智能合约安全漏洞检测技术研究综述
作者:
作者单位:

作者简介:

通讯作者:

刘振广,E-mail:liuzhenguang2008@gmail.com

基金项目:

国家重点研发计划(2017YFB1401300,2017YFB1401304);浙江省自然科学基金(LQ19F020001);国家自然科学基金(61902348);浙江省重点研发计划(2021C01104)


Smart Contract Vulnerability Detection Technique: A Survey
Author:
Affiliation:

Fund Project:

National Key R&D Program of China (2017YFB1401300, 2017YFB1401304); Natural Science Foundation of Zhejiang Province, China (LQ19F020001); National Natural Science Foundation of China (61902348); Key R&D Program of Zhejiang Province (2021C01104)

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
    摘要:

    智能合约是区块链技术最成功的应用之一,为实现各式各样的区块链现实应用提供了基础,在区块链生态系统中处于至关重要的地位.然而,频发的智能合约安全事件不仅造成了巨大的经济损失,而且破坏了基于区块链的信用体系,智能合约的安全性和可靠性成为国内外研究的新关注点.本文首先从Solidity代码层、EVM执行层、区块链系统层这3个层面介绍了智能合约常见的漏洞类型和典型案例;继而,从形式化验证法、符号执行法、模糊测试法、中间表示法、深度学习法这5类方法综述了智能合约漏洞检测技术的研究进展,针对现有漏洞检测方法的可检测漏洞类型、准确率、时间消耗等方面进行了详细的对比分析,并讨论了它们的局限性和改进思路;最后,根据对现有研究工作的总结,探讨了智能合约漏洞检测领域面临的挑战,并结合深度学习技术展望了未来的研究方向.

    Abstract:

    Smart contract, one of the most successful applications of blockchain, provides the foundation for realizing various real-world applications of blockchain, playing an essential role in the blockchain ecosystem. However, frequent smart contract security events not only caused huge economic losses but also destroyed the blockchain-based credit system. The security and reliability of smart contract thus gain wide attention from researchers worldwide. In this paper, we first introduce the common types and typical cases of smart contract vulnerabilities from three levels, i.e., Solidity code layer, EVM execution layer, and blockchain system layer. Then, we review the research progress of smart contract vulnerability detection and classify existing efforts into five categories, namely formal verification, symbolic execution, fuzzing testing, intermediate representation, and deep learning. We compare the detectable vulnerability types, accuracy, and time consumption of existing vulnerability detection methods in detail as well as their limitations and improvements. Finally, based on the summary of existing researches, we discuss the challenges in the field of smart contract vulnerability detection and combine with the deep learning technology to look forward to future research directions.

    参考文献
    相似文献
    引证文献
引用本文

钱鹏,刘振广,何钦铭,黄步添,田端正,王勋.智能合约安全漏洞检测技术研究综述.软件学报,,():0

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
历史
  • 收稿日期:2020-08-13
  • 最后修改日期:2021-01-18
  • 录用日期:
  • 在线发布日期: 2021-05-21
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号