基于元操作的智能合约漏洞检测方法

doi:10.16180/j.cnki.issn1007-7820.2024.09.010

Abstract

Abstract:

In view of the problem that the static analysis tool has a high cost of expanding the vulnerability due to the strong coupling of the vulnerability scanning process code in the tool code, a smart contract vulnerability detection method based on meta-operations is proposed. This method can convert the most basic detection process in the tool into an abstract form of meta-operation and customize the vulnerability scanning process through the combination of different meta-operations and logical operators, so as to realize the detection of different vulnerabilities by writing a small amount of vulnerability scanning process syntax. The detection can improve the ability of the tool to expand the new vulnerabilities of smart contracts. The experiment results prove that the number of characters of the vulnerability description required to be written according to this method is only 8.9%~12.7% of the logic characters of the Slither tool vulnerability detection, and the false positive rate is 2% lower than that of the Slither tool. It is proved that this method can provide stronger scalability and flexibility based on ensuring the reliability of tool detection.

Key words: static analysis tool, coupling, vulnerability detection, vulnerability scanning process, meta-operation, logical operators, scalability, new vulnerabilities

CLC Number:

TP393

WANG Shun, XU Xianghua, WANG Ran. Smart Contract Vulnerability Detection Method Based on Meta-Operation[J].Electronic Science and Technology, 2024, 37(9): 64-71.

Figures/Tables 8

Figure 1.

Table 1.

Table 2.

Figure 2.

Figure 3.

Figure 4.

Table 3.

Table 4.

References 18

[1]	Szabo N. Formalizing and securing relationships on public networks[J]. First Monday, 1997, 2(9):1-21.
[2]	Li R, Song T, Mei B, et al. Blockchain for large-scale internet of things data storage and protection[J]. IEEE Transactions on Services Computing, 2019, 12(1):762-771.
[3]	Guo H, Yu X. A survey on blockchain technology and its security[J]. Blockchain:Research and Applications, 2022, 3(2):67-82.
[4]	Buterin V. A next-generation smart contract and decentralized application platform[J]. White Paper, 2014, 3(37):1-33.
[5]	Bouichou A, Mezroui S, El Oualkadi A. An overview of ethereum and solidity vulnerabilities[C]. Marrakech: International Symposium on Advanced Electrical and Communication Technologies,IEEE, 2020:1-7.
[6]	李洋, 李洁, 葛宁, 等. 面向金融领域的智能合约特定语言设计[J]. 信息安全研究, 2022, 8(5):468-474.
	Li Yang, Li Jie, Ge Ning, et al. Design of a smart contract specific language for financial field[J]. Journal of Information Security Research, 2022, 8(5):468-474.
[7]	李佳利, 杨涵, 钱建平. 新冠肺炎疫情下中国农产品冷链物流可信追溯研究[J]. 农业大数据学报, 2022, 4(1):14-24. doi: 10.19788/j.issn.2096-6369.220101
	Li Jiali, Yang Han, Qian Jianping. An credible traceability system for coldchain logistics developed for China's agricultural products in the context of COVID-19[J]. Journal of Agricultural Big Data, 2022, 4(1):14-24. doi: 10.19788/j.issn.2096-6369.220101
[8]	王晟典, 陈娥, 朱岩, 等. 一种基于区块链智能合约的软件服务交易方法[J]. 工程科学学报, 2023, 45(3):475-488.
	Wang Shengdian, Chen E, Zhu Yan, et al. A software service transaction approach based on blockchain smart contracts[J]. Chinese Journal of Engineering, 2023, 45(3):475-488.
[9]	Nishi F K, Shams-E-Mofiz M, Khan M M, et al. Electronic healthcare data record security using blockchain and smart contract[J]. Journal of Sensors, 2022(5):1-22.
[10]	倪远东, 张超, 殷婷婷. 智能合约安全漏洞研究综述[J]. 信息安全学报, 2020, 5(3):78-99.
	Ni Yuandong, Zhang Chao, Yin Tingting. A suvery of smart contract vulnerability research[J]. Journalof Cyber Security, 2020, 5(3):78-99.
[11]	Zhou H, Milani Fard A, Makanju A. The state of ethereum smart contracts security:Vulnerabilities, countermeasures and tool support[J]. Journal of Cyber Security and Privacy, 2022, 2(2):358-378.
[12]	Feist J, Grieco G, Groce A. Slither:A static analysis framework for smart contracts[C]. Montreal: IEEE/ACM the Second International Workshop on Emerging Trends in Software Engineering for Blockchain, 2019:8-15.
[13]	Tikhomirov S, Voskresenskaya E, Ivanitskiy I, et al. Smartcheck:Static analysis of ethereum smart contracts[C]. Gothenburg: Proceedings of the First International Workshop on Emerging Trends in Software Engineering for Blockchain, 2018:9-16.
[14]	Albert E, Gordillo P, Livshits B, et al. Ethir:A framework for high-level analysis of ethereum bytecode[C]. Los Angeles:Automated Technology for Verification and Analysis: The Sixteenth International Symposium, 2018:513-520.
[15]	Wood G. Solidity 0.8.0 documentation[EB/OL].(2020-03-01)[2023-04-08]https://docs.soliditylang.org/en/v0.8.0.
[16]	ETH. The ethereum blockchain explorer[EB/OL].(2020-06-21)[2023-04-08]https://etherscan.io.
[17]	Daian P. Analysis of the dao exploit[EB/OL].(2016-06-18)[2023-04-08]https://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit.
[18]	Spank Chain. We got spanked:What we know so far[EB/OL].(2018-10-09)[2023-04-08]https://medium.com/spankchain/we-got-spanked-what-we-know-so-far-d5ed3a0f38fe.

变量类型	描述
Int	整型数值类型
Number	浮点数值类型
List	列表类型,参数集合
String	字符串类型
Char	字符类型
Boolean	布尔值类型

运算符	描述
&&	元操作之间的关系为‘与’关系
\|\|	元操作之间的关系为‘或’关系
!	元操作所表示特征不应出现
()	提升优先级

评价维度	评价指标	Slither^[12]	SmartCheck^[13]	StaticPlus
准确性	假阳率/%	10	44	8
准确性	假阳合约个数	50	220	40
性能	平均执行时间/s	0.85	2.8	1.1
鲁棒性	分析报错率/%	3.5	9.7	3.5
鲁棒性	报错合约个数	112	311	112
重入漏洞合约	DAO^[17]	P	Ï	P
重入漏洞合约	SpankChain^[18]	P	Ï	P

漏洞名称	StaticPlus	Slither^[12]	字符数占比/%
时间戳依赖	236	1 863	12.7
重入漏洞	501	5 638	8.9
DelegateCall	121	1 065	11.4

Smart Contract Vulnerability Detection Method Based on Meta-Operation

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 18

Related Articles 15

Metrics

Comments

Recommended 0

[1]	JIANG Shaoxiang, YU Shenglin, MA Jinlong, WU Chubin. Positive High Voltage Charge Pump Applied to Flash-Based FPGA [J]. Electronic Science and Technology, 2025, 38(3): 75-81.
[2]	LUO Ying, SONG Cheng, XU Chenguang. Research of High-Speed Penetration Damage Source Localization Based on Hilbert-Huang Transform [J]. Electronic Science and Technology, 2025, 38(1): 37-44.
[3]	YU Runzhou, LI Peichao. Particle Size Analysis in A Coupled Multi-Physics Models for Lithium-Ion Batteries [J]. Electronic Science and Technology, 2024, 37(9): 1-7.
[4]	ZHOU Xuhu, LI Shigang, LUO Yi, ZHANG Wei. Adaptive Golden Eagle Algorithm Based on Symmetric Mapping Search Strategy and its Application [J]. Electronic Science and Technology, 2024, 37(8): 8-16.
[5]	YUAN Qingqing, WU Ruiqi, MA Ting, XIE Xiaotong. Simplified Model Predictive Current Control for the Six-Phase Full-Bridge Inverter Fed PMSM Drive [J]. Electronic Science and Technology, 2024, 37(3): 34-43.
[6]	ZHENG Shicheng, LIU Hairui, XU Quanwei, LANG Jiahong, FANG Sian, XU Lei. Method of Suppressing Ripple of DC-Side Voltage of Angle-Connected SVG Based on Boost-Type APD [J]. Electronic Science and Technology, 2024, 37(10): 71-80.
[7]	ZHANG Mingyue,FANG Liqing,GUO Deqing,SHI Yonglei,LIU Bingnan. Application Research on Wireless Setting Technology of Electronic Fuze [J]. Electronic Science and Technology, 2023, 36(6): 57-63.
[8]	LIU Jiaqi,SAN Hongjun,CHEN Jiupeng,DU Mengyan,XIAO Le. Workspace Analysis of A Novel 5-DOF Engraving Machine Tool [J]. Electronic Science and Technology, 2023, 36(12): 9-15.
[9]	WANG Yumei,ZHANG Jiqin,ZHOU Yongxin. Combined Heat and Power Low-Carbon Economic Scheduling Considering Carbon Trading and Price Demand Response [J]. Electronic Science and Technology, 2023, 36(10): 74-81.
[10]	YANG Rui,SUN Yanzhou,YU Jianghua,ZHANG Mengfei,WEI Yanfang. Frequency Splitting Characteristics Analysis of Electrical-Field Coupled Wireless Power Transfer [J]. Electronic Science and Technology, 2022, 35(6): 48-53.
[11]	FAN Xiaomin,ZHANG Wei. Fault Diagnosis of Wind Turbine Pitch Actuator Based on Unknown Input Set-Membership Observer [J]. Electronic Science and Technology, 2022, 35(5): 38-46.
[12]	LI Kai,ZUO Wencheng,ZHAO Ziwen,TAN Kangbo. Design and Analysis of Spaceborne 5G Miniaturized Antenna [J]. Electronic Science and Technology, 2022, 35(11): 7-12.
[13]	ZUO Wencheng,ZHAO Ziwen,XU Zhijiang,TAN Kangbo. Analysis and Research of Electromagnetic Environment in Space Station Cabin Based on 5G Communication [J]. Electronic Science and Technology, 2022, 35(10): 1-7.
[14]	LI Gang. A Synthesis Method for Dual-Band Filters with Frequency Variant Couplings [J]. Electronic Science and Technology, 2022, 35(1): 1-5.
[15]	LI Zhehui,YUAN Tianchen,YANG Jian,SONG Ruigang. A New Type of Suspension Magnet Structure for Double-Degree-of-Freedom Vibration Energy Harvester of Axle Box for Railway Vehicle [J]. Electronic Science and Technology, 2022, 35(1): 12-20.