信息安全研究 ›› 2023, Vol. 9 ›› Issue (12): 1166-.

• 学术论文 • 上一篇    下一篇

智能合约安全漏洞研究现状

沈传年


  

  1. (国家计算机网络应急技术处理协调中心上海分中心上海201315)

  • 出版日期:2023-12-20 发布日期:2023-12-28
  • 通讯作者: 沈传年 硕士,工程师.主要研究方向为网络与信息安全、区块链. 596789584@qq.com
  • 作者简介:沈传年 硕士,工程师.主要研究方向为网络与信息安全、区块链. 596789584@qq.com

Research Status of Smart Contract Security Vulnerabilities#br#
#br#

Shen Chuannian#br#

#br#
  

  1. (Shanghai Branch of National Computer Network Emergency Response Technical TeamCoordination Center of China, Shanghai 201315)

  • Online:2023-12-20 Published:2023-12-28

摘要: 区块链技术凭借其独有的去中心化、不可篡改、可追溯等特点,为社会发展中的信任问题、存证问题、数据治理问题等提供了全新的解决思路.而智能合约作为区块链的核心支撑技术,通过编写去中心化应用将区块链的应用范围从单一数字货币领域扩展至其他泛金融领域.但随着智能合约在区块链中应用的不断发展,其面临的安全问题也正日益突出,因此对智能合约的安全漏洞问题进行研究尤为重要.首先介绍了整数溢出漏洞、重入攻击漏洞等11种智能合约安全漏洞问题及其防范策略;然后讨论了形式化验证、符号执行、模糊测试、污点分析4种漏洞检测方法及其对应的检测工具;最后在总结现有漏洞检测工作不足的基础上对未来研究方向进行了展望.

关键词: 区块链, 智能合约, 以太坊, 漏洞, 安全

Abstract: With its unique characteristics of decentralization, nontampering, and traceability, blockchain technology provides a new solution to issues such as trust, certificate storage, and data governance in social development. As the core supporting technology of blockchain, smart contract expands the application scope of blockchain from the single digital currency field to other panfinance fields by writing decentralized applications. However, with the continuous development of the application of smart contract in blockchain, its security problems are becoming increasingly prominent. Therefore, it is particularly important to study the security vulnerabilities of smart contract. This paper firstly introduces 11 kinds of smart contract security vulnerabilities such as integer overflow vulnerability, reentrancy attack vulnerability and their prevention strategies, then discusses 4 vulnerability detection methods and corresponding detection tools such as formal verification, symbolic execution, fuzzing testing and taint analysis, and finally looks forward to the future research directions based on summarizing the shortcomings of existing vulnerability detection work.

Key words: blockchain, smart contract, Ethereum, vulnerability, security

中图分类号: