区块链智能合约漏洞检测与自动化修复综述  被引量：6

作　　者：童俊成 赵波[1] TONG Juncheng;ZHAO Bo(School of Cyber Science and Engineering,Wuhan University,Wuhan Hubei 430072,China)

机构地区：[1]武汉大学国家网络安全学院,武汉430072

出　　处：《计算机应用》2023年第3期785-793,共9页journal of Computer Applications

基　　金：国家自然科学基金资助项目(U1936122);湖北省重点研发计划项目(2020BAB101,2020BAA003)。

摘　　要：智能合约技术作为区块链2.0的里程碑,受到学术界与企业界的广泛关注。智能合约运行在不具有可信计算环境的底层基础设施上,并且具有区别于传统程序的特性,在自身的安全性上存在许多影响很大的漏洞,针对它进行安全审计的研究也成为区块链安全领域的热门与亟需解决的关键科学问题。针对智能合约的漏洞检测与自动化修复,首先介绍智能合约漏洞的主要漏洞类型与分类;然后,调研回顾近五年智能合约漏洞检测的三类最重要的方法,并介绍每类方法具有代表性和创新性的研究技术;其次,详细介绍智能合约升级方案与具有前沿性的自动化修复技术;最后,分析与展望了面向在线、实时、多平台、自动化与智能化需求的智能合约漏洞检测与自动化修复技术的挑战与未来可展开的工作,并提出技术解决方案的框架。Smart contract technology,as a milestone of blockchain 2.0,has received widespread attention from both academic and industry circles.It runs on an underlying infrastructure without trusted computing environment and has characteristics that distinguish it from traditional programs,and there are many vulnerabilities with huge influence in its own security,so that the research on security auditing for it has become a popular and urgent key scientific problem in the field of blockchain security.Aiming at the detection and automatic repair of smart contract vulnerabilities,firstly,main types and classifications of smart contract vulnerabilities were introduced.Secondly,three most important methods of smart contract vulnerability detection in the past five years were reviewed,and representative and innovative research techniques of each method were introduced.Thirdly,smart contract upgrade schemes and cutting-edge automatic repair technologies were introduced in detail.Finally,challenges and future work of smart contract vulnerability detection and automatic repair technologies for online,real-time,multi-platform,automatic,and intelligent requirements were analyzed and prospected as a framework of technical solutions.

关 键 词：区块链安全 智能合约 安全审计 漏洞检测 自动化修复 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]