智能合约安全漏洞检测技术研究综述

智能合约是区块链技术最成功的应用之一,为实现各式各样的区块链现实应用提供了基础,在区块链生态系统中处于至关重要的地位.然而,频发的智能合约安全事件不仅造成了巨大的经济损失,而且破坏了基于区块链的信用体系,智能合约的安全性和可靠性成为国内外研究的新关注点.首先从Solidity代码层、EVM执行层、区块链系统层这3个层面介绍了智能合约常见的漏洞类型和典型案例;继而,从形式化验证法、符号执行法、模糊测试法、中间表示法、深度学习法这5类方法综述了智能合约漏洞检测技术的研究进展,针对现有漏洞检测方法的可检测漏洞类型、准确率、时间消耗等方面进行了详细的对比分析,并讨论了它们的局限性和改进思路;最后,根据对现有研究工作的总结,探讨了智能合约漏洞检测领域面临的挑战,并结合深度学习技术展望了未来的研究方向.

Smart Contract Vulnerability Detection Technique: A Survey

Smart contract, one of the most successful applications of blockchain, provides the foundation for realizing various real-world applications of blockchain, playing an essential role in the blockchain ecosystem. However, frequent smart contract security events not only caused huge economic losses but also destroyed the blockchain-based credit system. The security and reliability of smart contract thus gain wide attention from researchers worldwide. This study first introduces the common types and typical cases of smart contract vulnerabilities from three levels, i.e., Solidity code layer, EVM execution layer, and blockchain system layer. Then, the research progress of smart contract vulnerability detection is reviewed and existing efforts are classified into five categories, namely formal verification, symbolic execution, fuzzing testing, intermediate representation, and deep learning. The detectable vulnerability types, accuracy, and time consumption of existing vulnerability detection methods are compared in detail as well as their limitations and improvements. Finally, based on the summary of existing researches, the challenges in the field of smart contract vulnerability detection are discussed and combined with the deep learning technology to look forward to future research directions.