Journal of Frontiers of Computer Science and Technology ›› 2022, Vol. 16 ›› Issue (11): 2456-2470.DOI: 10.3778/j.issn.1673-9418.2203024

• Surveys and Frontiers • Previous Articles     Next Articles

Survey of Research on Smart Contract Vulnerability Detection

LI Leixiao1,2, ZHENG Yue1,+(), GAO Haoyu1, XIONG Xiao3, NIU Tieming1, DU Jinze1, GAO Jing4   

  1. 1. College of Data Science and Application, Inner Mongolia University of Technology, Hohhot 010080, China
    2. Inner Mongolia Autonomous Region Engineering & Technology Research Centre of Big Data Based Software Service, Hohhot 010080, China
    3. College of Information Engineering, Inner Mongolia University of Technology, Hohhot 010080, China
    4. College of Computer and Information Engineering, Inner Mongolia Agricultural University, Hohhot 010011, China
  • Online:2022-11-01 Published:2022-11-16
  • About author:LI Leixiao, born in 1978, Ph.D., professor. His research interests include cloud computing, big data processing, data mining, etc.
    ZHENG Yue, born in 1996, M.S. candidate. His research interests include big data security and blockchain.
    GAO Haoyu, born in 1994, M.S. candidate. His research interests include big data security and blockchain.
    XIONG Xiao, born in 1993, M.S. candidate. His research interests include big data security and blockchain.
    NIU Tieming, born in 1998, M.S. candidate. His research interests include big data security and blockchain.
    DU Jinze, born in 1998, M.S. candidate. His research interests include blockchain and network covert channel construction.
    GAO Jing, born in 1970, Ph.D., professor. Her research interests include cloud computing, big data, agricultural informatization, etc.

智能合约漏洞检测研究综述

李雷孝1,2, 郑岳1,+(), 高昊昱1, 熊啸3, 牛铁铭1, 杜金泽1, 高静4   

  1. 1.内蒙古工业大学 数据科学与应用学院,呼和浩特 010080
    2.内蒙古自治区基于大数据的软件服务工程技术研究中心,呼和浩特 010080
    3.内蒙古工业大学 信息工程学院,呼和浩特 010080
    4.内蒙古农业大学 计算机与信息工程学院,呼和浩特 010011
  • 通讯作者: + E-mail: 847256122@qq.com
  • 作者简介:李雷孝(1978—),男,山东成武人,博士,教授,主要研究方向为云计算、大数据处理、数据挖掘等。
    郑岳(1996—),男,河北沧州人,硕士研究生,主要研究方向为大数据安全、区块链。
    高昊昱(1994—),男,山西太原人,硕士研究生,主要研究方向为大数据安全、区块链。
    熊啸(1993—),男,河南信阳人,硕士研究生,主要研究方向为大数据安全、区块链。
    牛铁铭(1998—),男,山西大同人,硕士研究生,主要研究方向为大数据安全、区块链。
    杜金泽(1998—),男,山西太原人,硕士研究生,主要研究方向为区块链、网络隐蔽信道构建。
    高静(1970—),女,辽宁沈阳人,博士,教授,主要研究方向为云计算、大数据、农业信息化等。

Abstract:

As an important part of blockchain technology, smart contracts are widely used in various fields through decentralized applications written by smart contracts, providing important technical support for the development and application of blockchain. However, the development has brought security problems at the same time, and a large number of vulnerability attacks against smart contracts have made researchers pay more attention to the security vulnerabilities of smart contracts. How to quickly and accurately perform vulnerability detection has become an urgent problem to be solved. Firstly, through the analysis of common vulnerabilities such as reentrancy attack vulnerabilities, integer overflow and access control vulnerabilities, researchers can fully understand the common vulnerabilities. Secondly, by investigating the current status of vulnerability detection methods such as formal verification, symbolic execution, machine learning and their corresponding tools at home and abroad, analyzing and discussing the advantages and disadvantages of the tools, at the same time, replicating some tools for experiments, the performance of the vulnerability detection tools is demonstrated based on the detection speed, accuracy, and the number of vulnerabilities that support detection. Finally, suggestions for future research directions are given based on the analysis results of smart contract vulnerability detection tools.

Key words: blockchain, smart contract, vulnerability detection, security

摘要:

智能合约作为区块链技术中的重要组成部分,通过其编写的去中心化应用被广泛用于各领域中,为区块链的发展与应用提供了重要的技术支持。但智能合约发展的同时也带来了安全问题,大量针对智能合约的漏洞攻击,让研究者不得不加强对智能合约安全漏洞的重视。如何快速准确地进行漏洞检测成为一个亟待解决的问题。首先,通过对重入攻击漏洞、整数溢出以及访问控制漏洞等常见漏洞的分析使研究者对常见漏洞得到充分的了解。其次,通过对形式化验证、符号执行、机器学习等漏洞检测方法及其对应工具的国内外现状进行调研并分析讨论工具的优缺点,同时通过复现部分工具进行实验,以检测速度、准确率以及支持检测的漏洞数量为标准,展示漏洞检测工具的性能。最后,根据对智能合约漏洞检测工具的分析结果对未来的研究方向给出建议。

关键词: 区块链, 智能合约, 漏洞检测, 安全

CLC Number: