Review on blockchain smart contract vulnerability detection and automatic repair

doi:10.11772/j.issn.1001-9081.2022020179

Abstract

Abstract:

Smart contract technology， as a milestone of blockchain 2.0， has received widespread attention from both academic and industry circles. It runs on an underlying infrastructure without trusted computing environment and has characteristics that distinguish it from traditional programs， and there are many vulnerabilities with huge influence in its own security， so that the research on security auditing for it has become a popular and urgent key scientific problem in the field of blockchain security. Aiming at the detection and automatic repair of smart contract vulnerabilities， firstly， main types and classifications of smart contract vulnerabilities were introduced. Secondly， three most important methods of smart contract vulnerability detection in the past five years were reviewed， and representative and innovative research techniques of each method were introduced. Thirdly， smart contract upgrade schemes and cutting-edge automatic repair technologies were introduced in detail. Finally， challenges and future work of smart contract vulnerability detection and automatic repair technologies for online， real-time， multi-platform， automatic， and intelligent requirements were analyzed and prospected as a framework of technical solutions.

Key words: blockchain security, smart contract, security auditing, vulnerability detection, automatic repair

摘要：

智能合约技术作为区块链2.0的里程碑，受到学术界与企业界的广泛关注。智能合约运行在不具有可信计算环境的底层基础设施上，并且具有区别于传统程序的特性，在自身的安全性上存在许多影响很大的漏洞，针对它进行安全审计的研究也成为区块链安全领域的热门与亟需解决的关键科学问题。针对智能合约的漏洞检测与自动化修复，首先介绍智能合约漏洞的主要漏洞类型与分类；然后，调研回顾近五年智能合约漏洞检测的三类最重要的方法，并介绍每类方法具有代表性和创新性的研究技术；其次，详细介绍智能合约升级方案与具有前沿性的自动化修复技术；最后，分析与展望了面向在线、实时、多平台、自动化与智能化需求的智能合约漏洞检测与自动化修复技术的挑战与未来可展开的工作，并提出技术解决方案的框架。

关键词: 区块链安全, 智能合约, 安全审计, 漏洞检测, 自动化修复

CLC Number:

TP309

Juncheng TONG, Bo ZHAO. Review on blockchain smart contract vulnerability detection and automatic repair[J]. Journal of Computer Applications, 2023, 43(3): 785-793.

童俊成, 赵波. 区块链智能合约漏洞检测与自动化修复综述[J]. 《计算机应用》唯一官方网站, 2023, 43(3): 785-793.

Figures/Tables 12

Tab. 1 Smart contract vulnerability types and introduction levels

层级	漏洞类型
Solidity	访问控制漏洞
	整数溢出漏洞
	拒绝服务漏洞
	重入漏洞
	低级调用中未检查返回值
EVM	短地址攻击
区块链结构	交易顺序依赖漏洞
	时间戳依赖漏洞
	错误随机漏洞

Fig. 1 Attacking DAO contract by exploiting reentrancy vulnerability

Fig. 2 Differences between calling results of tx.origin and msg.sender

Fig. 3 Schematic diagram of integer overflow

Fig. 4 Denial of service vulnerability in lock contract

Fig. 5 Short address auto-completion mechanism

Fig. 6 Two transaction confirmation orders for MarketPlace contract

Fig. 7 Roulette contract with timestamp dependence vulnerability

Fig. 8 Game contract with error random vulnerability

Fig. 9 Workflow of SMARTSHIELD

Fig. 10 Framework of EVMPatch

Fig. 11 Architecture of online contract intelligent security detection and automatic repair

References 59

1	袁勇，王飞跃. 区块链技术发展现状与展望［J］. 自动化学报， 2016， 42（4）：481-494. 10.16383/j.aas.2016.c160158
	YUAN Y， WANG F Y. Blockchain： the state of the art and future trends［J］. Acta Automatica Sinica， 2016， 42（4）： 481-494. 10.16383/j.aas.2016.c160158
2	曾诗钦，霍如，黄韬，等. 区块链技术研究综述：原理，进展与应用［J］. 通信学报， 2020， 41（1）：134-151. 10.11959/j.issn.1000?436x.2020027
	ZENG S Q， HUO R， HUANG T， et al. Survey of blockchain： principle， progress and application［J］. Journal on Communications， 2020， 41（1）： 134-151. 10.11959/j.issn.1000?436x.2020027
3	ZHENG Z B， XIE S A， DAI H N， et al. Blockchain challenges and opportunities： a survey［J］. International Journal of Web and Grid Services， 2018， 14（4）： 352-375. 10.1504/ijwgs.2018.095647
4	SZABO N. Formalizing and securing relationships on public networks［J］. First Monday， 1997， 2（9）： No.548. 10.5210/fm.v2i9.548
5	ZHAO X F， CHEN Z Y， CHEN X， et al. The DAO attack paradoxes in propositional logic［C］// Proceeding of the 4th International Conference on Systems and Informatics. Piscataway： IEEE， 2017： 1743-1746. 10.1109/icsai.2017.8248566
6	TOLMACH P， LI Y， LIN S W， et al. A survey of smart contract formal specification and verification［J］. ACM Computing Surveys， 2021， 54（7）： No.148. 10.1145/3464421
7	DURIEUX T， FERREIRA J F， ABREU R， et al. Empirical review of automated analysis tools on 47，587 Ethereum smart contracts［C］// Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. New York： ACM， 2020： 530-541. 10.1145/3377811.3380364
8	赵伟，张问银，王九如，等. 基于符号执行的智能合约漏洞检测方案［J］. 计算机应用， 2020， 40（4）：947-953. 10.11772/j.issn.1001-9081.2019111919
	ZHAO W， ZHANG W Y， WANG J R， et al. Smart contract vulnerability detection scheme based on symbol execution［J］. Journal of Computer Applications， 2020， 40（4）： 947-953. 10.11772/j.issn.1001-9081.2019111919
9	LUU L， CHU D H， OLICKEL H， et al. Making smart contracts smarter［C］// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York： ACM， 2016： 254-269. 10.1145/2976749.2978309
10	TORRES C F， SCHÜTTE J， STATE R. Osiris： hunting for integer bugs in Ethereum smart contracts［C］// Proceedings of the 34th Annual Computer Security Applications Conference. New York： ACM， 2018： 664-676. 10.1145/3274694.3274737
11	CHEN J C， XIA X， LO D， et al. DefectChecker： automated smart contract defect detection by analyzing EVM bytecode［J］. IEEE Transactions on Software Engineering， 2022， 48（7）： 2189-2207. 10.1109/tse.2021.3054928
12	ConsenSys. Mythril： Security analysis tool for EVM bytecode［EB/OL］. ［2022-04-27］..
13	TSANKOV P， DAN A， DRACHSLER-COHEN D， et al. Securify： practical security analysis of smart contracts［C］// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York： ACM， 2018： 67-82. 10.1145/3243734.3243780
14	MOSSBERG M， MANZANO F， HENNENFENT E， et al. Manticore： a user-friendly symbolic execution framework for binaries and smart contracts［C］// Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering. Piscataway： IEEE， 2019： 1186-1189. 10.1109/ase.2019.00133
15	NIKOLIĆ I， KOLLURI A， SERGEY I， et al. Finding the greedy， prodigal， and suicidal contracts at scale［C］// Proceedings of the 34th Annual Computer Security Applications Conference. New York： ACM， 2018： 653-663. 10.1145/3274694.3274743
16	ALMAKHOUR M， SLIMAN L， SAMHAT A E， et al. Verification of smart contracts： a survey［J］. Pervasive and Mobile Computing， 2020， 67： No.101227. 10.1016/j.pmcj.2020.101227
17	YI Q P， WEN J Y， YANG G W. Summary-guided incremental symbolic execution［C］// Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering： Companion Proceedings. New York： ACM， 2020： 310-311. 10.1145/3377812.3390895
18	WEISS K， SCHÜTTE J. Annotary： a concolic execution system for developing secure smart contracts［C］// Proceedings of the 2019 European Symposium on Research in Computer Security， LNCS 11735. Cham： Springer， 2019： 747-766.
19	AMANI S， BÉGEL M， BORTIN M， et al. Towards verifying Ethereum smart contract bytecode in Isabelle/HOL［C］// Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs. New York： ACM， 2018： 66-77. 10.1145/3167084
20	GENET T， JENSEN T， SAUVAGE J. Termination of Ethereum’s smart contracts［C］// Proceedings of the 17th International Joint Conference on e-Business and Telecommunications. Setúbal： SciTePress， 2020（3）： 39-51. 10.5220/0009564100390051
21	LI X M， SHI Z P， ZHANG Q Y， et al. Towards verifying Ethereum smart contracts at intermediate language level［C］// Proceedings of the 2019 International Conference on Formal Engineering Methods. Cham： Springer， 2019： 121-137. 10.1007/978-3-030-32409-4_8
22	KALRA S， GOEL S， DHAWAN M， et al. ZEUS： analyzing safety of smart contracts［C］// Proceedings of the 2018 Network and Distributed Systems Security Symposium. Reston， VA： Internet Society， 2018： No.23082. 10.14722/ndss.2018.23082
23	YANG Z， LEI H. Lolisa： formal syntax and semantics for a subset of the solidity programming language in mathematical tool Coq［J］. Mathematical Problems in Engineering， 2020， 2020： No.6191537. 10.1155/2020/6191537
24	MAVRIDOU A， LASZKA A. Designing secure Ethereum smart contracts： a finite state machine based approach［C］// Proceedings of the 2018 International Conference on Financial Cryptography and Data Security， LNCS 10957. Berlin： Springer， 2018： 523-540.
25	MAVRIDOU A， LASZKA A， STACHTIARI E， et al. VeriSolid： correct-by-design smart contracts for Ethereum［C］// Proceedings of the 2019 International Conference on Financial Cryptography and Data Security， LNCS 11598. Cham： Springer， 2019： 446-465.
26	NELATURU K， MAVRIDOU A， VENERIS A， et al. Verified development and deployment of multiple interacting smart contracts with VeriSolid［C］// Proceedings of the 2020 IEEE International Conference on Blockchain and Cryptocurrency. Piscataway： IEEE， 2020： 1-9. 10.1109/icbc48266.2020.9169428
27	ALAQAHTANI S， HE X C， GAMBLE R， et al. Formal verification of functional requirements for smart contract compositions in supply chain management systems［C］// Proceedings of the 53rd Hawaii International Conference on System Sciences. Honolulu， HI： University of Hawaiʻi at Mānoa， 2020： 5278-5287. 10.24251/hicss.2020.650
28	ABDELLATIF T， BROUSMICHE K L. Formal verification of smart contracts based on users and blockchain behaviors models［C］// Proceedings of the 9th IFIP International Conference on New Technologies， Mobility and Security. Piscataway： IEEE， 2018： 1-5. 10.1109/ntms.2018.8328737
29	WANG D， HUANG X， MA X F. Formal analysis of smart contract based on colored petri nets［J］. IEEE Intelligent Systems， 2020， 35（3）： 19-30. 10.1109/mis.2020.2977594
30	JIANG B， LIU Y， CHAN W K. ContractFuzzer： fuzzing smart contracts for vulnerability detection［C］// Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. New York： ACM， 2018： 259-269. 10.1145/3238147.3238177
31	GRIECO G， SONG W， CYGAN A， et al. Echidna： effective， usable， and fast fuzzing for smart contracts［C］// Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. New York： ACM， 2020： 557-560. 10.1145/3395363.3404366
32	NGUYEN T D， PHAM L H， SUN J， et al. sFuzz： an efficient adaptive fuzzer for Solidity smart contracts［C］// Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. New York： ACM， 2020： 778-788. 10.1145/3377811.3380334
33	HE J X， BALUNOVIĆ M， AMBROLADZE N， et al. Learning to fuzz from symbolic execution with application to smart contracts［C］// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York： ACM， 2019： 531-548. 10.1145/3319535.3363230
34	TORRES C F， IANNILLO A K， GERVAIS A， et al. ConFuzzius： a data dependency-aware hybrid fuzzer for smart contracts［C］// Proceedings of the 2021 IEEE European Symposium on Security and Privacy. Piscataway： IEEE， 2021： 103-119. 10.1109/eurosp51992.2021.00018
35	ZHANG Q Z， WANG Y Z， LI J R， et al. EthPloit： from fuzzing to efficient exploit generation against smart contracts［C］// Proceedings of the IEEE 27th International Conference on Software Analysis， Evolution and Reengineering. Piscataway： IEEE， 2020： 116-126. 10.1109/saner48275.2020.9054822
36	WÜSTHOLZ V， CHRISTAKIS M. Harvey： a greybox fuzzer for smart contracts［C］// Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. New York： ACM， 2020： 1398-1409. 10.1145/3368089.3417064
37	Etherum. Solidity documentation： release 0.8.11［EB/OL］. （2021-12-20）［2022-04-27］..
38	ConsenSys. Ethereum smart contract security best practices［EB/OL］. ［2022-04-27］..
39	MANNING A. Solidity security： comprehensive list of known attack vectors and common anti-patterns［EB/OL］. （2018-10-20）［2022-07-09］..
40	ConsenSys. Software engineering techniques［EB/OL］. ［2022-03-28］..
41	Trail of Bits. How contract migration works［EB/OL］. （2018-10-29）［2022-02-20］..
42	OpenZeppelin. Proxy patterns［EB/OL］. （2018-04-19）［2022-06-02］.. 10.1007/978-1-4842-3603-1_12
43	ZeppelinOS. Quickstart of ZeppelinOS［EB/OL］. ［2022-05-18］..
44	ZHANG Y Y， MA S Q， LI J R， et al. SMARTSHIELD： automatic smart contract protection made easy［C］// Proceedings of the IEEE 27th International Conference on Software Analysis， Evolution and Reengineering. Piscataway： IEEE， 2020： 23-34. 10.1109/saner48275.2020.9054825
45	RODLER M， LI W T， KARAME G O， et al. EVMPatch： timely and automated patching of Ethereum smart contracts［C］// Proceedings of the 30th USENIX Security Symposium. Berkeley： USENIX Association， 2021： 1289-1306.
46	HE N Y， ZHANG R Y， WANG H Y， et al. EOSAFE： security analysis of EOSIO smart contracts［C］// Proceedings of the 30th USENIX Security Symposium. Berkeley： USENIX Association， 2021： 1271-1288.
47	DING M J， LI P R， LI S S， et al. HFContractFuzzer： fuzzing Hyperledger Fabric smart contracts for vulnerability detection［C］// Proceedings of the 2021 International Conference on Evaluation and Assessment in Software Engineering. New York： ACM， 2021： 321-328. 10.1145/3463274.3463351
48	YUAN R， XIA Y B， CHEN H B， et al. ShadowEth： private smart contract on public blockchain［J］. Journal of Computer Science Technology， 2018， 33（3）： 542-556. 10.1007/s11390-018-1839-y
49	XIAO Y， ZHANG N， LI J， et al. PrivacyGuard： enforcing private data usage control with blockchain and attested off-chain contract execution［C］// Proceedings of the 2020 European Symposium on Research in Computer Security， LNCS 12309. Cham： Springer， 2020： 610-629.
50	LIND J， NAOR O， EYAL I， et al. Teechain： scalable blockchain payments using trusted execution environments［EB/OL］. （2019-10-26）［2022-02-16］.. 10.1145/3341301.3359627
51	HOMOLIAK I， SZALACHOWSKI P. Aquareum： a centralized ledger enhanced with blockchain and trusted computing［EB/OL］. （2020-05-27）［2022-03-17］..
52	RODLER M， LI W T， KARAME G O， et al. Sereum： protecting existing smart contracts against re-entrancy attacks［C］// Proceedings of the 2019 Network and Distributed Systems Security Symposium. Reston， VA： Internet Society， 2019： No.23413. 10.14722/ndss.2019.23413
53	TORRES C F， BADEN M， NORVILL R， et al. Ægis： smart shielding of smart contracts［C］// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York： ACM， 2019： 2589-2591. 10.1145/3319535.3363263
54	CHEN T， CAO R， LI T， et al. SODA： a generic online detection framework for smart contracts［C］// Proceedings of the 2020 Network and Distributed Systems Security Symposium. Reston， VA： Internet Society， 2020： No.24449. 10.14722/ndss.2020.24449
55	YANG Z， KEUNG J， YU X， et al. A multi-modal Transformer-based code summarization approach for smart contracts［C］// Proceedings of the IEEE/ACM 29th International Conference on Program Comprehension. Piscataway： IEEE， 2021： 1-12. 10.1109/icpc52881.2021.00010
56	LI X Q， CHEN T， LUO X P， et al. STAN： towards describing bytecodes of smart contract［C］// Proceedings of the IEEE 20th International Conference on Software Quality， Reliability and Security. Piscataway： IEEE， 2020： 273-284. 10.1109/qrs51102.2020.00045
57	ESHGHIE M， ARTHO C， GUROV D. Dynamic vulnerability detection on smart contracts using machine learning［C］// Proceedings of the 2021 International Conference on Evaluation and Assessment in Software Engineering. New York： ACM， 2021： 305-312. 10.1145/3463274.3463348
58	XU Y J， HU G R， YOU L， et al. A novel machine learning-based analysis model for smart contract vulnerability［J］. Security and Communication Networks， 2021， 2021： No.5798033. 10.1155/2021/5798033
59	ZHUANG Y， LIU Z G， QIAN P， et al. Smart contract vulnerability detection using graph neural network［C］// Proceedings of the 29th International Joint Conference on Artificial Intelligence. California： ijcai.org， 2020： 3283-3290. 10.24963/ijcai.2020/454

[1]	He HUANG, Yu JIN. Cloud data auditing scheme based on voting and Ethereum smart contracts [J]. Journal of Computer Applications, 2024, 44(7): 2093-2101.
[2]	Peng FANG, Fan ZHAO, Baoquan WANG, Yi WANG, Tonghai JIANG. Development， technologies and applications of blockchain 3.0 [J]. Journal of Computer Applications, 2024, 44(12): 3647-3657.
[3]	Chaoying YAN, Ziyi ZHANG, Yingnan QU, Qiuyu LI, Dixiang ZHENG, Lijun SUN. Double auction carbon trading based on consortium blockchain [J]. Journal of Computer Applications, 2024, 44(10): 3240-3245.
[4]	Kun ZHANG, Fengyu YANG, Fa ZHONG, Guangdong ZENG, Shijian ZHOU. Source code vulnerability detection based on hybrid code representation [J]. Journal of Computer Applications, 2023, 43(8): 2517-2526.
[5]	Luyu CHEN, Xiaofeng MA, Jing HE, Shengzhi GONG, Jian GAO. Blockchain smart contract privacy authorization method based on TrustZone [J]. Journal of Computer Applications, 2023, 43(6): 1969-1978.
[6]	Meng CAO, Sunjie YU, Hui ZENG, Hongzhou SHI. Hierarchical access control and sharing system of medical data based on blockchain [J]. Journal of Computer Applications, 2023, 43(5): 1518-1526.
[7]	Yihan WANG, Chen TANG, Lan ZHANG. Anti-fraud and anti-tampering online trading mechanism for bulk stock [J]. Journal of Computer Applications, 2023, 43(4): 1309-1317.
[8]	Yang LI, Long XU, Yanqiang LI, Shaopeng LI. Smart contract-based access control architecture and verification for internet of things [J]. Journal of Computer Applications, 2022, 42(6): 1922-1931.
[9]	Yuntao XU, Junwu ZHU, Binwen SUN, Maosheng SUN, Sihai CHEN. Election-based supply chain： a supply chain autonomy framework based on blockchain [J]. Journal of Computer Applications, 2022, 42(6): 1770-1775.
[10]	Min WEN, Rongcun WANG, Shujuan JIANG. Source code vulnerability detection based on relational graph convolution network [J]. Journal of Computer Applications, 2022, 42(6): 1814-1821.
[11]	Le ZHAO, En ZHANG, Leiyong QIN, Gongli LI. Multi-party privacy preserving k-means clustering scheme based on blockchain [J]. Journal of Computer Applications, 2022, 42(12): 3801-3812.
[12]	Shengjia GONG, Linlin ZHANG, Kai ZHAO, Juntao LIU, Han YANG. Fake news detection method based on blockchain technology [J]. Journal of Computer Applications, 2022, 42(11): 3458-3464.
[13]	NI Ping, CHEN Wei. Reflective cross-site scripting vulnerability detection based on fuzzing test [J]. Journal of Computer Applications, 2021, 41(9): 2594-2601.
[14]	SHEN Yumin, WANG Jinlong, HU Diankai, LIU Xingyu. Multi-person collaborative creation system of building information modeling drawings based on blockchain [J]. Journal of Computer Applications, 2021, 41(8): 2338-2345.
[15]	CHEN Weiwei, CAO Li, GU Xiang. E-forensics model for internet of vehicles based on blockchain [J]. Journal of Computer Applications, 2021, 41(7): 1989-1995.