面向智能合约漏洞检测的改进符号执行研究

由于区块链不可窜改的特性,部署到区块链上的智能合约不可更改.为了提高合约的安全性,防止智能合约出现整数溢出、短地址攻击、伪随机等问题,在合约部署之前需对合约进行漏洞检测.针对智能合约的整数溢出漏洞利用符号执行进行分析研究,对现有符号执行方法进行调查发现检测速度较慢,从而提出一种自底向上求解约束的改进符号执行方法,并结合深度优先与广度优先进行路径选择从而提高符号执行的代码覆盖率.实验结果表明,改进符号执行在选取的100份含溢出漏洞的智能合约中检测正确率达84％,平均检测效率提高了20％,在中等规模智能合约中检测效率提升显著,检测结果正确率较高.

Research on improved symbolic execution for smart contract vulnerability detection

Due to the immutable nature of the blockchain, smart contracts that have been deployed on the blockchain cannot be changed. In order to improve the security of the contract and prevent the smart contract from integer overflow, short address attacks, pseudo-random, etc., it is necessary that perform vulnerability detection on the contract before the contract have been deployed. This paper analyzed and researched the symbolic execution of the integer overflow vulnerability of the smart contract, investigation found that the detection speed of existing symbolic execution methods was slow, and this paper proposed an improved symbolic execution method for solving constraints from the bottom, which combined depth first and breadth first path selection to improve code coverage of symbolic execution. The experimental results show that the improved symbolic execution has a detection accuracy rate of 84% in the selected 100 smart contracts containing overflow vulnerabilities, and the average detection efficiency has increased by 20%. The detection efficiency in medium-scale smart contracts has increased significantly, and the detection results have a higher accuracy high.