区块链智能合约安全研究

信息安全研究 ›› 2019, Vol. 5 ›› Issue (3): 192-206.

区块链智能合约安全研究

黄凯峰,张胜利,金石

深圳大学信息工程学院N206

收稿日期:2019-03-12 出版日期:2020-03-15 发布日期:2019-03-12
通讯作者: 黄凯峰
作者简介:黄凯峰硕士，主要研究方向为区块链、智能合约安全等. 413433601@qq.com 张胜利博士，教授，博士生导师，物理层网络编码创始人，主要研究方向为无线网络、区块链关键技术、物理层网络编码等. zsl@szu.edu.cn 金石博士，教授，博士生导师，国家杰出青年基金获得者，入选国家“万人计划”科技创新领军人才，主要研究方向为5GB5G移动通信理论与关键技术研究、物联网理论与关键技术研究以及机器学习与大数据处理在移动通信中的应用等. jinshi@seu.edu.cn

The Security Research of Blockchain Smart Contract

Received:2019-03-12 Online:2020-03-15 Published:2019-03-12

摘要/Abstract

摘要： 区块链是通过去中心化、去信任化的方式维护的分布式账本，其发展可以划分为3个阶段:区块链1.0，2.0和3.0.区块链1.0以比特币为代表，提供了非图灵完备的脚本语言；区块链2.0以以太坊为代表，在比特币的基础上引入了智能合约的概念，提供了图灵完备的可编程语言Solidity，使得区块链的应用范围从单纯的货币领域拓展到其他领域；区块链3.0将会是可编程世界，社会各行各业都以自治的方式运转.智能合约作为区块链2.0最为显著的特点，在构建去中心化应用中发挥了重要的作用.但近年来，智能合约安全事件频发，给项目方和投资方带来了巨大损失，智能合约的安全问题逐渐引来多方的关注.首先介绍了区块链的基本概念，接着阐述了以太坊相关知识，然后对智能合约作了全面的介绍，包括运行环境、构成、部署流程和工作原理.主体对现存已知的智能合约漏洞进行分类总结，并且对每一类漏洞都给出解决方法.

关键词: 区块链, 以太坊, 智能合约, 安全, 漏洞

Abstract: The blockchain is a distributed ledger maintained through decentralization and detrusting. Its development can be divided into three phases, blockchains 1.0, 2.0 and 3.0. Blockchain 1.0 is represented by Bitcoin and provides a nonturing complete scripting language. Blockchain 2.0 is represented by Ethereum and introduces the concept of smart contract on the basis of Bitcoin. It provides Turing complete programming language Solidity, it extends the application of blockchain from a purely monetary domain to other areas; blockchain 3.0 will be a programmable world, and all walks of life will operate in an autonomous manner. Smart contract, as the most significant feature of blockchain 2.0, plays an important role in building decentralized applications. However, in recent years, smart contract security incidents have occurred frequently, causing huge losses to project parties and investors. The security issue of smart contract have gradually attracted much attention. The article first introduces the basic concept of the blockchain, then expounds the knowledge of Ethereum, and then gives a comprehensive introduction to the smart contract, including the operating environment, composition, deployment process and working principle. The paper mainly classifies and summarizes existing known smart contract vulnerabilities, and provides solutions for each type of vulnerabilities.

Key words: blockchain, Ethereum, smart contract, security, vulnerability

黄凯峰张胜利金石. 区块链智能合约安全研究[J]. 信息安全研究, 2019, 5(3): 192-206.

参考文献

[1] 袁勇, 王飞跃. 区块链技术发展现状与展望[J]. 自动化学报, 2016, 42(4):481-494. Yuan Yong, Wang Feiyue. Development Status and Prospects of Blockchain Technology[J]. Journal of Automation, 2016, 42(4): 481-494. [2] SWAN M. Blockchain: Blueprint for a new economy[M]. "O ' Reilly Media, Inc.", 2015: 212-235. [3] Nakamoto S. Bitcoin: A peer-to-peer electronic cash system[J]. 2008. [4] Cuccuru P. Beyond bitcoin: an early overview on smart contracts[J]. International Journal of Law and Information Technology, 2017, 25(3): 179-195. [5] Szabo N. Smart contracts, 1994[J]. Virtual School, 1994. [6] Crosby M, Pattanayak P, Verma S, et al. Blockchain technology: Beyond bitcoin[J]. Applied Innovation, 2016, 2: 6-10. [7] 李澍.成都链安科技CEO杨霞：80%的智能合约都存在安全漏洞[EB/OL].[2018-11-07].http://www.investorscn.com/2018/08/22/79145/ Li Shu. Yang Xia, CEO of Chengdu Chain Security Technology: 80% of smart contracts have security vulnerabilities [EB/OL] .[2018-11-07].http://www.investorscn.com/2018/08/22/79145/ [8] 互联网.当智能合约遇到“黑客”[EB/OL] .[2018-11-07].https://www.csdn.net/article/a/2018-06-16/15952248 Internet. When a smart contract encounters a "hacker" [EB/OL] .[2018-11-07] .https://www.csdn.net/article/a/2018-06-16/15952248 [9] Pilkington M. 11 Blockchain technology: principles and applications[J]. Research handbook on digital transformations, 2016: 225. [10] Tapscott D, Tapscott A. Blockchain revolution: how the technology behind bitcoin is changing money, business, and the world[M]. Penguin, 2016. [11] Zheng Z, Xie S, Dai H, et al. An overview of blockchain technology: Architecture, consensus, and future trends[C]//Big Data (BigData Congress), 2017 IEEE International Congress on. IEEE, 2017: 557-564. [12] Iansiti M, Lakhani K R. The truth about blockchain[J]. Harvard Business Review, 2017, 95(1): 118-127. [13] UnderwoodS. Blockchain beyond bitcoin[J]. Communications of the ACM, 2016, 59(11): 15-17. [14] Forte P, Romano D, Schmid G. Beyond Bitcoin-Part I: A critical look at blockchain-based systems[J]. IACR Cryptology ePrint Archive, 2015, 2015: 1164. [15] Chiu J, Koeppl T V. The economics of cryptocurrencies–bitcoin and beyond[J]. 2017. [16] Karame G. On the security and scalability of bitcoin's blockchain[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2016: 1861-1862. [17] 王元地, 李粒, 胡谍. 区块链研究综述[J]. 中国矿业大学学报 (社会科学版), 2018, 3: 006. Wang Yuandi, Li Ii, Hu Die. Review of Blockchain Research[J]. Journal of China University of Mining & Technology (Social Science Edition), 2018, 3: 006. [18] He D, Habermeier K F, Leckow R B, et al. Virtual currencies and beyond: initial considerations[R]. International Monetary Fund, 2016. [19] Halaburda H, Sarvary M. Beyond bitcoin[J]. The Economics of Digital Currencies, 2016. [20] 安庆文. 基于区块链的去中心化交易关键技术研究及应用[D]. 东华大学, 2017. An Qingwen. Research and application of key technologies for decentralized transactions based on blockchain [D]. Donghua University, 2017. [21] Omohundro S. Cryptocurrencies, smart contracts, and artificial intelligence[J]. AI matters, 2014, 1(2): 19-21. [22] 李赫, 孙继飞, 杨泳, 等. 基于区块链 2.0 的以太坊初探[J]. 中国金融电脑, 2017 (6): 57-60. Li He, Sun Jifei, Yang Yong, et al. A preliminary study on Ethereum based on blockchain 2.0[J]. China Financial Computer, 2017 (6): 57-60. [23] Buterin V. A next-generation smart contract and decentralized application platform[J]. white paper, 2014. [24] Bartoletti M, Pompianu L. An empirical analysis of smart contracts: platforms, applications, and design patterns[C]//International Conference on Financial Cryptography and Data Security. Springer, Cham, 2017: 494-509. [25] Cong L W, He Z. Blockchain disruption and smart contracts[R]. National Bureau of Economic Research, 2018. [26] Sergey I, Hobor A. A concurrent perspectiveon smart contracts[C]//International Conference on Financial Cryptography and Data Security. Springer, Cham, 2017: 478-493. [27] Bocek T, Stiller B. Smart Contracts–Blockchains in the Wings[M]//Digital Marketplaces Unleashed. Springer, Berlin, Heidelberg, 2018: 169-184. [28] Luu L, Chu D H, Olickel H, et al. Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2016: 254-269. [29] Atzei N, Bartoletti M, Cimoli T. A survey of attacks on ethereum smart contracts (sok)[M]//Principles of Security and Trust. Springer, Berlin, Heidelberg, 2017: 164-186. [30] hejia729371286.从技术层面浅析美链BEC从诞生到覆灭[EB/OL] .[2018-11-07].https://blog.csdn.net/hejia729371286/article/details/80339804 hejia729371286. From the technical level, the analysis of the beauty chain BEC from birth to destruction[EB/OL] . [2018-11-07].https://blog.csdn.net/hejia729371286/article/details/80339804.