首页 | 本学科首页   官方微博 | 高级检索  
     

智能合约漏洞检测技术综述
引用本文:董伟良,刘哲,刘逵,黎立,葛春鹏,黄志球.智能合约漏洞检测技术综述[J].软件学报,2024,35(1):38-62.
作者姓名:董伟良  刘哲  刘逵  黎立  葛春鹏  黄志球
作者单位:南京航空航天大学 计算机科学与技术学院, 江苏 南京 211106;Monash University, Clayton VIC 3800, Australia
基金项目:国家重点研发计划(2021YFB2700503); 国家自然科学基金(62172214, 62032025, U20A201092, 62071222); 广东省重点研发计划(2020B0101090002); 江苏省自然科学基金(BK20210279, BK20200418); 江苏省科技支撑计划(BE2020106); 数学工程与先进计算国家重点实验室开放基金(2020A06)
摘    要:智能合约作为可信的去中心化应用,获得了广泛的关注,但其安全漏洞问题对其可靠性带来了巨大威胁.为此,研究者们利用各种前沿技术(如模糊测试、机器学习、形式化验证等)研究了多种漏洞检测技术,并取得了可观的效果.为了系统性地梳理与分析现有智能合约漏洞检测技术,搜集截至2021年7月关于智能合约漏洞检测的84篇论文,根据它们的核心方法进行分类,从每种技术的实现方法、漏洞类型、实验数据等方面展开分析,同时对比国内外研究现状在这些方面的差异.最后,对现有的智能合约漏洞检测技术进行总结,探讨面临的挑战,并展望了未来的研究方向.

关 键 词:智能合约  合约安全  合约可靠性  合约质量保障  漏洞检测  合约程序分析
收稿时间:2021/9/6 0:00:00
修稿时间:2022/1/12 0:00:00

Survey on Vulnerability Detection Technology of Smart Contracts
DONG Wei-Liang,LIU Zhe,LIU Kui,LI Li,GE Chun-Peng,HUANG Zhi-Qiu.Survey on Vulnerability Detection Technology of Smart Contracts[J].Journal of Software,2024,35(1):38-62.
Authors:DONG Wei-Liang  LIU Zhe  LIU Kui  LI Li  GE Chun-Peng  HUANG Zhi-Qiu
Affiliation:College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 211106, China;Monash University, Clayton VIC 3800, Australia
Abstract:As the trusted decentralized application, smart contracts attract widespread attention, whereas their security vulnerabilities threaten the reliability. To this end, researchers employ various advanced technologies (such as fuzz testing, machine learning, and formal verification) to study several vulnerability detection technologies and yield sound effects. This study collects 84 related papers by July 2021 to systematically sort out and analyze existing vulnerability detection technologies of smart contracts. First of all, vulnerability detection technologies are categorized according to their core methodologies. These technologies are analyzed from the aspects of implementation methods, vulnerability categories, and experimental data. Additionally, the differences between domestic and international research in these aspects are compared. Finally, after summarizing the existing technologies, the study discusses the challenges of vulnerability detection technologies and potential research directions.
Keywords:smart contract  contract security  contract reliability  contract quality assurance  vulnerability detection  contract program analysis
点击此处可从《软件学报》浏览原始摘要信息
点击此处可从《软件学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号