面向智能合约漏洞检测的改进符号执行研究  被引量：4

作　　者：李宗鸿 胡大裟[1,2] 蒋玉明[1,2] Li Zonghong;Hu Dasha;Jiang Yuming(College of Computer Science,Sichuan University,Chengdu 610065,China;Big Data Analysis&Fusion Application Technology Engineering Laboratory of Sichuan Province,Sichuan University,Chengdu 610065,China)

机构地区：[1]四川大学计算机学院,成都610065 [2]四川大学四川省大数据分析与融合应用技术工程实验室,成都610065

出　　处：《计算机应用研究》2021年第7期1943-1946,共4页Application Research of Computers

基　　金：国家重点研发计划资助项目(2020YFB1707900);四川省科技计划资助项目(2019YFG0400)。

摘　　要：由于区块链不可窜改的特性,部署到区块链上的智能合约不可更改。为了提高合约的安全性,防止智能合约出现整数溢出、短地址攻击、伪随机等问题,在合约部署之前需对合约进行漏洞检测。针对智能合约的整数溢出漏洞利用符号执行进行分析研究,对现有符号执行方法进行调查发现检测速度较慢,从而提出一种自底向上求解约束的改进符号执行方法,并结合深度优先与广度优先进行路径选择从而提高符号执行的代码覆盖率。实验结果表明,改进符号执行在选取的100份含溢出漏洞的智能合约中检测正确率达84%,平均检测效率提高了20%,在中等规模智能合约中检测效率提升显著,检测结果正确率较高。Due to the immutable nature of the blockchain,smart contracts that have been deployed on the blockchain cannot be changed.In order to improve the security of the contract and prevent the smart contract from integer overflow,short address attacks,pseudo-random,etc.,it is necessary that perform vulnerability detection on the contract before the contract have been deployed.This paper analyzed and researched the symbolic execution of the integer overflow vulnerability of the smart contract,and the investigation found that the detection speed of existing symbolic execution methods was slow.Then this paper proposed an improved symbolic execution method for solving constraints from the bottom,which combined depth first and breadth first path selection to improve code coverage of symbolic execution.The experimental results show that the improved symbolic execution has a detection accuracy rate of 84%in the selected 100 smart contracts containing overflow vulnerabilities,and the average detection efficiency has increased by 20%.The detection efficiency in medium-scale smart contracts has increased significantly,and the detection results have a higher accuracy high.

关 键 词：区块链 智能合约 合约漏洞 符号执行 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]