以太坊Solidity智能合约漏洞检测方法综述

以太坊Solidity智能合约基于区块链技术,作为一种旨在以信息化方式传播、验证或执行的计算机协议,为各类分布式应用服务提供了基础.虽然落地还不足6年,但因其安全漏洞事件频繁爆发,且造成了巨大的经济损失,使得其安全性检查方面的研究备受关注.首先基于以太坊相关技术对智能合约的一些特殊机制和运行原理进行介绍,并根据智能合约...

Overview of Vulnerability Detection Methods for Ethereum Solidity Smart Contracts

Based on blockchain technology,Ethereum Solidity smart contract as a computer protocol is designed to spread,verify,or execute contracts in an informative way,and it provides a foundation for various distributed application services.Although implemented for less than six years,its security problems have frequently broken out and caused substantial financial losses,which attracts more attention in the security inspection research.This paper firstly introduces some specific mechanisms and operating principles of smart contracts based on Ethereum related techniques,and analyzes some smart contract vulnerabilities occurring frequently and deriving from the characteristics of smart contracts.Then,this paper explains the traditional mainstream smart contract vulnerability detecting tools in terms of symbolic execution,fuzzing,formal verification,and taint analysis.In addition,in order to cope with the endless new vulnerabilities and the need to improve the efficiency of detection,vulnerabilities detection based on machine learning in recent years is classified and summarized according to the various ways of problem transformation in three perspectives including text processing,non-Euclidean graph and standard image.Finally,this paper proposes to formulate more extensive and accurate standardized information database and measurement indicators towards the insufficiency of the detection methods in two directions.