基于流形鸽群优化的智能合约重入性漏洞检测方法研究  被引量：1

作　　者：刘方青 黄翰[1] 向毅 郝志峰[2,3] LIU FangQing;HUANG Han;XIANG Yi;HAO ZhiFeng(School of Sofiware Engineering,South China University of Technology,Guangzhou 510006,China;School of Computer,Shantou University,Shantou 515063,China;School of Computer,Guangdong University of Technology,Guangzhou 510006,China)

机构地区：[1]华南理工大学软件学院,广州510006 [2]汕头大学计算机学院,汕头515063 [3]广东工业大学计算机学院,广州510006

出　　处：《中国科学：技术科学》2023年第11期1922-1938,共17页Scientia Sinica(Technologica)

基　　金：国家自然科学基金项目(批准号:61772225,61876207);广州科技项目(编号:201802010007);广东省重点领域研发计划(编号:2018B010109003)资助。

摘　　要：重入性漏洞在智能合约中普遍存在,可能造成巨大的经济损失.现有的基于符号执行的静态分析工具通过预设的规则判断漏洞是否存在,然而预设规则不全面可能会导致重入性漏洞的误报.为了避免误报,本研究尝试从软件测试用例生成的动态分析角度解决这一难题.本文将该应用场景抽象为存在重入性循环路径的路径覆盖测试用例自动生成问题,通过生成并执行覆盖重入性循环路径的测试用例来检测重入性漏洞.以鸽群算法为代表的群体智能算法是求解测试用例生成这类黑盒优化问题的常用方法.鸽群算法在整个决策空间内围绕种群最优解邻域搜索,然而,问题的最优解可能并不在该邻域内,导致路径覆盖率较低.为了提升鸽群算法的路径覆盖率,本文将利用流形启发式算子改进鸽群算法,使其分配更多的算力搜索与优化目标相关的子空间,从而提升鸽群算法求解效率,覆盖重入性循环路径.实验结果显示,改进后的流形鸽群算法能够更加高效地生成覆盖重入性循环路径的测试用例,检测出被测合约的重入性漏洞.与Oyente,Securify和Smartcheck这三个智能合约测试工具相比,本文提出的方法能够有效避免重入性漏洞的误报,在实验的8个被测试智能合约中重入性漏洞识别准确率分别提升12.5%,12.5%和25%.Reentrancy vulnerability commonly exists in smart contracts and results in serious economic losses.The existing symbolic execution-based static analyzing tools detect the reentrancy vulnerability by evaluating the default rules.However,the incompleteness of the default rules can lead to false positive judgments.We attempt to solve this problem from the perspective of test case generation based on dynamic execution.In this paper,the application scenario is abstracted as a mathematical model of the automated test case generation for path coverage(ATCG-PC)with reentrancy loop paths.The reentrancy vulnerability can be detected by executing the test cases of the reentrancy loop paths.The swarm intelligence algorithm represented by the pigeon optimization algorithm is a common method for solving the black-box optimization problem.The pigeon-inspired optimization algorithm searches in the neighbor of the population optimal solution;however,the optimal solution of the large-scale black-box optimization problem may not be in this neighbor.An improved pigeon-inspired optimization algorithm is proposed herein to improve the path coverage rate of the pigeon-inspired optimization algorithm for the ATCG-PC.The proposed algorithm allocates more computational resources to the subspace related to the target path,consequently improving the effectiveness of the pigeon-inspired optimization algorithm.It helps the pigeon-inspired optimization algorithm to cover the reentrancy loop path.The experimental results show that the improved pigeon-inspired optimization algorithm can effectively generate path coverage test cases in different smart contracts.The proposed method can also find all possible paths and accurately detect the reentrancy vulnerabilities when other tools(i.e.,Oyente,Securify,and Smartcheck)make false positive judgments in the eight selected benchmarks.The recognition accuracy of the reentrancy vulnerabilities is improved by 12.5%,12.5%,and 25%.

关 键 词：智能合约 重入性漏洞 鸽群算法 测试用例自动生成 路径覆盖 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]