期刊文献+

基于模糊测试的智能合约正确性检测

Correctness Detection of Smart Contract Based on Fuzzing
下载PDF
导出
摘要 智能合约的发展处于初期阶段,底层编程语言和应用平台的不同使得智能合约的设计缺少规范,极易出现漏洞,造成损失。针对以太坊区块链平台上智能合约存在的安全漏洞问题,提出了一种基于模糊测试的智能合约正确性检测方法。该方法根据智能合约内容及规范生成模糊输入,并根据模糊输入在以太坊虚拟机内执行智能合约,监控合约在执行过程中的行为,生成多个日志文件,提取日志文件中的关键信息,对测试用例进行触发测试,从而得到智能合约所包含漏洞的情况,实现正确性检测。在实验过程中,该方法针对416个智能合约中的七类常见漏洞进行了漏洞检测,标记出了19个存在漏洞的智能合约。经过人工审计分析发现,在这19个被标记的不正确智能合约中,有18个智能合约确实存在安全漏洞。实验结果表明所提方法能够以较高的准确率识别智能合约中包含的漏洞,从而检测智能合约的正确性。 The development of smart contracts is in its early stages.Different underlying programming languages and application platforms make the design of smart contracts lack specifications,which is prone to loopholes and losses.For the security vulnerability of smart contracts on Ethereum,it proposes a method for correctness detection of smart con-tracts based on fuzzing.This method generates fuzzy inputs based on the content and specifications of the smart contract,executes the smart contract in Ethereum virtual machine according to the fuzzy inputs,monitors the behavior of the con-tract in the execution process,generates multiple log files,extracts key information from the log files,triggers the test cases to get the vulnerabilities contained in the smart contract,and achieves the correctness detection.During the experiment,it detects 416 smart contracts for seven common vulnerability types and identifies 19 smart contracts as vulnerabilities.According to the analysis of artificial auditing,18 of the 19 marked incorrect contracts do have security vulnerabilities.The experimental results show that the proposes method can identify the vulnerabilities contained in the smart contract with high accuracy,to detect the correctness of the smart contract.
作者 王嘉诚 蒋佳佳 赵佳豪 张玉书 王良民 WANG Jiacheng;JIANG Jiajia;ZHAO Jiahao;ZHANG Yushu;WANG Liangmin(College of Computer Science and Technology/College of Artificial Intelligence/College of Software,Nanjing University of Aeronautics and Astronautics,Nanjing 211106,China;School of Cyber Science and Engineering,Southeast University,Nanjing 211106,China)
出处 《计算机工程与应用》 CSCD 北大核心 2024年第5期307-320,共14页 Computer Engineering and Applications
基金 国家重点研发计划基金(2020YFB1005500) 南京航空航天大学研究生创新训练项目(xcxjh20221616)。
关键词 智能合约 漏洞检测 模糊测试 正确性检测 以太坊 smart contract vulnerability detection fuzzing correctness detection Ethereum
  • 相关文献

参考文献8

二级参考文献30

共引文献852

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部