摘要
区块链技术凭借其独有的去中心化、不可篡改、可追溯等特点,为社会发展中的信任问题、存证问题、数据治理问题等提供了全新的解决思路.而智能合约作为区块链的核心支撑技术,通过编写去中心化应用将区块链的应用范围从单一数字货币领域扩展至其他泛金融领域.但随着智能合约在区块链中应用的不断发展,其面临的安全问题也正日益突出,因此对智能合约的安全漏洞问题进行研究尤为重要.首先介绍了整数溢出漏洞、重入攻击漏洞等11种智能合约安全漏洞问题及其防范策略;然后讨论了形式化验证、符号执行、模糊测试、污点分析4种漏洞检测方法及其对应的检测工具;最后在总结现有漏洞检测工作不足的基础上对未来研究方向进行了展望。
With its unique characteristics of decentralization,non-tampering,and traceability,blockchain technology provides a new solution to issues such as trust,certificate storage,and data governance in social development.As the core supporting technology of blockchain,smart contract expands the application scope of blockchain from the single digital currency field to other panfinance fields by writing decentralized applications.However,with the continuous development of the application of smart contract in blockchain,its security problems are becoming increasingly prominent.Therefore,it is particularly important to study the security vulnerabilities of smart contract.This paper firstly introduces 11 kinds of smart contract security vulnerabilities such as integer overflow vulnerability,reentrancy attack vulnerability and their prevention strategies,then discusses 4 vulnerability detection methods and corresponding detection tools such as formal verification,symbolic execution,fuzzing testing and taint analysis,and finally looks forward to the future research directions based on summarizing the shortcomings of existing vulnerability detection work.
作者
沈传年
Shen Chuannian(Shanghai Branch of National Com puter Network Emergency Response Technical Team/Coordination Center of China,Shanghai 201315)
出处
《信息安全研究》
CSCD
2023年第12期1166-1172,共7页
Journal of Information Security Research
关键词
区块链
智能合约
以太坊
漏洞
安全
blockchain
smart contract
Ethereum
vulnerability
security