摘要
智能合约是一种能够以信息化方式传播、验证及执行的计算机协议,可以在没有可信第三方的情况下执行,在诸多领域得到了广泛关注和应用。但因其本身存在着许多安全漏洞,且已经造成了巨大的经济损失,使得其安全性方面的研究也成为了热点。本文首先对智能合约的通用架构和运行机制进行了介绍;其次从编程语言、执行环境两个维度,分析了主流智能合约平台存在的固有安全风险;进而从隐私泄露、合约本身漏洞以及恶意合约三个层面分析了智能合约存在的安全风险以及应对技术的研究现状,其中针对合约漏洞部分,对字节码分析、源代码分析、基于机器学习分析以及动态分析等四种应对方法进行归纳,并介绍了每种方法的代表性研究技术;最后展望智能合约的未来研究方向。
Smart contract is a computer protocol that can be disseminated,verified and executed in an informationbased manner.It can be executed without a trusted third party and has been widely concerned and applied in many fields.However,because of its many security vulnerabilities,which have caused huge economic losses,research on its security has also become a hot spot.Firstly,the general architecture and operation mechanism of a smart contract is introduced;Secondly,the inherent security risks of the mainstream smart contract platform are analyzed from the two dimensions of programming language and execution environment;Thirdly,it analyzes the security risks of smart contracts and the research status of coping technologies from three aspects:privacy disclosure,contract vulnerabilities,and malicious contracts.The contract vulnerability part summarizes four response methods from byte code analysis,source code analysis,machine learning-based analysis,and dynamic analysis.It introduces the representative research technology of each method.Finally,the future research direction of a smart contract is given.
作者
卫霞
白国柱
张文俊
师静娴
WEI Xia;BAI Guozhu;ZHANG Wenjun;SHI Jingxian(Xi’an Mingde Institute of Technology,Xi’an 710124,China;Shaanxi Branch of National Computer Network and Information Security Management Center,Xi’an 710075,China)
出处
《世界科技研究与发展》
CSCD
2023年第2期233-242,共10页
World Sci-Tech R&D
基金
陕西省社会科学基金(2020M014)。
关键词
区块链
智能合约
安全风险
恶意合约
交易隐私
Blockchain
Smart Contract
Safety Risk
Malicious Contract
Transaction Privacy
