摘要
智能合约一经部署就无法更改的特点导致合约上链前需要严格的代码审查机制。针对现有检测工具对复杂路径检测低效,循环处理粗糙的缺点,提出一种以目标为导向的符号执行路径搜索策略。以静态分析插桩结果引导路径搜索引擎快速到达危险指令位置添加检测模块,同时对程序中的循环结构进行前向迭代查询,抽取循环子集和变量以在边界处依据指令类型进行检测。实验在以太坊网络上选取114份包含溢出漏洞和重入危险的合约检测,实验结果表明有14.28%的正确率提升和1.61倍的时间效率提升。
The immutable factor of deployed smart contracts needs a strict code review mechanism.For the existing detection tools of smart contract with the defects of inefficient detection for complex paths and rough processing for loop structures,a target-oriented symbol execution path search strategy is proposed.The instrumentation result of static analysis leaded the trace search engine to cover hazardous position quickly to add the detection module.Simultaneously,the loop instruction set and execution variable were extracted to assess the vulnerability in program bounds when loop structure was detected.114 smart contracts with overflow and reentrancy vulnerabilities selected on the Ethereum blockchain were detected.The experiment results show 14.28%accuracy improvement and 1.61 time efficiency compared with the existing symbolic execution tool.
作者
陈文轩
张子蛟
秦伟伦
Chen Wenxuan;Zhang Zijiao;Qin Weilun(College of Cyberspace Security,Zhengzhou University,Zhengzhou 450000,Henan,China;Network Management Center,Zhengzhou University,Zhengzhou 450000,Henan,China)
出处
《计算机应用与软件》
北大核心
2025年第7期366-373,共8页
Computer Applications and Software
基金
河南省高等教育教学改革研究与实践重大项目(2019SJGLX001)。
关键词
区块链安全
智能合约
符号执行
漏洞检测
以太坊
Blockchain security
Smart contract
Symbolic execution
Vulnerability detection
Ethereum
