首页 | 本学科首页   官方微博 | 高级检索  
     

智能合约安全漏洞检测技术研究综述
引用本文:钱鹏,刘振广,何钦铭,黄步添,田端正,王勋. 智能合约安全漏洞检测技术研究综述[J]. 软件学报, 2022, 33(8): 3059-3085
作者姓名:钱鹏  刘振广  何钦铭  黄步添  田端正  王勋
作者单位:浙江工商大学 计算机与信息工程学院, 浙江 杭州 310018;浙江工商大学 计算机与信息工程学院, 浙江 杭州 310018;浙江大学 计算机科学与技术学院, 浙江 杭州 310058;浙江大学 计算机科学与技术学院, 浙江 杭州 310058
基金项目:国家重点研发计划(2017YFB1401300,2017YFB1401304);浙江省自然科学基金(LQ19F020001);国家自然科学基金(61902348);浙江省重点研发计划(2021C01104)
摘    要:智能合约是区块链技术最成功的应用之一,为实现各式各样的区块链现实应用提供了基础,在区块链生态系统中处于至关重要的地位.然而,频发的智能合约安全事件不仅造成了巨大的经济损失,而且破坏了基于区块链的信用体系,智能合约的安全性和可靠性成为国内外研究的新关注点.首先从Solidity代码层、EVM执行层、区块链系统层这3个层面介绍了智能合约常见的漏洞类型和典型案例;继而,从形式化验证法、符号执行法、模糊测试法、中间表示法、深度学习法这5类方法综述了智能合约漏洞检测技术的研究进展,针对现有漏洞检测方法的可检测漏洞类型、准确率、时间消耗等方面进行了详细的对比分析,并讨论了它们的局限性和改进思路;最后,根据对现有研究工作的总结,探讨了智能合约漏洞检测领域面临的挑战,并结合深度学习技术展望了未来的研究方向.

关 键 词:区块链  智能合约  以太坊  漏洞检测  自动化工具
收稿时间:2020-08-13
修稿时间:2021-01-18

Smart Contract Vulnerability Detection Technique: A Survey
QIAN Peng,LIU Zhen-Guang,HE Qin-Ming,HUANG Bu-Tian,TIAN Duan-Zheng,WANG Xun. Smart Contract Vulnerability Detection Technique: A Survey[J]. Journal of Software, 2022, 33(8): 3059-3085
Authors:QIAN Peng  LIU Zhen-Guang  HE Qin-Ming  HUANG Bu-Tian  TIAN Duan-Zheng  WANG Xun
Affiliation:School of Computer and Information Engineering, Zhejiang Gongshang University, Hangzhou 310018, China;School of Computer and Information Engineering, Zhejiang Gongshang University, Hangzhou 310018, China;School of Computer Science and Technology, Zhejiang University, Hangzhou 310058, China
Abstract:Smart contract, one of the most successful applications of blockchain, provides the foundation for realizing various real-world applications of blockchain, playing an essential role in the blockchain ecosystem. However, frequent smart contract security events not only caused huge economic losses but also destroyed the blockchain-based credit system. The security and reliability of smart contract thus gain wide attention from researchers worldwide. This study first introduces the common types and typical cases of smart contract vulnerabilities from three levels, i.e., Solidity code layer, EVM execution layer, and blockchain system layer. Then, the research progress of smart contract vulnerability detection is reviewed and existing efforts are classified into five categories, namely formal verification, symbolic execution, fuzzing testing, intermediate representation, and deep learning. The detectable vulnerability types, accuracy, and time consumption of existing vulnerability detection methods are compared in detail as well as their limitations and improvements. Finally, based on the summary of existing researches, the challenges in the field of smart contract vulnerability detection are discussed and combined with the deep learning technology to look forward to future research directions.
Keywords:blockchain  smart contract  Ethereum  vulnerability detection  automation tool
本文献已被 万方数据 等数据库收录!
点击此处可从《软件学报》浏览原始摘要信息
点击此处可从《软件学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号