It takes smart contract bytecode as input and uses four components including CFG builder, explorer, core analysis and validator to perform CFG construction, symbolic execution, constraint solving, and false alarm filtering. Oyente is one of the earliest researches on automated smart contract vulnerability mining. Based on the special operating environment, life cycle and program characteristics of smart contracts, these studies have improved existing program analysis techniques to achieve better automated vulnerability mining effects. 5 introduces the experimental results of our vulnerability detection, the last section summarizes our main contributionsĪt present, there have been a lot of related work on smart contract vulnerability detection, and the main methods adopted are fuzzing testing, symbolic execution, formal verification and other technologies. 4 introduces framework design and vulnerability detection details of our system Sect. 3 introduces the most current types of vulnerabilities in smart contracts Sect. Section 1 mainly introduces the background and summary of this article Sect. This article is mainly divided into five parts. Experimental results show that the technology can detect common vulnerabilities in 1552 different contracts with high accuracy. This paper analyzes the characteristics of Ethereum smart contract vulnerabilities and proposes a smart contract vulnerability detection technology based on symbolic execution and constraint solving. How to judge the correctness and security of the smart contract codes effectively has become an important direction of today’s blockchain security research. The security issues of smart contracts have emerged rapidly in the past two years. So far, the losses caused by the security issues of smart contracts have ranged from 30 million to 152 million dollars, and the upper limit number is still growing. The first vulnerability of parity multi-signature wallet resulted in a $30 million loss, and the second vulnerability led to a freezing of $100 million. In June 2016, the DAO security breach broke out, which caused a loss of 60 million dollars. At the same time, the security of smart contracts is also facing huge challenges. Smart contract technology is widely used in various fields such as infrastructure, commercial retail, games, social media and communications because of its safety, reliability, fairness, and efficiency characteristics. The Ethereum consensus protocol guarantees the fairness of contract execution. Smart contracts are programs deployed on the Ethereum network and executed by the Ethereum virtual machine. Ethereum is an open source decentralized blockchain platform, mainly used for the execution of smart contracts. In April 2014, Gavin published the Yellow Paper of Ethereum and the concept of smart contracts began to spread widely. ![]() With the rise of Bitcoin, blockchain technology has gradually appeared in people’s vision. It has a high accuracy of detection result, and gives support for export vulnerability report. The system can detect some common types of vulnerabilities, such as the integer overflow and underflow vulnerability, reentry vulnerability and unchecked call return value vulnerability. The system uses the assembly instruction sequences of the smart contract to generate the control flow graph, then performs symbolic execution and vulnerability constraint solving over the control flow. This project has designed and implemented a vulnerability detection system of Ethereum smart contract. Therefore the security of smart contracts is imminent. Once the smart contract vulnerability is exploited, it is very likely to bring the loss of cryptocurrencies, the disorder of the financial order and other catastrophic consequences. The well-known DAO vulnerability, and Parity multi-signature wallet’ vulnerabilities have leaded to a hundreds of millions dollars loss, and they are both caused by the security problems of smart contracts. However, the correctness and security of the smart contract itself are facing huge problems. The number of smart contracts has grown at a high rate and nearly at an average of thousands per day. With the rapid development of the blockchain, smart contract technology has been widely applied.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |