智能合约漏洞检测分析研究综述

Survey of Research on Vulnerability Detection and Analysis of Smart Contracts

随着智能合约的快速发展,针对智能合约的攻击越来越普遍。为了智能合约漏洞检测技术的提升,对智能合约漏洞的基本类型和常见检测技术进行分类总结。根据智能合约漏洞产生的原因将漏洞类型分为3类,并分析5种典型漏洞成因,向开发者就如何规避漏洞产生提供建议。分析当前智能合约漏洞检测技术的研究现状,统计了3种检测技术的6款工具对于常见的智能合约漏洞的检测能力,发现不同检测技术的工具基本都具备对可重入漏洞、异常障碍和时间戳依赖漏洞的检测能力,但对与第三方应用程序交互的智能合约漏洞的自动化检测存在一定难度。

With the rapid development of smart contracts,attacks against smart contracts are becoming increasingly common.The detection technology of smart contract vulnerabilities is improved by cat⁃egorizing and summarizing the basic types and common detection techniques.Based on the causes of smart contract vulnerabilities,vulnerability types are classified into three categories,and 5 typical vul⁃nerability causes are analyzed to provide suggestions to developers on how to avoid vulnerabilities.The current research status of smart contract vulnerability detection technology is analyzed,and the detec⁃tion capabilities of 6 tools from three detection technologies for common smart contract vulnerabilities are statistically analyzed.It is found that tools from different detection technologies generally have the ability to detect reentrant vulnerabilities,abnormal obstacles,and timestamp dependent vulnerabili⁃ties,but there are certain difficulties in automating the detection of smart contract vulnerabilities that interact with third-party applications.