摘要
区块链技术已经进入了以智能合约为标志的区块链2.0时代,频发的智能合约安全问题给区块链生态带来了严重的损失。通过对比不同的智能合约漏洞检测方法与检测工具存在的安全漏洞问题,总结出13种常见漏洞检测项。通过讨论5种主流的智能合约漏洞检测方法与相应的漏洞检测工具,对比总结5种漏洞检测工具针对13种漏洞检测项的检测情况。对比分析3种漏洞检测工具对于200个测试合约的检测结果,得出模糊测试检测方法简单高效并且不会产生误报。最后,针对检测结果展望智能合约漏洞检测技术的未来研究方向,并给出针对现有漏洞检测方法的改进思路,从而利于提高智能合约漏洞检测效率。
Blockchain has entered the blockchain 2.0 era marked by smart contracts.However,frequent security issues of smart contracts cause serious losses to blockchain ecology.By comparing the security vulnerabilities of different smart contract vulnerability detection methods and detection tools,thirteen vulnerability detection items are summarised.By discussing the mainstream of smart contract vulnerability detection method and the corresponding detection tools,detections of 13 vulnerability detection items by 5 vulnerability detection tools are compared and summarized.The detection results of 3 vulnerability detection tools for 200 test contracts is verified and the detection results show that the fuzzing detection method is simple and efficient without producing false positives.Based on the experimental results,the future prospective research and the improvement strategies of existing vulnerability detection methods are proposed to improve the efficiency of smart contract vulnerability detection.
作者
孙家泽
余盼盼
王小银
张斌
SUN Jiaze;YU Panpan;WANG Xiaoyin;ZHANG Bin(School of Computer Science and Technology,Xi'an University of Posts and Telecommunications,Xi'an 710121,China)
出处
《西安邮电大学学报》
2020年第5期1-9,32,共10页
Journal of Xi’an University of Posts and Telecommunications
基金
陕西省重点研发计划项目(2020GY-010)
西安市科技计划项目(2019218114GXRC017CG018-GXYD17.10)。
关键词
区块链安全
智能合约
漏洞检测工具
blockchain security
smart contracts
vulnerability detection methods
