智能合约漏洞检测研究综述

doi:10.3778/j.issn.1673-9418.2203024

计算机科学与探索 ›› 2022, Vol. 16 ›› Issue (11): 2456-2470.DOI: 10.3778/j.issn.1673-9418.2203024

智能合约漏洞检测研究综述

李雷孝¹^,², 郑岳¹^,⁺(), 高昊昱¹, 熊啸³, 牛铁铭¹, 杜金泽¹, 高静⁴

1.内蒙古工业大学数据科学与应用学院，呼和浩特 010080
2.内蒙古自治区基于大数据的软件服务工程技术研究中心，呼和浩特 010080
3.内蒙古工业大学信息工程学院，呼和浩特 010080
4.内蒙古农业大学计算机与信息工程学院，呼和浩特 010011

出版日期:2022-11-01 发布日期:2022-11-16
通讯作者: + E-mail: 847256122@qq.com
作者简介:李雷孝（1978—），男，山东成武人，博士，教授，主要研究方向为云计算、大数据处理、数据挖掘等。
郑岳（1996—），男，河北沧州人，硕士研究生，主要研究方向为大数据安全、区块链。
高昊昱（1994—），男，山西太原人，硕士研究生，主要研究方向为大数据安全、区块链。
熊啸（1993—），男，河南信阳人，硕士研究生，主要研究方向为大数据安全、区块链。
牛铁铭（1998—），男，山西大同人，硕士研究生，主要研究方向为大数据安全、区块链。
杜金泽（1998—），男，山西太原人，硕士研究生，主要研究方向为区块链、网络隐蔽信道构建。
高静（1970—），女，辽宁沈阳人，博士，教授，主要研究方向为云计算、大数据、农业信息化等。

Survey of Research on Smart Contract Vulnerability Detection

LI Leixiao¹^,², ZHENG Yue¹^,⁺(), GAO Haoyu¹, XIONG Xiao³, NIU Tieming¹, DU Jinze¹, GAO Jing⁴

1. College of Data Science and Application, Inner Mongolia University of Technology, Hohhot 010080, China
2. Inner Mongolia Autonomous Region Engineering & Technology Research Centre of Big Data Based Software Service, Hohhot 010080, China
3. College of Information Engineering, Inner Mongolia University of Technology, Hohhot 010080, China
4. College of Computer and Information Engineering, Inner Mongolia Agricultural University, Hohhot 010011, China

Online:2022-11-01 Published:2022-11-16
About author:LI Leixiao, born in 1978, Ph.D., professor. His research interests include cloud computing, big data processing, data mining, etc.
ZHENG Yue, born in 1996, M.S. candidate. His research interests include big data security and blockchain.
GAO Haoyu, born in 1994, M.S. candidate. His research interests include big data security and blockchain.
XIONG Xiao, born in 1993, M.S. candidate. His research interests include big data security and blockchain.
NIU Tieming, born in 1998, M.S. candidate. His research interests include big data security and blockchain.
DU Jinze, born in 1998, M.S. candidate. His research interests include blockchain and network covert channel construction.
GAO Jing, born in 1970, Ph.D., professor. Her research interests include cloud computing, big data, agricultural informatization, etc.

摘要/Abstract

摘要：

智能合约作为区块链技术中的重要组成部分，通过其编写的去中心化应用被广泛用于各领域中，为区块链的发展与应用提供了重要的技术支持。但智能合约发展的同时也带来了安全问题，大量针对智能合约的漏洞攻击，让研究者不得不加强对智能合约安全漏洞的重视。如何快速准确地进行漏洞检测成为一个亟待解决的问题。首先，通过对重入攻击漏洞、整数溢出以及访问控制漏洞等常见漏洞的分析使研究者对常见漏洞得到充分的了解。其次，通过对形式化验证、符号执行、机器学习等漏洞检测方法及其对应工具的国内外现状进行调研并分析讨论工具的优缺点，同时通过复现部分工具进行实验，以检测速度、准确率以及支持检测的漏洞数量为标准，展示漏洞检测工具的性能。最后，根据对智能合约漏洞检测工具的分析结果对未来的研究方向给出建议。

关键词: 区块链, 智能合约, 漏洞检测, 安全

Abstract:

As an important part of blockchain technology, smart contracts are widely used in various fields through decentralized applications written by smart contracts, providing important technical support for the development and application of blockchain. However, the development has brought security problems at the same time, and a large number of vulnerability attacks against smart contracts have made researchers pay more attention to the security vulnerabilities of smart contracts. How to quickly and accurately perform vulnerability detection has become an urgent problem to be solved. Firstly, through the analysis of common vulnerabilities such as reentrancy attack vulnerabilities, integer overflow and access control vulnerabilities, researchers can fully understand the common vulnerabilities. Secondly, by investigating the current status of vulnerability detection methods such as formal verification, symbolic execution, machine learning and their corresponding tools at home and abroad, analyzing and discussing the advantages and disadvantages of the tools, at the same time, replicating some tools for experiments, the performance of the vulnerability detection tools is demonstrated based on the detection speed, accuracy, and the number of vulnerabilities that support detection. Finally, suggestions for future research directions are given based on the analysis results of smart contract vulnerability detection tools.

Key words: blockchain, smart contract, vulnerability detection, security

中图分类号:

TP39
TP309.2

李雷孝, 郑岳, 高昊昱, 熊啸, 牛铁铭, 杜金泽, 高静. 智能合约漏洞检测研究综述[J]. 计算机科学与探索, 2022, 16(11): 2456-2470.

LI Leixiao, ZHENG Yue, GAO Haoyu, XIONG Xiao, NIU Tieming, DU Jinze, GAO Jing. Survey of Research on Smart Contract Vulnerability Detection[J]. Journal of Frontiers of Computer Science and Technology, 2022, 16(11): 2456-2470.

图/表 9

参考文献 63

[1]	曹傧, 林亮, 李云, 等. 区块链研究综述[J]. 重庆邮电大学学报(自然科学版), 2020, 32(1): 1-14.
	CAO B, LIN L, LI Y, et al. Review of blockchain research[J]. Journal of Chongqing University of Posts and Telecommu-nications (Natural Science Edition), 2020, 32(1): 1-14.
[2]	NAKAMOTO S. Bitcoin: a peer-to-peer electronic cash system[EB/OL]. (2018-06-10)[2022-01-16]. https://bitcoin.org/bitcoin.pdf.
[3]	HOFMAN D L. Legally Speaking: smart contracts, archival bonds, and linked data in the blockchain[C]// Proceedings of the 26th International Conference on Computer Comm-unication and Networks, Vancouver, Jul 31-Aug 3, 2017. Piscataway: IEEE, 2017: 1-4.
[4]	熊玲, 李发根, 刘志才. 车联网环境下基于区块链技术的条件隐私消息认证方案[J]. 计算机科学, 2020, 47(11): 55-59. DOI
	XIONG L, LI F G, LIU Z C. Conditional privacy-preserving authentication scheme based on blockchain for vehicular ad hoc networks[J]. Computer Science, 2020, 47(11): 55-59. DOI
[5]	王春东, 罗婉薇, 莫秀良, 等. 车联网互信认证与安全通信综述[J]. 计算机科学, 2020, 47(11): 1-9. DOI
	WANG C D, LUO W W, MO X L, et al. Survey on mutual trust authentication and secure communication of Internet of vehicles[J]. Computer Science, 2020, 47(11): 1-9.
[6]	KANG J, YU R, HUANG X, et al. Blockchain for secure and efficient data sharing in vehicular edge computing and networks[J]. IEEE Internet of Things Journal, 2019, 6(3): 4660-4670. DOI URL
[7]	HATIM S M, ELIAS S J, ALI R M, et al. Blockchain-based Internet of vehicles (BIoV): an approach towards smart cities development[C]// Proceedings of the 2020 5th IEEE International Conference on Recent Advances and Innovations in Engineering, Jaipur, Dec 1-3, 2020. Piscataway: IEEE, 2020: 1-4.
[8]	QI X, EMMANUEL S, ABLA S, et al. BBDS: blockchain-based data sharing for electronic medical records in cloud environments[J]. Information, 2017, 8(2): 44. DOI URL
[9]	AZARIA A, EKBLAW A, VIEIRA T, et al. MedRec: using blockchain for medical data access and permission manag-ement[C]// Proceedings of the 2nd International Conference on Open and Big Data, Vienna, Austria, Aug 22-24, 2016. Washington: IEEE Computer Society, 2016: 25-30.
[10]	ZHANG P. Blockchain technology use cases in healthcare[J]. Advances in Computers, 2018, 111: 1-41.
[11]	CHRISTIDIS K, DEVETSIKIOTIS M. Blockchains and smart contracts for the internet of things[J]. IEEE Access, 2016, 4: 2292-2303. DOI URL
[12]	BAHGA A, MADISETTI V K. Blockchain platform for industrial Internet of things[J]. Journal of Software Engineering and Applications, 2016, 9(10): 14.
[13]	KSHETRI N. Can blockchain strengthen the Internet of things?[J]. IT Professional, 2017, 19(4): 68-72. DOI URL
[14]	SZABO N. Smart contracts[EB/OL]. (1994-06-10)[2022-01-16]. http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/smart.contracts.html.
[15]	DWORK C, NAOR M. Pricing via processing or combatting junk mail[C]// LNCS 740: Proceedings of the 12th Annual International Cryptology Conference Advances in Cryptology, Santa Barbara, Aug 16-20, 1992. Berlin, Heidelberg: Springer, 1993: 139-147.
[16]	WOOD G. Ethereum: a secure decentralised generalised transaction ledger[R]. 2014.
[17]	MOHANTA B K, PANDA S S, JENA D. An overview of smart contract and use cases in blockchain technology[C]// Proceedings of the 9th International Conference on Computing, Communication and Networking Technologies, Bengaluru, Jul 10-12, 2018. Piscataway: IEEE, 2018: 1-4.
[18]	BUTERIN V. A next-generation smart contract and decen-tralized application platform[R]. 2014.
[19]	ZHENG Z, XIE S, DAI H, et al. An overview of blockchain technology: architecture, consensus, and future trends[C]// Proceedings of the 2017 IEEE International Congress on Big Data, Honolulu, Jun 25-30, 2017. Washington: IEEE Computer Society, 2017: 557-564.
[20]	MACRINICI D, CARTOFEANU C, GAO S. Smart contract applications within blockchain technology: a systematic mapping study[J]. Telematics and Informatics, 2018, 35(8): 2337-2354. DOI URL
[21]	徐蜜雪, 苑超, 王永娟, 等. 拟态区块链——区块链安全解决方案[J]. 软件学报, 2019, 30(6): 1681-1691.
	XU M X, YUAN C, WANG Y J, et al. Mimic blockchain—solution to the security of blockchain[J]. Journal of Software, 2019, 30(6): 1681-1691.
[22]	TheDAO[EB/OL]. [2022-01-16]. https://en.wikipedia.org/wiki/ TheDAO(organization).
[23]	Beauty chain integer overflow[EB/OL]. [2022-01-16]. https://etherscan.io/token/0xc5d105e63711398af9bbff092d4b6769c8-2f793d.
[24]	King of the Ether Throne[EB/OL]. [2022-01-16]. https://www.kingoftheether.com/thrones/kingoftheether/index.html.
[25]	韩璇, 袁勇, 王飞跃. 区块链安全问题:研究现状与展望[J]. 自动化学报, 2019, 45(1): 206-225.
	HAN X, YUAN Y, WANG F Y. Blockchain security issues: research status and prospects[J]. Acta Automatica Sinica, 2019, 45(1): 206-225.
[26]	ATZEI N, BARTOLETTI M, CIMOLI T. A survey of attacks on ethereum smart contracts (SoK)[C]// LNCS 10204: Proc-eedings of the 6th International Conference on Principles of Security & Trust, Uppsala, Apr 22-29, 2017. Cham: Springer, 2017: 164-186.
[27]	GROSSMAN S, ABRAHAM I, GOLAN-GUETA G, et al. Online detection of effectively callback free objects with applications to smart contracts[J]. Proceedings of the ACM on Programming Languages, 2017, 2: 1-28.
[28]	SafeMath[EB/OL]. [2022-01-16]. https://docs.statechannels.org/contractapi/natspec/SafeMath.
[29]	赵伟, 张问银, 王九如, 等. 基于符号执行的智能合约漏洞检测方案[J]. 计算机应用, 2020, 40(4): 947-953. DOI
	ZHAO W, ZHANG W Y, WANG J R, et al. Smart contract vulnerability detection scheme based on symbol execution[J]. Journal of Computer Applications, 2020, 40(4): 947-953. DOI
[30]	倪远东, 张超, 殷婷婷. 智能合约安全漏洞研究综述[J]. 信息安全学报, 2020, 5(3): 78-99.
	NI Y D, ZHANG C, YIN T T. A survey of smart contract vulnerability research[J]. Journal of Cyber Security, 2020, 5(3): 78-99.
[31]	王化群, 张帆, 李甜, 等. 智能合约中的安全与隐私保护技术[J]. 南京邮电大学学报(自然科学版), 2019, 39(4): 63-71.
	WANG H Q, ZHANG F, LI T, et al. Security and privacy-protection technologies in smart contract[J]. Journal of Nanjing University of Posts and Telecommunications (Natural Science), 2019, 39(4): 63-71.
[32]	Validator ordering and randomness in PoS[EB/OL]. [2022-01-16]. https://vitalik.ca/files/randomness.html.
[33]	郑忠斌, 王朝栋, 蔡佳浩. 智能合约的安全研究现状与检测方法分析综述[J]. 信息安全与通信保密, 2020(7): 93-105.
	ZHENG Z B, WANG C D, CAI J H. Analysis of the current status of smart contract security research and detection methods[J]. Information Security and Communications Privacy, 2020(7): 93-105.
[34]	付梦琳, 吴礼发, 洪征, 等. 智能合约安全漏洞挖掘技术研究[J]. 计算机应用, 2019, 39(7): 1959-1966. DOI
	FU M L, WU L F, HONG Z, et al. Research on vulnerability mining technique for smart contracts[J]. Journal of Computer Applications, 2019, 39(7): 1959-1966. DOI
[35]	CHANG X, ZHU J, ZHAO S. Dynamic array double-access attack in Ethereum[C]// Proceedings of the 2020 IEEE 6th International Conference on Computer and Communications, Chengdu, Dec 11-14, 2020. Piscataway: IEEE, 2020: 1065-1071.
[36]	欧阳恒一, 熊焰, 黄文超. 一种代币智能合约的形式化建模与验证方法[J]. 计算机工程, 2020, 46(10): 41-45.
	OUYANG H Y, XIONG Y, HUANG W C. A formal modeling and verification method for token smart contract[J]. Computer Engineering, 2020, 46(10): 41-45.
[37]	SHACHAM H, WATERS B. Compact proofs of retrievability[J]. Journal of Cryptology, 2013, 26(3): 442-483. DOI URL
[38]	DAN B, LYNN B, SHACHAM H. Short signatures from the Weil pairing[C]// LNCS 2248: Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security, Gold Coast, Dec 9-13, 2001. Berlin, Heidelberg: Springer, 2001: 514-532.
[39]	KALRA S, GOEL S, DHAWAN M, et al. ZEUS: analyzing safety of smart contracts[C]// Proceedings of the 25th Annual Network and Distributed System Security Symposium, San Diego, Feb 18-21, 2018: 1-15.
[40]	SAYEED S, MARCO-GISBERT H, CAIRA T. Smart contract: attacks and protections[J]. IEEE Access, 2020, 8: 24416-24427. DOI URL
[41]	HIRAI Y. Formal verification of deed contract in Ethereum name service[EB/OL]. [2022-01-16]. https//yoichihirai.com/deed.pdf.
[42]	HIRAI Y. Defining the Ethereum virtual machine for interactive theorem provers[C]// LNCS 10323:Proceedings of the Financial Cryptography and Data Security, Sliema, Apr 7, 2017. Cham: Springer, 2017: 520-535.
[43]	GRISHCHENKO I, MAFFEI M, SCHNEIDEWIND C. A semantic framework for the security analysis of Ethereum smart contracts[C]// LNCS 10804: Proceedings of the 7th International Conference, Held as Part of the European Joint Conferences on Theory and Practice of Software,Thessaloniki, Apr 14-20, 2018. Cham: Springer, 2018: 243-269.
[44]	HILDENBRANDT E, SAXENA M, RODRIGUES N, et al. KEVM: a complete formal semantics of the ethereum virtual machine[C]// Proceedings of the 31st IEEE Computer Security Foundations Symposium, Oxford, Jul 9-12, 2018. Washington: IEEE Computer Society, 2018: 204-217.
[45]	董春燕, 谭良. 基于CPN模型Auction智能合约的形式化验证[J]. 小型微型计算机系统, 2020, 41(11): 2292-2297.
	DONG C Y, TAN L. Formal verification of Auction smart contract based on CPN model[J]. Journal of Chinese Computer Systems, 2020, 41(11): 2292-2297.
[46]	LUU L, CHU D H, OLICKEL H, et al. Making smart contracts smarter[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Oct 24-28, 2016. New York: ACM, 2016: 254-269.
[47]	MUELLER B. Mythril-reversing and bug hunting framework for the Ethereum blockchain[EB/OL]. [2022-01-16]. https://pypi.org/project/mythril/0.8.2/.
[48]	MythX: smart contract security tool for Ethereum[EB/OL]. (2019-10-24)[2022-01-16]. https://mythx.io/.
[49]	李宗鸿, 胡大裟, 蒋玉明. 面向智能合约漏洞检测的改进符号执行研究[J]. 计算机应用研究, 2021, 38(7): 1943-1946.
	LI Z H, HU D S, JIANG Y M. Research on improved symbolic execution for smart contract vulnerability detection[J]. Application Research of Computers, 2021, 38(7): 1943-1946.
[50]	JIANG B, LIU Y, CHAN W K. ContractFuzzer: fuzzing smart contracts for vulnerability detection[C]// Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, Montpellier, Sep 3-7, 2018. New York: ACM, 2018: 259-269.
[51]	LIAO J W, TSAI T T, HE C K, et al. SoliAudit: smart contract vulnerability assessment based on machine learning and fuzz testing[C]// Proceedings of the 6th International Conference on Internet of Things:Systems, Management and Security,Granada, Oct 22-25, 2019. Piscataway: IEEE, 2019: 458-465.
[52]	ASHRAF I, MA X, JIANG B, et al. GasFuzzer: fuzzing Ethereum smart contract binaries to expose gas-oriented exception security vulnerabilities[J]. IEEE Access, 2020, 8:99552-99564. DOI URL
[53]	XIONG Y, SU C, HUANG W, et al. SmartVerif: push the limit of automation capability of verifying security protocols by dynamic strategies[C]// Proceedings of the 29th USENIX Security Symposium, Aug 12-14, 2020. Berkeley: USENIX Association, 2020: 253-270.
[54]	XING C, CHEN Z, CHEN L, et al. A new scheme of vulnerability analysis in smart contract with machine learning[J]. Wireless Networks, 2020.
[55]	MOMENI P, WANG Y, SAMAVI R. Machine learning model for smart contracts security analysis[C]// Proceedings of the 17th International Conference on Privacy, Security and Trust, Fredericton, Aug 26-28, 2019. Piscataway: IEEE, 2019: 1-6.
[56]	LIU Z G, QIAN P, WANG X Y, et al. Combining graph neural networks with expert knowledge for smart contract vulnerability detection[J]. arXiv: 2107.11598, 2021.
[57]	ZHUANG Y, LIU Z G, QIAN P, et al. Smart contract vulnerability detection using graph neural network[C]// Proceedings of the 29th International Joint Conference on Artificial Intelligence, Yokohama, Jul 2020: 3283-3290.
[58]	TANN J W, XING J H, GUPTA S S, et al. Towards safer smart contracts: a sequence learning approach to detecting vulnerabilities[J]. arXiv:1811.06632, 2018.
[59]	ZHOU Y, KUMAR D, BAKSHI S, et al. Erays: reverse engineering Ethereum’s opaque smart contracts[C]// Proceedings of the 27th USENIX Security Symposium, Baltimore, Aug 15-17, 2018. Berkeley: USENIX Association, 2018: 1371-1385.
[60]	韩松明, 梁彬, 黄建军, 等. DC-Hunter: 一种基于字节码匹配的危险智能合约检测方案[J]. 信息安全学报, 2020, 5(3): 100-112.
	HAN S M, LIANG B, HUANG J J, et al. DC-Hunter: detecting dangerous smart contracts via bytecode matching[J]. Journal of Cyber Security, 2020, 5(3): 100-112.
[61]	FEIST J, GREICO G, GROCE A. Slither: a static analysis framework for smart contracts[C]// Proceedings of the 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain, Montreal, May 27, 2019. Pis-cataway: IEEE, 2019: 8-15.
[62]	GAO J B, LIU H, LIU C, et al. EASYFLOW: keep Ethereum away from overflow[C]// Proceedings of the 41st International Conference on Software Engineering:Companion Proceedings, Montreal, May 25-31, 2019. Piscataway: IEEE, 2019: 23-26.
[63]	TIKHOMIROV S, VOSKRESENSKAYA E, IVANITSKIY I, et al. SmartCheck: static analysis of ethereum smart contracts[C]// Proceedings of the 1st IEEE/ACM International Workshop on Emerging Trends in Software Engineering for Blockchain, Gothenburg, May 27-Jun 3, 2018. New York: ACM, 2018: 9-16.

攻击类型	标志性事件	时间	影响
可重入漏洞	TheDAO	2016	价值6 000万美金以太币被盗取，以太坊硬分叉
整数溢出	BeautyChain	2018	BEC代币无限复制，代币价格跳水
拒绝服务攻击	King of the Ether Throne	2016	游戏玩家的补偿和未接受款项无法退回玩家的钱包
Delegatecall委托调用	Parity Multisig Wallet的第二次入侵	2017	合约失效，用户钱包被锁死影响约51万个ETH，价值约1.5亿美元
51%攻击	ETC网络遭受51%攻击	2019	约22万个ETC遭攻击，价值约110万美元
针对供应链的攻击	门罗币官方钱包文件被恶意替换	2019	用户私钥和助记词被窃取
DNS劫持	以太坊钱包Myetherwallet遭DNS劫持	2018	价值15.3万美金以太币转入劫持者账户
针对交易所的攻击	KuCoin交易所被盗	2020	亚洲交易所KuCoin热钱包被盗，价值2.8亿美金
权限错误	Poly NetWork	2021	失窃资产超6.1亿美金，是DeFi有史以来数额最大的一次进攻事件
闪电贷攻击	Beanstalk Farm遭闪电贷攻击	2022	协议损失约1.82亿美金

攻击类型	标志性事件	时间	影响
可重入漏洞	TheDAO	2016	价值6 000万美金以太币被盗取，以太坊硬分叉
整数溢出	BeautyChain	2018	BEC代币无限复制，代币价格跳水
拒绝服务攻击	King of the Ether Throne	2016	游戏玩家的补偿和未接受款项无法退回玩家的钱包
Delegatecall委托调用	Parity Multisig Wallet的第二次入侵	2017	合约失效，用户钱包被锁死影响约51万个ETH，价值约1.5亿美元
51%攻击	ETC网络遭受51%攻击	2019	约22万个ETC遭攻击，价值约110万美元
针对供应链的攻击	门罗币官方钱包文件被恶意替换	2019	用户私钥和助记词被窃取
DNS劫持	以太坊钱包Myetherwallet遭DNS劫持	2018	价值15.3万美金以太币转入劫持者账户
针对交易所的攻击	KuCoin交易所被盗	2020	亚洲交易所KuCoin热钱包被盗，价值2.8亿美金
权限错误	Poly NetWork	2021	失窃资产超6.1亿美金，是DeFi有史以来数额最大的一次进攻事件
闪电贷攻击	Beanstalk Farm遭闪电贷攻击	2022	协议损失约1.82亿美金

漏洞层级	漏洞类型
Solidity代码层	未校验返回值
	整数溢出漏洞
	权限控制漏洞
	资产冻结
	拒绝服务攻击漏洞
EVM执行层	重入漏洞
	短地址攻击
	代码注入
区块链系统层	时间戳依赖
	可预测的随机处理
	交易顺序依赖

漏洞层级	漏洞类型
Solidity代码层	未校验返回值
	整数溢出漏洞
	权限控制漏洞
	资产冻结
	拒绝服务攻击漏洞
EVM执行层	重入漏洞
	短地址攻击
	代码注入
区块链系统层	时间戳依赖
	可预测的随机处理
	交易顺序依赖

方法	检测工具	准确率/%	支持漏洞数量	平均检测速度/s
形式化验证	VaaS	72.54	8	166.2
符号执行	Oyente	60.54	6	27.3
模糊测试	ContractFuzzer	67.89	6	279.7
机器学习	DR-GCN	76.16	3	3.4
特征匹配	Slither	57.82	7	10.5

智能合约漏洞检测研究综述

Survey of Research on Smart Contract Vulnerability Detection

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 63

相关文章 15

编辑推荐

Metrics

[1]	刘同来, 章子凯, 武继刚. 面向医疗图像协同分析的系统模型及访问控制[J]. 计算机科学与探索, 2022, 16(8): 1779-1791.
[2]	王群, 李馥娟, 倪雪莉, 夏玲玲, 王振力, 梁广俊. 区块链共识算法及应用研究[J]. 计算机科学与探索, 2022, 16(6): 1214-1242.
[3]	熊啸, 李雷孝, 高静, 高昊昱, 杜金泽, 郑岳, 牛铁铭. 区块链在车联网数据共享领域的研究进展[J]. 计算机科学与探索, 2022, 16(5): 1008-1024.
[4]	韩刚, 吕英泽, 罗维, 王嘉乾. 重大疫情患者隐私数据保护方案研究[J]. 计算机科学与探索, 2022, 16(2): 359-371.
[5]	孟博, 王乙丙, 赵璨, 王德军, 麻斌豪. 区块链跨链协议综述[J]. 计算机科学与探索, 2022, 16(10): 2177-2192.
[6]	徐杨杨, 王艳. 区块链在云制造资源分配的研究[J]. 计算机科学与探索, 2022, 16(10): 2298-2309.
[7]	谢佳, 胡予濮, 高军涛, 王保仓, 江明明. 格上前向安全的有序聚合签名[J]. 计算机科学与探索, 2021, 15(9): 1658-1666.
[8]	孙莉莉, 易波, 王兴伟, 黄敏. 融合人体免疫防御机理的ICN安全路由机制[J]. 计算机科学与探索, 2021, 15(4): 658-669.
[9]	张明军，杨思华，姚兵. 探索拓扑编码中的图格与传统格的联系[J]. 计算机科学与探索, 2021, 15(11): 2171-2183.
[10]	谢佳, 胡予濮, 高军涛, 王保仓, 江明明. 标准模型下前向安全的格基有序聚合签名[J]. 计算机科学与探索, 2021, 15(10): 1912-1920.
[11]	樊星, 牛保宁. 区块链应用下的新型区块链布隆过滤器[J]. 计算机科学与探索, 2021, 15(10): 1921-1929.
[12]	孙岩，姬伟峰，翁江. 移动目标信号博弈的防御最优策略选取[J]. 计算机科学与探索, 2020, 14(9): 1510-1520.
[13]	成雯，李顺东，王文丽. 秘密区间与阈值的保密判定[J]. 计算机科学与探索, 2020, 14(5): 760-768.
[14]	顾佳男，郑蓓蕾，翁楚良. 面向云平台非可信Hypervisor的保护机制综述[J]. 计算机科学与探索, 2020, 14(2): 200-214.
[15]	周健，孙丽艳，付明. 抗货币失效的区块链钱包保护协议研究[J]. 计算机科学与探索, 2020, 14(12): 2039-2049.