lot of researches have devoted to the security of smart contracts,among which the vulnerability detection of smart contracts has become the main concern.This paper analyzes the security of smart contract systematically.From the perspective of whether to execute the smart contract,vulnerability detection tools are divided into static detection tools and dynamic detection tools.In particular,the vulnerability detection ability of existing detection tools is analyzed,and the principles,advantages and disadvantages of 16 detection technologies are discussed.Finally,the paper gives a prospect of how to improve the security of intelligent contract,and puts forward three research directions which may improve the security of smart contract.

Key words: Blockchain, Smart contract, Vulnerability detection

CLC Number: 

  • TP311
[1]SCHÄR F.Decentralized finance:On blockchain-and smart contract-based financial markets[J].FRB of St.Louis Review,2021,103(2):153-174.
[2]MOOSAVI J,NAENI L M,FATHOLLAHI-FARD A M,et al.Blockchain in supply chain management:a review,bibliometric,and network analysis[C]// Environmental Science and Pollution Research.2021:1-15.
[3]JIANG Y,ZHONG Y,GE X.Smart contract-based data commodity transactions for industrial Internet of Things[J].IEEE Access,2019,7:180856-180866.
[4]LI Q,WANG L.Research on the information sharing in thelinkage between manufacturing and logistics industry based on blockchain[J].Journal of Physics,2021,1774(1):012055.
[5]AL-JOBOURY I M,AL-HEMIARY E H.Automated Decentra-lized IoT Based Blockchain Using Ethereum Smart Contract for Healthcare[C]// Enhanced Telemedicine and e-Health:Advanced IoT Enabled Soft Computing Framework.2021:179-198.
[6]GRIGGS K N,OSSIPOVA O,KOHLIOS C P,et al.Healthcare blockchain system using smart contracts for secure automated remote patient monitoring[J].Journal of Medical Systems,2018,42(7):1-7.
[7]BUTERIN V.Critical update re:Dao vulnerability[OL].(2016-06-17).https://blog.ethereum.org/2016/06/17/critical-update-re-daovulnerability/.
[8]The Multi-sig Hack:A Postmortem.Blockchain Infrastructurefor the Decentralised Web[OL].https://www.parity.io/the-multi-sig-hack-apostmortem/,Jul.2017.
[9]KASHISYN D.A Postmortem on the Parity Multi-Sig Library Self-Destruct[OL].(2017-09-15).https://www.parity.io/a-postmortem-on-the-parity-multi-sig-library-self-destruct.
[10]LAUMEISTER M.BitListen,2019[OL].https://www.bitlisten.com/.
[11]WOOD G.Ethereum:A secure decentralised generalized tran-saction ledger [OL].https://gavwood.com/paper.pdf.
[12]CHEN W L,ZHENG Z B.Blockchain Data Analysis:A Review of Status,Trends and Challenges[J].Journal of Computer Research and Development,2018,55(9):1853-1870.
[13]FENG X,WANG Q,ZHU X,et al.Bug searching in smart contract[J].arXiv:1905.00799,2019.
[14]LIU J,LIU Z.A survey on security verification of blockchainsmart contracts[J].IEEE Access,2019,7:77894-77904.
[15]NI Y D,ZHANG C,YIN T T.A Survey of Smart Contract Vul-nerability Research[J].Journal of Cyber Security,2020,5(3):78-99.
[16] LÓPEZ V A,CASTEDO A T,SANDOVAL O A L,et al.Smart Contracts:A Review of Security Threats Alongside an Analysis of Existing Solutions[J].Entropy,2020,22(2):203.
[17]DEMIR M,ALALFI M,TURETKEN O,et al.Security smells in smart contracts[C]//2019 IEEE 19th International Confe-rence on Software Quality, Reliability and Security Companion(QRS-C).IEEE,2019:442-449.
[18]SZABO N.Formalizing and Securng Relationships on PublicNetworks[J].First Monday,1997,2(9):1-21.
[19]DANNENC.Solidity Programming[M]//Introducing Ethereum and Solidity.Berkeley,CA:Apress,2017:69-88.
[20]Vyper-Vyper documentation[OL].https://vyper.readthe-docs.io/en/latest/.
[21]Idris | A Language with Dependent Types[OL].https://www.idris-lang.org/.
[22]Rust | A Language with Dependent Types[OL]. https://www.rust-lang.org/.
[23]ATZEI N,BARTOLETTI M,CIMOLI T.A survey of attacks on ethereum smart contracts (sok)[C]//International Confe-rence on Principles of Security and Trust.Berlin:Springer,2017:164-186.
[24]DIKA A.Ethereum smart contracts:Security vulnerabilities and security tools[D].Trondheim :Norwegian University of Science and Technology,2017.
[25]CAI J,ZHOU P,HE J,et al.A software vulnerability detection method based on static analysis and dynamic symbolic execution[J].Computer Engineering & Science,2016,38(12):2536-2541.
[26]TIKHOMIROV S,VOSKRESENSKAYA E,IVANITSKIY I,et al.Smartcheck:Static analysis of ethereum smart contracts[C]//Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain.2018:9-16.
[27]FEIST J,GRIECO G,GROCE A.Slither:a static analysisframework for smart contracts[C]//2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).IEEE,2019:8-15.
[28]BRENT L,JURISEVIC A,KONG M,et al.Vandal:A scalable security analysis framework for smart contracts[J].arXiv:1809.03981,2018.
[29]KALRA S,GOEL S,DHAWAN M,et al.ZEUS:AnalyzingSafety of Smart Contracts[C]//Ndss.2018:1-12.
[30]GURFINKEL A,KAHSAI T,KOMURAVELLI A,et al.The SeaHorn verification framework[C]//International Conference on Computer Aided Verification.Cham:Springer,2015:343-361.
[31]TORRES C F,SCHÜTTE J,STATE R.Osiris:Hunting for integer bugs in ethereum smart contracts[C]//Proceedings of the 34th Annual Computer Security Applications Conference.2018:664-676.
[32]CHANG J,GAO B,XIAO H,et al.sCompile:Critical path identification and analysis for smart contracts[C]//International Conference on Formal Engineering Methods.Cham:Springer,2019:286-304.
[33]TSANKOV P,DAN A,DRACHSLER-COHEN D,et al.Securify:Practical security analysis of smart contracts[C]//Procee-dings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.2018:67-82.
[34]PARK D,ZHANG Y,SAXENA M,et al.A formal verification tool for Ethereum VM bytecode[C]//Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering.2018:912-915.
[35]BHARGAVAN K,DELIGNAT-LAVAUD A,FOURNET C,et al.Formal verification of smart contracts:Short paper[C]//Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security.2016:91-96.
[36]GRISHCHENKO I,MAFFEI M,SCHNEIDEWIND C.Asemantic framework for the security analysis of ethereum smart contracts[C]//International Conference on Principles of Security and Trust.Cham:Springer,2018:243-269.
[37]SIDNEY A,MYRIAM B,MAKSYM B,et al.Towards Verifying Ethereum Smart Contract Bytecode in Isabelle/HOL[C]//Proceedings of the 7th ACM International Conference on Certified Programs and Proofs (CPP 2018).2018.
[38]LI Z J,ZHANG J X,LIAO X K,et al.Survey of Software Vulnerability Detection Techniques[J].Chinese Journal of Compu-ters,2015,38(4):717-732.
[39]LUU L,CHU D H,OLICKEL H,et al.Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC Confe-rence on Computer and Communications Security.2016:254-269.
[40]MOSSBERG M,MANZANO F,HENNENFENT E,et al.Manticore:A user-friendly symbolic execution framework for binaries and smart contracts[C]//2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE).IEEE,2019:1186-1189.
[41]JIANG B,LIU Y,CHAN W K.Contractfuzzer:Fuzzing smart contracts for vulnerability detection[C]//2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).IEEE,2018:259-269.
[42]LIU C,LIU H,CAO Z,et al.Reguard:finding reentrancy bugs in smart contracts[C]//2018 IEEE/ACM 40th International Conference on Software Engineering:Companion (ICSE-Companion).IEEE,2018:65-68.
[43]GAO J,LIU H,LIU C,et al.Easyflow:Keep ethereum away from overflow[C]//2019 IEEE/ACM 41st International Conference on Software Engineering:Companion Proceedings (ICSE-Companion).IEEE,2019:23-26.
[44]CHEN J,XIA X,LO D,et al.Defining smart contract defects on ethereum[J].arXiv:1905.01467,2020.
[45]FROWIS M,BOHME R.In code we trust?Measuring the control flow immutability of all smart contracts deployed on Ethe-reum[J].LNCS,2017,10436:357-372.
[46]SAYEED S,MARCO-GISBERT H,CAIRA T.Smart Contract:Attacks and Protections[J].IEEE Access,2020,8:24416-24427.
[47]CHEN X,LIAO P,ZHANG Y,et al.Understanding Code Reuse in Smart Contracts[C]//2021 IEEE International Conference on Software Analysis,Evolution and Reengineering (SANER).IEEE,2021:470-479.
[48]PIERRO G A,TONELLI R.Analysis of Source Code Duplication in Ethreum Smart Contracts[C]//2021 IEEE International Conference on Software Analysis,Evolution and Reengineering (SANER).IEEE,2021:701-707.
[49]PEREZ D,LIVSHITS B.Smart contract vulnerabilities:Doesanyone care?[J].arXiv:1902.06710,2019.
[50]WANG Z,DAI W,CHOO K K R,et al.FSFC:An input filter-based secure framework for smart contract[J].Journal of Network and Computer Applications,2020,154:102530.
[51]TANN W J W,HAN X J,GUPTA S S,et al.Towards safersmart contracts:A sequence learning approach to detecting security threats[J].arXiv:1811.06632,2018.
[1] WANG Zi-kai, ZHU Jian, ZHANG Bo-jun, HU Kai. Research and Implementation of Parallel Method in Blockchain and Smart Contract [J]. Computer Science, 2022, 49(9): 312-317.
[2] HUANG Song, DU Jin-hu, WANG Xing-ya, SUN Jin-lei. Survey of Ethereum Smart Contract Fuzzing Technology Research [J]. Computer Science, 2022, 49(8): 294-305.
[3] ZHOU Hang, JIANG He, ZHAO Yan, XIE Xiang-peng. Study on Optimal Scheduling of Power Blockchain System for Consensus Transaction ofEach Unit [J]. Computer Science, 2022, 49(6A): 771-776.
[4] LI Bo, XIANG Hai-yun, ZHANG Yu-xiang, LIAO Hao-de. Application Research of PBFT Optimization Algorithm for Food Traceability Scenarios [J]. Computer Science, 2022, 49(6A): 723-728.
[5] FU Li-yu, LU Ge-hao, WU Yi-ming, LUO Ya-ling. Overview of Research and Development of Blockchain Technology [J]. Computer Science, 2022, 49(6A): 447-461.
[6] GAO Jian-bo, ZHANG Jia-shuo, LI Qing-shan, CHEN Zhong. RegLang:A Smart Contract Programming Language for Regulation [J]. Computer Science, 2022, 49(6A): 462-468.
[7] WEI Hong-ru, LI Si-yue, GUO Yong-hao. Secret Reconstruction Protocol Based on Smart Contract [J]. Computer Science, 2022, 49(6A): 469-473.
[8] MAO Dian-hui, HUANG Hui-yu, ZHAO Shuang. Study on Automatic Synthetic News Detection Method Complying with Regulatory Compliance [J]. Computer Science, 2022, 49(6A): 523-530.
[9] WANG Si-ming, TAN Bei-hai, YU Rong. Blockchain Sharding and Incentive Mechanism for 6G Dependable Intelligence [J]. Computer Science, 2022, 49(6): 32-38.
[10] SUN Hao, MAO Han-yu, ZHANG Yan-feng, YU Ge, XU Shi-cheng, HE Guang-yu. Development and Application of Blockchain Cross-chain Technology [J]. Computer Science, 2022, 49(5): 287-295.
[11] YANG Zhen, HUANG Song, ZHENG Chang-you. Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE [J]. Computer Science, 2022, 49(5): 325-332.
[12] REN Chang, ZHAO Hong, JIANG Hua. Quantum Secured-Byzantine Fault Tolerance Blockchain Consensus Mechanism [J]. Computer Science, 2022, 49(5): 333-340.
[13] FENG Liao-liao, DING Yan, LIU Kun-lin, MA Ke-lin, CHANG Jun-sheng. Research Advance on BFT Consensus Algorithms [J]. Computer Science, 2022, 49(4): 329-339.
[14] WANG Xin, ZHOU Ze-bao, YU Yun, CHEN Yu-xu, REN Hao-wen, JIANG Yi-bo, SUN Ling-yun. Reliable Incentive Mechanism for Federated Learning of Electric Metering Data [J]. Computer Science, 2022, 49(3): 31-38.
[15] ZHANG Ying-li, MA Jia-li, LIU Zi-ang, LIU Xin, ZHOU Rui. Overview of Vulnerability Detection Methods for Ethereum Solidity Smart Contracts [J]. Computer Science, 2022, 49(3): 52-61.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.