《计算机应用》唯一官方网站 ›› 2023, Vol. 43 ›› Issue (3): 785-793.DOI: 10.11772/j.issn.1001-9081.2022020179

• 网络空间安全 • 上一篇    下一篇

区块链智能合约漏洞检测与自动化修复综述

童俊成, 赵波()   

  1. 武汉大学 国家网络安全学院,武汉 430072
  • 收稿日期:2022-02-18 修回日期:2022-05-11 接受日期:2022-05-11 发布日期:2022-08-16 出版日期:2023-03-10
  • 通讯作者: 赵波
  • 作者简介:童俊成(1995—),男,湖北武汉人,博士研究生,主要研究方向:区块链安全、可信计算
    赵波(1972—),男,山东青岛人,教授,博士,CCF会员,主要研究方向:信息系统安全、可信计算、区块链安全、人工智能、大数据安全隐私保护。
  • 基金资助:
    国家自然科学基金资助项目(U1936122);湖北省重点研发计划项目(2020BAB101)

Review on blockchain smart contract vulnerability detection and automatic repair

Juncheng TONG, Bo ZHAO()   

  1. School of Cyber Science and Engineering,Wuhan University,Wuhan Hubei 430072,China
  • Received:2022-02-18 Revised:2022-05-11 Accepted:2022-05-11 Online:2022-08-16 Published:2023-03-10
  • Contact: Bo ZHAO
  • About author:TONG Juncheng, born in 1995, Ph. D. candidate. His research interests include blockchain security, trusted computing.
  • Supported by:
    National Natural Science Foundation of China(U1936122);Key Research and Development Program of Hubei Province(2020BAB101)

摘要:

智能合约技术作为区块链2.0的里程碑,受到学术界与企业界的广泛关注。智能合约运行在不具有可信计算环境的底层基础设施上,并且具有区别于传统程序的特性,在自身的安全性上存在许多影响很大的漏洞,针对它进行安全审计的研究也成为区块链安全领域的热门与亟需解决的关键科学问题。针对智能合约的漏洞检测与自动化修复,首先介绍智能合约漏洞的主要漏洞类型与分类;然后,调研回顾近五年智能合约漏洞检测的三类最重要的方法,并介绍每类方法具有代表性和创新性的研究技术;其次,详细介绍智能合约升级方案与具有前沿性的自动化修复技术;最后,分析与展望了面向在线、实时、多平台、自动化与智能化需求的智能合约漏洞检测与自动化修复技术的挑战与未来可展开的工作,并提出技术解决方案的框架。

关键词: 区块链安全, 智能合约, 安全审计, 漏洞检测, 自动化修复

Abstract:

Smart contract technology, as a milestone of blockchain 2.0, has received widespread attention from both academic and industry circles. It runs on an underlying infrastructure without trusted computing environment and has characteristics that distinguish it from traditional programs, and there are many vulnerabilities with huge influence in its own security, so that the research on security auditing for it has become a popular and urgent key scientific problem in the field of blockchain security. Aiming at the detection and automatic repair of smart contract vulnerabilities, firstly, main types and classifications of smart contract vulnerabilities were introduced. Secondly, three most important methods of smart contract vulnerability detection in the past five years were reviewed, and representative and innovative research techniques of each method were introduced. Thirdly, smart contract upgrade schemes and cutting-edge automatic repair technologies were introduced in detail. Finally, challenges and future work of smart contract vulnerability detection and automatic repair technologies for online, real-time, multi-platform, automatic, and intelligent requirements were analyzed and prospected as a framework of technical solutions.

Key words: blockchain security, smart contract, security auditing, vulnerability detection, automatic repair

中图分类号: