关键路径预搜索的符号执行智能合约漏洞检测

doi:10.3969/j.issn.0255-8297.2024.02.016

Abstract

Abstract: This paper proposes a pre-searching paths for symbolic execution method to guide the critical path symbol execution of scanning smart contract vulnerabilities through static detection. This approach aims to avoid unnecessary resource consumption of path search, thereby achieving accurate and fast smart contract vulnerability detection. This method is compared with existing mainstream detection tools. The results show that the Gas exhaustion denial of service vulnerability coverage reaches 98%, with a detection accuracy of 84.3%, which is far higher than the average value of 37.2%. Furthermore, the full coverage of storage coverage vulnerability contracts is realized with a detection accuracy of 86.1%, which validates the efficiency and stability of this method.

Key words: smart contract, vulnerability detection, symbol execution, pre-search of critical path, blockchain security

CLC Number:

P751.1

WANG Zexu, WEN Bin. Smart Contract Vulnerability Detection of Symbol Execution with Critical Path Pre-searching[J]. Journal of Applied Sciences, 2024, 42(2): 364-374.

References

[1] Zheng Z B, Xie S A, Dai H N, et al. An overview of blockchain technology:architecture, consensus, and future trends [C]//2017 IEEE International Congress on Big Data (BigData Congress). IEEE, 2017:557-564.
[2] Kushwaha S S, Joshi S, Singh D, et al. Ethereum smart contract analysis tools:a systematic review [J]. IEEE Access, 2022, 10:57037-57062.
[3] Wan Z Y, Xia X, Lo D, et al. Smart contract security:a practitioners' perspective [C]//2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE). IEEE, 2021:1410-1422.
[4] Mariano B, Chen Y J, Feng Y, et al. Demystifying loops in smart contracts [C]//202035th IEEE/ACM International Conference on Automated Software Engineering. IEEE, 2020:262-274.
[5] Baldoni R, Coppa E, D'elia D C, et al. A survey of symbolic execution techniques [J]. ACM Computing Surveys, 51(3):1-39.
[6] 魏昂, 黄忠义, 周鸣爱. 智能合约安全与实施规范研究[J]. 网络空间安全, 2020, 11(3):44-49. Wei A, Huang Z Y, Zhou M A. Research on the security and implementation of smart contract [J]. Information Security and Technology, 2020, 11(3):44-49.(in Chinese)
[7] 倪远东, 张超, 殷婷婷. 智能合约安全漏洞研究综述[J]. 信息安全学报, 2020, 5(3):78-99. Ni Y D, Zhang C, Yin T T. A survey of smart contract vulnerability research [J]. Journal of Cyber Security, 2020, 5(3):78-99.(in Chinese)
[8] Luu L, Chu D H, Olickel H, et al. Making smart contracts smarter [C]//2016 ACM SIGSAC conference on Computer and Communications Security, 2016:254-269.
[9] Chen T, Feng Y Z, Li Z H, et al. GasChecker:scalable analysis for discovering gas-inefficient smart contracts [J]. IEEE Transactions on Emerging Topics in Computing, 2021, 9(3):1433-1448.
[10] 陈霄汉, 赵相福, 张登记, 等. SlightDetection:一种以太坊智能合约安全漏洞的静态分析工具[J]. 应用科学学报, 2022, 40(4):695-712. Chen X H, Zhao X F, Zhang D J, et al. SlightDetection:a static analysis tool for smart contracts security vulnerabilities on ethereum [J]. Journal of Applied Sciences, 2022, 40(4):695-712. (in Chinese)
[11] 张登记, 赵相福, 陈中育, 等. 基于Ethereum智能合约的安全策略分析[J]. 应用科学学报, 2021, 39(1):151-163. Zhang D J, Zhao X F, Chen Z Y, et al. Analysis of security strategies for smart contracts based on ethereum [J]. Journal of Applied Sciences, 2021, 39(1):151-163. (in Chinese)
[12] 林锦滨, 张晓菲, 刘晖. 符号执行技术研究[C]//全国计算机安全学术交流会, 2009:412-416.
[13] 付梦琳, 吴礼发, 洪征, 等. 智能合约安全漏洞挖掘技术研究[J]. 计算机应用, 2019, 39(7):1959-1966. Fu M L, Wu L F, Hong Z, et al. Research on vulnerability mining technique for smart contracts [J]. Journal of Computer Applications, 2019, 39(7):1959-1966. (in Chinese)
[14] 袁勇, 王飞跃. 区块链技术发展现状与展望[J]. 自动化学报, 2016, 42(4):481-494. Yuan Y, Wang F Y. Blockchain:the state of the art and future trends [J]. Acta Automatica Sinica, 2016, 42(4):481-494.(in Chinese)
[15] Liu Y, Zhou X, Gong W W. A survey of search strategies in the dynamic symbolic execution [J]. ITM Web of Conferences, 2017, 12:03025.
[16] Nassirzadeh B, Sun H, Banescu S, et al. Gas gauge:a security analysis tool for smart contract out-of-gas vulnerabilities [DB/OL]. 2021[2022-08-14]. http://arxiv.org/abs/2112.14771.
[17] Feist J, Grieco G, Groce A. Slither:a static analysis framework for smart contracts [C]//2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE, 2019:8-15.
[18] Mossberg M, Manzano F, Hennenfent E, et al. Manticore:a user-friendly symbolic execution framework for binaries and smart contracts [C]//201934th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 2019:1186-1189.
[19] Zhang W, Banescu S, Pasos L, et al. Mpro:combining static and symbolic analysis for scalable testing of smart contract [C]//2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE). IEEE, 2019:456-462.
[20] Zhang W, Banescu S, Pasos L, et al. MPro:combining static and symbolic analysis for scalable testing of smart contract [C]//2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE). IEEE, 2019:456-462.
[21] Tsankov P, Dan A, Drachsler-Cohen D, et al. Securify:practical security analysis of smart contracts [C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018:67-82.
[22] Tikhomirov S, Voskresenskaya E, Ivanitskiy I, et al. SmartCheck:static analysis of ethereum smart contracts [C]//2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE, 2018:9-16.

Smart Contract Vulnerability Detection of Symbol Execution with Critical Path Pre-searching

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments

[1]	ZHANG Yong, YAO Zhongyuan, WANG Chao, GUO Shangkun, GUO Xiaohan, SI Xueming. Consortium Chain Multi-chain Collaboration Scheme for Complex Application Scenarios [J]. Journal of Applied Sciences, 2023, 41(4): 601-613.
[2]	PAN Liang, CHEN Bin, DAI Mingjun, WANG Taotao, ZHANG Shengli. Dynamic Spectrum Sharing Based on Blockchain Smart Contract [J]. Journal of Applied Sciences, 2023, 41(4): 590-600.
[3]	LIU Hong, ZHANG Jingyu, LEI Mengting, XIAO Yunpeng. Fair and Verifiable Voting Smart Contract Based on Blockchain [J]. Journal of Applied Sciences, 2023, 41(4): 541-562.
[4]	WANG Feng, LIU Linlin, LIU Yang, BAI Hao, ZHANG Qiang. Book Resource Sharing System of Inter-university Alliance Based on Blockchain [J]. Journal of Applied Sciences, 2023, 41(3): 515-526.
[5]	ZHAO Haihong, YAO Zhongyuan, ZHU Weihua, ZHU Ziqiang, PAN Changfeng, SI Xueming. An Electronic Contract Sharing Scheme Based on Blockchain [J]. Journal of Applied Sciences, 2023, 41(2): 359-368.
[6]	WANG Huajian, LI Renwei, ZHOU Huan, YANG Guogui. Design and Implementation of Decentralized Trusted Crowdsourcing Platform Based on Commitment Scheme [J]. Journal of Applied Sciences, 2023, 41(1): 141-152.
[7]	CHEN Xiaohan, ZHAO Xiangfu, ZHANG Dengji, FEI Jiajia. SlightDetection: A Static Analysis Tool for Smart Contracts Security Vulnerabilities on Ethereum [J]. Journal of Applied Sciences, 2022, 40(4): 695-712.
[8]	ZHU Ziqiang, YAO Zhongyuan, ZHU Weihua, ZHAO Haihong, PAN Changfeng, SI Xueming. Anonymous and Traceable Data Trading Scheme Based on Blockchain [J]. Journal of Applied Sciences, 2022, 40(4): 653-665.
[9]	WU Ou, ZHANG He, WANG Yanze, LI Haoming, LI Shanshan. Architecture Design and Implementation of Seafood-Oriented Supply Chain Platform Based on Multiple Heterogeneous Blockchains [J]. Journal of Applied Sciences, 2022, 40(4): 539-554.
[10]	WANG Cheng, ZHENG Hong, HUANG Jianhua, QIAN Shihui. PKI Model Based on Dual Blockchain [J]. Journal of Applied Sciences, 2022, 40(3): 528-538.
[11]	ZHANG Dengji, ZHAO Xiangfu, CHEN Zhongyu, TONG Xiangrong. Analysis of Security Strategies for Smart Contracts Based on Ethereum [J]. Journal of Applied Sciences, 2021, 39(1): 151-163.
[12]	ZHOU Zhengqiang, CHEN Yuling, LI Tao, REN Xiaojun, QING Xinyi. Medical Data Security Sharing Scheme Based on Consortium Blockchain [J]. Journal of Applied Sciences, 2021, 39(1): 123-134.
[13]	XIANG Weijing, TSAI Weitek. Research and Design of Legal Smart Contract Platform Model [J]. Journal of Applied Sciences, 2021, 39(1): 109-122.
[14]	WANG Siyuan, ZOU Shihong. Blockchain and Capability Based Access Control Mechanism in Multi-domain IoT [J]. Journal of Applied Sciences, 2021, 39(1): 55-69.
[15]	ZHAO Yingqi, ZHU Xueyang, LI Guangyuan, GAO Ya, BAO Yulong. Verification of Smart Contracts with Time Constraints [J]. Journal of Applied Sciences, 2021, 39(1): 1-16.