Abstract: Although blockchain technology has significant advantages in decentralization and security, the threat of malicious transactions latent in its layered architecture is increasingly complex, and the existing research mostly focuses on the security analysis of a single layer and lacks the systematic exploration of cross-layer attack conduction mechanism. A hierarchical malicious transaction analysis framework including the basic protocol layer, the basic chain layer, the extended solution layer, and the application layer is proposed, which deeply analyzes the hierarchical problem of malicious transactions in blockchain technology, and completely summarizes the research progress of the existing methods for detecting and defending against malicious attacks. Firstly, the malicious attacks in the above four layers are reviewed and analyzed, and the definitions and attack forms of 35 types of malicious attacks are outlined; there is a significant conduction effect between the attacks in each layer, and the key leakage in the protocol layer can expand the loss of the DeFi protocol in the application layer by several times; secondly, the detection methods of each type of attack as well as the defense methods are introduced respectively, and the relevant technologies that can be used to defend against this type of attack are summarized; Finally, the existing security problems in each layer of the blockchain are analyzed: high power consumption of post-quantum cryptography algorithms in blockchain devices, confirmation delays and low block exit speeds, complexity and security risks of the proxy contract model, and the state growth risks of Rollups. According to this, four directions are proposed for future research: low-power design of post-quantum cryptography, dynamic block time, and adaptive block exit speeds, Enhancing the security and efficiency of the proxy contract model and Verkle tree constant size proof scheme for stateless clients.

Key words: blockchain, security, Attacks, vulnerability detection

摘要： 区块链技术虽在去中心化与安全性上具有显著优势，但其分层架构中潜藏的恶意交易威胁日益复杂化，现有研究多聚焦单一层次的安全分析，缺乏对跨层攻击传导机制的系统性探索。提出包括基础协议层、基础链层、扩展解决方案层、应用层的层次化恶意交易分析框架，深入分析了区块链技术中恶意交易的层次化问题，完整地总结了现有恶意攻击的检测与抵御方法研究进展。首先，对上述四层中的恶意攻击进行综述分析，概述了35种恶意攻击类型的定义及攻击形式，各层级攻击间存在显著的传导效应，协议层的密钥泄露可使应用层的DeFi协议损失扩大数倍；其次，分别介绍了各类攻击的检测方法以及抵御方法，并总结了可以用于抵御该类攻击的相关技术；最后，分析了区块链各层中现存的安全问题：后量子密码学算法在区块链设备中的高功耗问题、确认延迟和低区块出块速度、代理合约模式的复杂性与安全隐患问题和Rollups的状态增长隐患问题据此提出未来研究的四个方向：后量子密码学的低功耗设计、动态块时间和自适应出块速度、增强代理合约模式的安全性与效率和Verkle树的无状态客户端恒定大小证明方案。

关键词: 区块链, 安全, 攻击, 漏洞检测