检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:费佳佳 赵相福 陈霄汉 张登记 FEI Jiajia;ZHAO Xiangfu;CHEN Xiaohan;ZHANG Dengji(School of Computer and Control Engineering,Yantai University,Yantai 264005,Shandong,China;Department of Computer,Zhejiang Normal University,Jinhua 321004,Zhejiang,China)
机构地区:[1]烟台大学计算机控制与工程学院,山东烟台264005 [2]浙江师范大学计算机系,浙江金华321004
出 处:《应用科学学报》2024年第6期1027-1039,共13页Journal of Applied Sciences
基 金:国家自然科学基金(No.61972360,No.62072392)资助。
摘 要:Smartcheck是以太坊智能合约的一个典型的静态分析工具,其将基于Solidity语言的智能合约源代码转换为基于XML的中间表示,并依据XPath模式进行检查。虽然Smartcheck能够有效地分析许多安全漏洞,但部分漏洞的分析并不完善且收录的漏洞也不够完整。针对该问题,本文通过对漏洞原理的深入分析,在时间戳依赖、整数溢出和delegatecall等典型漏洞方面进一步完善了Smartcheck,并实现了一个新的检测工具SmartETH。通过真实大数据集和5份具体合约验证表明,SmartETH能够更好地检测出相关的漏洞,同时减少了大量漏洞的误报和漏报问题。Smart contracts on blockchain operate on quantity of digital assets.Once deployed on blockchain,they are difficult to modify.Therefore,the analysis and detection of security vulnerabilities of smart contracts has become an important research topic.Smartcheck is a static analysis tool for Ethereum smart contracts that converts Solidity source code into an XML-based intermediate representation and checks it against XPath patterns.While Smartcheck can analyze most of the vulnerabilities,it has limitations in terms of coverage and accuracy.To address these issues,we developed a new tool,SmartETH,to further improve Smartcheck by analyzing typical vulnerabilities such as timestamp dependency,integer overflow and delegatecall vulnerabilities.The improved Smartcheck is tested on a large dataset and verified by five specific contracts,demonstrating improved accuracy in vulnerability detection.In addition,improvements have reduced false positives and missed positives for many vulnerabilities.
关 键 词:智能合约 安全漏洞 Smartcheck 以太坊 区块链
分 类 号:TP31[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.170