摘要
智能合约是运行在区块链上的程序,具有去中心化、不可篡改的特性,被广泛应用于金融、能源、物联网等多个领域。然而智能合约一旦实际部署到实时网络上就不能对其更改,在保证合约安全的同时,缺陷和错误也不能通过修改合约代码得以解决,从而导致重大的安全事故。因此合约实际部署前对其进行安全测试已经成为迫切需要解决的问题。介绍了因智能合约漏洞引起的安全事件,对常见的合约漏洞进行详细分析,完成对已有合约分析工具的总结,体现了合约安全问题的研究发展现状。
Smart contract is a program running on the blockchain,which is decentralized and tamperable.It is widely used in finance,energy,Internet of Things and other fields.However,once the smart contract is actually deployed on the real-time network,it can not be changed.While ensuring the security of the contract,defects and errors can not be solved by modifying the contract code,resulting in major security incidents.Therefore,it has become an urgent problem to test the security of the contract before the actual deployment.This paper introduces the security incidents caused by smart contract vulnerabilities,analyzes the common contract vulnerabilities in detail,and summarizes the existing contract analysis tools,which reflects the research and development status of contract security issues.
作者
赵辉
李星
谭嘉诚
盖珂珂
Zhao Hui;Li Xing;Tan Jiacheng;Gai Keke(Software College,Henan University,Kaifeng 475000,China;School of Cyberspace Science and Technology,Beijing Institute of Technology,Beijing 100081,China)
出处
《信息技术与网络安全》
2021年第5期1-6,19,共7页
Information Technology and Network Security
关键词
智能合约
漏洞分析
区块链
安全分析工具
smart contract
vulnerability analysis
block chain
security analysis tool
