基于多访问控制的智能合约重入攻击防御方法  

作　　者：陈虹[1] 谢金彤 金海波 武聪 马博宇 Chen Hong;Xie Jintong;Jin Haibo;Wu Cong;Ma Boyu(College of Software,Liaoning Technical University,Huludao,Liaoning 125105;Institute of Science and Technology,Liaoning Technical University,Fuxin,Liaoning 123032)

机构地区：[1]辽宁工程技术大学软件学院,辽宁葫芦岛125105 [2]辽宁工程技术大学科学技术研究院,辽宁阜新123032

出　　处：《信息安全研究》2025年第4期333-342,共10页Journal of Information Security Research

基　　金：国家自然科学基金项目(62173171);辽宁省教育厅科研项目(LJKFZ20220198)。

摘　　要：为解决智能合约在处理外部合约调用时存在漏洞而导致的重入攻击问题,提出一种基于多访问控制(multiple access controls,MAC)的智能合约重入攻击防御方法.通过采用多访问控制仅允许合约所有者进行调用,并防止函数在执行期间对同一事务重复进入;同时修改状态变量存储安全合约地址并更新合约状态.最后使用形式化验证运行经过防御后的智能合约.以银行存取款交易模型为例验证该方法.实验结果表明,采用该防御方法的智能合约能够有效解决外部合约调用时存在的重入攻击问题.相较于其他主流防御方法具有较高的可行性、有效性、逻辑正确性和易理解性;相较于未进行防御的合约,防御后的智能合约在等效内存使用量上减少了64.51%,同时缩短了运行时间.In order to solve the problem of re-entry attacks caused by the vulnerability of smart contracts in handling external contract calls,a smart contract re-entry attack defense method based on Multiple Access Controls(MAC)is proposed.By using MAC,only the contract owner is allowed to make calls and prevent functions from repeatedly entering the same transaction during execution;at the same time,the state variable is modified to store the secure contract address and update the contract state.Finally,formal verification is used to run the defended smart contract.In this paper,we verifies the method with a bank deposit and withdrawal transaction model.The experimental results show that the smart contract using this defense method can effectively solve the problem of re-entry attacks when external contracts are invoked.Compared with other mainstream defense methods,it has higher feasibility,effectiveness,logical correctness and comprehensibility;compared with the undefended contract,the defended smart contract reduces the equivalent memory usage by 64.51%,and the running time is also shortened.

关 键 词：智能合约 多访问控制 重入攻击 形式化验证 银行存取款 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]