基于元操作的智能合约漏洞检测方法

doi:10.16180/j.cnki.issn1007-7820.2024.09.010

摘要/Abstract

摘要：

针对静态分析工具由于漏洞扫描流程代码强耦合于工具代码中导致其扩展漏洞成本较高的问题,文中提出了基于元操作的智能合约漏洞检测方法。该方法将工具中的基本检测流程转换为元操作抽象形式,通过不同元操作和逻辑运算符组合来自定义漏洞扫描流程,以达到通过编写少量漏洞扫描流程语法就可以实现检测不同漏洞,提高工具对智能合约新型漏洞的扩展能力。实验结果证明,根据文中方法所需编写的漏洞描述字符量仅为Slither工具漏洞检测逻辑字符量的8.9%~12.7%,假阳率相比Slither工具降低2%。证明了所提方法可以在保证工具检测可靠性的基础上提供了更强的扩展性和灵活性。

关键词: 静态分析工具, 耦合, 漏洞检测, 漏洞扫描流程, 元操作, 逻辑运算符, 扩展, 新型漏洞

Abstract:

In view of the problem that the static analysis tool has a high cost of expanding the vulnerability due to the strong coupling of the vulnerability scanning process code in the tool code, a smart contract vulnerability detection method based on meta-operations is proposed. This method can convert the most basic detection process in the tool into an abstract form of meta-operation and customize the vulnerability scanning process through the combination of different meta-operations and logical operators, so as to realize the detection of different vulnerabilities by writing a small amount of vulnerability scanning process syntax. The detection can improve the ability of the tool to expand the new vulnerabilities of smart contracts. The experiment results prove that the number of characters of the vulnerability description required to be written according to this method is only 8.9%~12.7% of the logic characters of the Slither tool vulnerability detection, and the false positive rate is 2% lower than that of the Slither tool. It is proved that this method can provide stronger scalability and flexibility based on ensuring the reliability of tool detection.

Key words: static analysis tool, coupling, vulnerability detection, vulnerability scanning process, meta-operation, logical operators, scalability, new vulnerabilities

中图分类号:

TP393

王顺, 徐向华, 王然. 基于元操作的智能合约漏洞检测方法[J]. 电子科技, 2024, 37(9): 64-71.

WANG Shun, XU Xianghua, WANG Ran. Smart Contract Vulnerability Detection Method Based on Meta-Operation[J]. Electronic Science and Technology, 2024, 37(9): 64-71.

图/表 8

图1

表1

表2

图2

图3

图4

表3

表4

参考文献 18

[1]	Szabo N. Formalizing and securing relationships on public networks[J]. First Monday, 1997, 2(9):1-21.
[2]	Li R, Song T, Mei B, et al. Blockchain for large-scale internet of things data storage and protection[J]. IEEE Transactions on Services Computing, 2019, 12(1):762-771.
[3]	Guo H, Yu X. A survey on blockchain technology and its security[J]. Blockchain:Research and Applications, 2022, 3(2):67-82.
[4]	Buterin V. A next-generation smart contract and decentralized application platform[J]. White Paper, 2014, 3(37):1-33.
[5]	Bouichou A, Mezroui S, El Oualkadi A. An overview of ethereum and solidity vulnerabilities[C]. Marrakech: International Symposium on Advanced Electrical and Communication Technologies,IEEE, 2020:1-7.
[6]	李洋, 李洁, 葛宁, 等. 面向金融领域的智能合约特定语言设计[J]. 信息安全研究, 2022, 8(5):468-474.
	Li Yang, Li Jie, Ge Ning, et al. Design of a smart contract specific language for financial field[J]. Journal of Information Security Research, 2022, 8(5):468-474.
[7]	李佳利, 杨涵, 钱建平. 新冠肺炎疫情下中国农产品冷链物流可信追溯研究[J]. 农业大数据学报, 2022, 4(1):14-24. doi: 10.19788/j.issn.2096-6369.220101
	Li Jiali, Yang Han, Qian Jianping. An credible traceability system for coldchain logistics developed for China's agricultural products in the context of COVID-19[J]. Journal of Agricultural Big Data, 2022, 4(1):14-24. doi: 10.19788/j.issn.2096-6369.220101
[8]	王晟典, 陈娥, 朱岩, 等. 一种基于区块链智能合约的软件服务交易方法[J]. 工程科学学报, 2023, 45(3):475-488.
	Wang Shengdian, Chen E, Zhu Yan, et al. A software service transaction approach based on blockchain smart contracts[J]. Chinese Journal of Engineering, 2023, 45(3):475-488.
[9]	Nishi F K, Shams-E-Mofiz M, Khan M M, et al. Electronic healthcare data record security using blockchain and smart contract[J]. Journal of Sensors, 2022(5):1-22.
[10]	倪远东, 张超, 殷婷婷. 智能合约安全漏洞研究综述[J]. 信息安全学报, 2020, 5(3):78-99.
	Ni Yuandong, Zhang Chao, Yin Tingting. A suvery of smart contract vulnerability research[J]. Journalof Cyber Security, 2020, 5(3):78-99.
[11]	Zhou H, Milani Fard A, Makanju A. The state of ethereum smart contracts security:Vulnerabilities, countermeasures and tool support[J]. Journal of Cyber Security and Privacy, 2022, 2(2):358-378.
[12]	Feist J, Grieco G, Groce A. Slither:A static analysis framework for smart contracts[C]. Montreal: IEEE/ACM the Second International Workshop on Emerging Trends in Software Engineering for Blockchain, 2019:8-15.
[13]	Tikhomirov S, Voskresenskaya E, Ivanitskiy I, et al. Smartcheck:Static analysis of ethereum smart contracts[C]. Gothenburg: Proceedings of the First International Workshop on Emerging Trends in Software Engineering for Blockchain, 2018:9-16.
[14]	Albert E, Gordillo P, Livshits B, et al. Ethir:A framework for high-level analysis of ethereum bytecode[C]. Los Angeles:Automated Technology for Verification and Analysis: The Sixteenth International Symposium, 2018:513-520.
[15]	Wood G. Solidity 0.8.0 documentation[EB/OL].(2020-03-01)[2023-04-08]https://docs.soliditylang.org/en/v0.8.0.
[16]	ETH. The ethereum blockchain explorer[EB/OL].(2020-06-21)[2023-04-08]https://etherscan.io.
[17]	Daian P. Analysis of the dao exploit[EB/OL].(2016-06-18)[2023-04-08]https://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit.
[18]	Spank Chain. We got spanked:What we know so far[EB/OL].(2018-10-09)[2023-04-08]https://medium.com/spankchain/we-got-spanked-what-we-know-so-far-d5ed3a0f38fe.

变量类型	描述
Int	整型数值类型
Number	浮点数值类型
List	列表类型,参数集合
String	字符串类型
Char	字符类型
Boolean	布尔值类型

运算符	描述
&&	元操作之间的关系为‘与’关系
\|\|	元操作之间的关系为‘或’关系
!	元操作所表示特征不应出现
()	提升优先级

评价维度	评价指标	Slither^[12]	SmartCheck^[13]	StaticPlus
准确性	假阳率/%	10	44	8
准确性	假阳合约个数	50	220	40
性能	平均执行时间/s	0.85	2.8	1.1
鲁棒性	分析报错率/%	3.5	9.7	3.5
鲁棒性	报错合约个数	112	311	112
重入漏洞合约	DAO^[17]	P	Ï	P
重入漏洞合约	SpankChain^[18]	P	Ï	P

漏洞名称	StaticPlus	Slither^[12]	字符数占比/%
时间戳依赖	236	1 863	12.7
重入漏洞	501	5 638	8.9
DelegateCall	121	1 065	11.4