With the rapid development of Internet technology, many traditional auctions are gradually replaced by electronic auctions, and the security privacy protection problem in them becomes more and more concerned. Concerning the problems in the current electronic bidding and auction systems, such as the risk of the privacy of bidder being leaked, the expensive cost of third-party auction center is expensive, and the collusion between third-party auction center and the bidder, a sealed-bid auction scheme based on blockchain smart contract technology was proposed. In the scheme, an auction environment without third-party was constructed by making full use of the features of the blockchain, such as decentralization, tamper-proofing and trustworthiness; and the security deposit strategy of the blockchain was used to restrict the behaviors of bidders, which improved the security of the electronic sealed-bid auction. At the same time, Pedersen commitment was used to protect auction price from being leaked, and Bulletproofs zero-knowledge proof protocol was used to verify the correctness of the winning bid price. Security analysis and experimental results show that the proposed auction scheme meets the security requirements, and has the time consumption of every stage within the acceptable range, so as to meet the daily auction requirements.

Smart contract is one of the core technologies of blockchain,and its security and reliability are very important. With the popularization of blockchain application,the number of smart contracts has increased explosively. And the vulnerabilities of smart contracts will bring huge losses to users. However,the current research focuses on the semantic analysis of Ethereum smart contracts,the modeling and optimization of symbolic execution,and does not specifically describe the process of detecting smart contract vulnerabilities using symbolic execution technology,and how to detect common vulnerabilities in smart contracts. Based on the analysis of the operation mechanism and common vulnerabilities of Ethereum smart contract,the symbol execution technology was used to detect vulnerabilities in smart contracts. Firstly,the smart contract control flow graph was constructed based on Ethereum bytecode,then the corresponding constraint conditions were designed according to the characteristics of smart contract vulnerabilities,and the constraint solver was used to generate software test cases to detect the common vulnerabilities of smart contracts such as integer overflow,access control,call injection and reentry attack. The experimental results show that the proposed detection scheme has good detection effect, and has the accuracy of smart contract vulnerability detection up to 85% on 70 smart contracts with vulnerabilities in Awesome-Buggy-ERC20-Tokens.