Survey of smart contract security vulnerability detection technology

doi:10.11772/j.issn.1001-9081.2023121815

Abstract

Abstract:

Smart contracts are the core component of blockchain technology. With the rapid popularity of blockchain applications at home and abroad， security incidents caused by smart contract vulnerabilities occur frequently， resulting in huge economic losses. In response to the above problems， smart contract vulnerability detection solutions suitable for different scenarios have been developed based on a variety of theories and technologies. In order to understand smart contract security vulnerability detection technology systematically， the research literature related to smart contract security vulnerability detection technology was investigated and sorted out. Firstly， smart contract vulnerability types were elaborated and analyzed systematically from two aspects： logic and interaction. Then， characteristics and limitations of the existing smart contract vulnerability detection methods， including static analysis， symbolic execution， fuzzy detection， and deep learning， were summarized， and 30 vulnerability detection tools were summed up and compared. Finally， the opportunities and challenges faced in the current development of smart contract vulnerability detection technology were discussed， and the future research directions in this field were prospected with the combination of deep learning technology.

Key words: smart contract, vulnerability detection, blockchain, contract security, blockchain security

摘要：

智能合约是区块链技术的核心组成部分。随着区块链应用在国内外的快速普及，智能合约漏洞引发的安全事件频频发生，导致了巨大的经济损失。针对上述问题，基于多种理论和技术，人们提出了适用于不同场景的智能合约漏洞检测方案。为了系统了解智能合约的安全漏洞检测技术，调研和梳理了智能合约安全漏洞检测技术相关研究文献。首先，从逻辑和交互这2个方面系统性阐述和分析智能合约漏洞类型；其次，总结包括静态分析、符号执行、模糊检测和深度学习等现有智能合约漏洞检测方法的特点和局限性，并且归纳和比对30种漏洞检测工具；最后，探讨当前智能合约漏洞检测技术发展中面临的机遇和挑战，并结合深度学习技术展望了该领域未来的研究方向。

关键词: 智能合约, 漏洞检测, 区块链, 合约安全, 区块链安全

CLC Number:

TP311

Hong REN, Fan ZHAO. Survey of smart contract security vulnerability detection technology[J]. Journal of Computer Applications, 0, (): 95-100.

任虹, 赵凡. 智能合约安全漏洞检测技术综述[J]. 《计算机应用》唯一官方网站, 0, (): 95-100.

Figures/Tables 4

References 45

1	NOFER M， GOMBER P， HINZ O， et al. Blockchain［J］. Business and Information Systems Engineering， 2017， 59（3）： 183-187.
2	AVERINA A， AVERINA O. Review of blockchain frameworks and platforms［C］// Proceedings of the 2020 International Multi-Conference on Industrial Engineering and Modern Technologies. Piscataway： IEEE， 2020： 1-6.
3	AZARIA A， EKBLAW A， VIEIRA T， et al. MedRec： using blockchain for medical data access and permission management ［C］// Proceedings of the 2nd International Conference on Open and Big Data. Piscataway： IEEE， 2016： 25-30.
4	DUBOVITSKAYA A， XU Z， RYU S， et al. Secure and trustable electronic medical records sharing using blockchain ［J］. AMIA Annual Symposium Proceedings Archive. 2017， 2017： 650-659.
5	FAN K， WANG S， REN Y， et al. MedBlock： efficient and secure medical data sharing via blockchain［J］. Journal of Medical Systems， 2018， 42： No.136.
6	REYNA A， MARTÍN C， CHEN J， et al. On blockchain and its integration with IoT. Challenges and opportunities［J］. Future Generation Computer Systems， 2018， 88： 173-190.
7	HUH S， CHO S， KIM S. Managing IoT devices using blockchain platform［C］// Proceedings of the 19th International Conference on Advanced Communication Technology. Piscataway： IEEE， 2017： 464-467.
8	NOVO O. Blockchain meets IoT： an architecture for scalable access management in IoT ［J］. IEEE Internet of Things Journal， 2018， 5（2）： 1184-1195.
9	CAGIGAS D， CLIFTON J， DIAZ-FUENTES D， et al. Blockchain for public services： a systematic literature review ［J］. IEEE Access， 2021， 9： 13904-13921.
10	SHAHAAB A， MAUDE R， HEWAGE C， et al. Blockchain： a panacea for trust challenges in public services？ A socio-technical perspective［J］. The Journal of the British Blockchain Association， 2020， 3（2）： 53-60.
11	ØLNES S， JANSEN A. Blockchain technology as infrastructure in public sector： an analytical framework［C］// Proceedings of the 19th Annual International Conference on Digital Government Research： Governance in the Data Age. New York： ACM， 2018： No.77.
12	SAVELYEV A. Copyright in the blockchain era： promises and challenges［J］. Computer Law and Security Review， 2018， 34（3）： 550-561.
13	JING N， LIU Q， SUGUMARAN V. A blockchain-based code copyright management system［J］. Information Processing and Management， 2021， 58（3）： No.102518.
14	MENG Z， MORIZUMI T， MIYATA S， et al. Design scheme of copyright management system based on digital watermarking and blockchain［C］// Proceedings of the IEEE 42nd Annual Computer Software and Applications Conference. Piscataway： IEEE， 2018： 359-364.
15	HOLLAND M， NIGISCHER C， STJEPANDIĆ J. Copyright protection in additive manufacturing with blockchain approach［M］// Advances in Trnsdisciplinary Engineering. Volume 5： Transdisciplinary Engineering： A Paradigm Shift. Amsterdam： IOS Press， 2017： 914-921.
16	倪远东，张超，殷婷婷. 智能合约安全漏洞研究综述［J］. 信息安全学报， 2020， 5（3）：78-99.
17	TIKHOMIROV S， VOSKRESENSKAYA E， IVANITSKIY I， et al. SmartCheck： static analysis of Ethereum smart contracts［C］// Proceedings of the ACM/IEEE 1st International Workshop on Emerging Trends in Software Engineering for Blockchain. New York： ACM， 2018： 9-16.
18	FEIST J， GRIECO G， GROCE A. Slither： a static analysis framework for smart contracts［C］// Proceedings of the IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain. Piscataway： IEEE， 2019： 8-15.
19	KALRA S， GOEL S， DHAWAN M， et al. Zeus： analyzing safety of smart contracts ［C］// Proceedings of the 2018 Network and Distributed System Security Symposium. Reston， VA： Internet Society： 2018： 1-15.
20	GRECH N， KONG M， JURISEVIC A， et al. MadMax： surviving out-of-gas conditions in ethereum smart contracts ［J］. Proceedings of the ACM on Programming Languages， 2018， 2（OOPSLA）： No.116.
21	TSANKOV P， DAN A， DRACHSLER-COHEN D， et al. Securify： practical security analysis of smart contracts ［C］// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York： ACM， 2018： 67-82.
22	SCHNEIDEWIND C， GRISHCHENKO I， SCHERER M， et al. eThor： practical and provably sound static analysis of Ethereum smart contracts ［C］// Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. New York： ACM， 2020： 621-640.
23	CUI S， ZHAO G， GAO Y， et al. VRust： automated vulnerability detection for Solana smart contracts ［C］// Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. New York： ACM， 2022： 639-652.
24	LUU L， CHU D H， OLICKEL H， et al. Making smart contracts smarter［C］// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York： ACM， 2016： 254-269.
25	CHEN J， XIA X， LO D， et al. DefectChecker： automated smart contract defect detection by analyzing EVM bytecode［J］. IEEE Transactions on Software Engineering， 2022， 48（7）： 2189-2207.
26	ZHENG P， ZHENG Z， LUO X. Park： accelerating smart contract vulnerability detection via parallel-fork symbolic execution［C］// Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis. New York： ACM， 2022： 740-751.
27	FENG Y， TORLAK E， BODIK R. Summary-based symbolic evaluation for smart contracts ［C］// Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering. New York： ACM， 2020： 1141-1152.
28	KRUPP J， ROSSOW C. teEther： gnawing at Ethereum to automatically exploit smart contracts［C］// Proceedings of the 27th USENIX Security Symposium. Berkeley： USENIX Association， 2018： 1317-1333.
29	NIKOLIĆ I， KOLLURI A， SERGEY I， et al. Finding the greedy， prodigal， and suicidal contracts at scale ［C］// Proceedings of the 34th Annual Computer Security Applications Conference. New York： ACM， 2018： 653-663.
30	JIANG B， LIU Y， CHAN W K. ContractFuzzer： fuzzing smart contracts for vulnerability detection ［C］// Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. New York： ACM， 2018： 259-269.
31	LIU C， LIU H， CAO Z， et al. ReGuard： finding reentrancy bugs in smart contracts ［C］// Proceedings of the ACM/IEEE 40th International Conference on Software Engineering： Companion Proceedings. New York： ACM， 2018： 65-68.
32	NGUYEN T D， PHAM L H， SUN J， et al. sFuzz： an efficient adaptive fuzzer for solidity smart contracts ［C］// Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. New York： ACM， 2020： 778-788.
33	HE J， BALUNOVIĆ M， AMBROLADZE N， et al. Learning to fuzz from symbolic execution with application to smart contracts［C］// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York： ACM， 2019： 531-548.
34	CHOI J， KIM D， KIM S， et al. Smartian： enhancing smart contract fuzzing with static and dynamic data-flow analyses ［C］// Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering. Piscataway： IEEE， 2021： 227-239.
35	WANG H， LIU Y， LI Y， et al. Oracle-supported dynamic exploit generation for smart contracts ［J］. IEEE Transactions on Dependable and Secure Computing， 2022， 19（3）： 1795-1809.
36	GRIECO G， SONG W， CYGAN A， et al. Echidna： effective， usable， and fast fuzzing for smart contracts ［C］// Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. New York： ACM， 2020： 557-560.
37	WÜSTHOLZ V， CHRISTAKIS M. Harvey： a greybox fuzzer for smart contracts ［C］// Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. New York： ACM， 2020： 1398-1409.
38	DING M， LI P， LI S， et al. HFContractFuzzer： fuzzing hyperledger fabric smart contracts for vulnerability detection ［C］// Proceedings of the 25th International Conference on Evaluation and Assessment in Software Engineering. New York： ACM， 2021：321-328.
39	YE M， NAN Y， ZHENG Z， et al. Detecting state inconsistency bugs in DApps via on-chain transaction replay and fuzzing ［C］// Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. New York： ACM， 2023： 298-309.
40	ZHUANG Y， LIU Z， QIAN P， et al. Smart contract vulnerability detection using graph neural networks ［C］// Proceedings of the 29th International Conference on Artificial Intelligence. California： IJCAI.org， 2021： 3283-3290.
41	WANG W， SONG J， XU G， et al. ContractWard： automated vulnerability detection models for Ethereum smart contracts ［J］. IEEE Transactions on Network Science and Engineering， 2021， 8（2）： 1133-1144.
42	GAO Z. When deep learning meets smart contracts ［C］// Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering. New York： ACM， 2020： 1400-1402.
43	GAO Z， JIANG L， XIA X， et al. Checking smart contracts with structural code embedding［J］. IEEE Transactions on Software Engineering， 2020， 47（12）： 2874-2891.
44	YU X， ZHAO H， HOU B， et al. DeeSCVHunter： a deep learning-based framework for smart contract vulnerability detection［C］// Proceedings of the 2021 International Joint Conference on Neural Networks. Piscataway： IEEE， 2021： 1-8.
45	LIU Z， QIAN P， WANG X， et al. Smart contract vulnerability detection： from pure neural network to interpretable graph feature and expert pattern fusion ［C］// Proceedings of the 30th International Joint Conference on Artificial Intelligence. California： IJCAI.org， 2021： 2751-2759.

网址	描述
https：//swcregistry.io/	以太坊智能合约常见的37种漏洞
https：//www.dasp.co/	智能合约常见的10种漏洞
https：//www.cve.org/	通用漏洞披露平台，560条智能合约相关漏洞
https：//www.cnvd.org.cn/	国家信息安全漏洞共享平台， 431条智能合约相关漏洞

网址	描述
https：//swcregistry.io/	以太坊智能合约常见的37种漏洞
https：//www.dasp.co/	智能合约常见的10种漏洞
https：//www.cve.org/	通用漏洞披露平台，560条智能合约相关漏洞
https：//www.cnvd.org.cn/	国家信息安全漏洞共享平台， 431条智能合约相关漏洞

方法	工具	发布年份	开源地址	评价指标	对比工具
静态分析	①MadMax	2018	https：//github.com/nevillegrech/MadMax	T	—
	②Slither	2019	https：//github.com/crytic/slither	T	③④
	③Securify	2018	https：//github.com/eth-sri/securify2	FP	⑧⑩
	④SmartCheck	2018	https：//github.com/smartdec/smartcheck	TP、FN	③⑩
	⑤Zeus	2018	未开源	FP、FN	⑩
	⑥eThor	2020	https：//secpriv.wien/ethor/	F	⑤
	⑦VRust	2022	未开源	FP	—
符号执行	⑧Mythril	2017	https：//github.com/ConsenSys/mythril	—	—
	⑨DefectChecker	2021	https：//github.com/Jiachi-Chen/DefectChecker/	TP、TN、FP、FN、P、F	③⑧⑩
	⑩Oyente	2016	https：//github.com/melonproject/oyente	FP	—
	⑪Park	2022	https：//github.com/tczpl/park/	T	⑧⑩
	⑫Solar	2020	https：//github.com/fredfeng/solar	FP、FN	⑧⑬⑮
	⑬teEther	2018	https：//github.com/nescio007/teether	T	—
	⑭Maian	2018	https：//github.com/MAIAN-tool/MAIAN	TP、FN	—
模糊检测	⑮ContractFuzzer	2018	https：//github.com/gongbell/ContractFuzzer	TP、FP、FN	⑩
	⑯ReGuard	2018	未开源	FP、FN	—
	⑰ILF	2019	未开源	C	21
	⑱ContraMaster	2022	未开源	T	—
	⑲Harvey	2020	未开源	T、C	—
	⑳sFuzz	2020	https：//github.com/duytai/sFuzz	TP	⑩⑮
	21Echidna	2021	https：//github.com/crytic/echidna	T	—
	22Smartian	2021	https：//github.com/SoftSec-KAIST/Smartian	TP、FP、C	⑧⑰⑳
	23IcyChecker	2023	https：//github.com/MingxiYe/IcyChecker-Artifact	P、FN、FP	22
	24HFContractFuzzer	2021	未开源	—	—
深度学习	25DR-GCN	2020	https：//github.com/Messi-Q/GraphDeeSmartContract	A、P、R、F	③④⑧⑩
	26TMP	2020	https：//github.com/Messi-Q/GGNNSmartVulDetector	A、P、R、F	③④⑧⑩
	27ContractWard	2021	未开源	F	—
	28DeeSCVHunter	2021	https：//github.com/MRdoulestar/DeeSCVHunter	A、P、R、F	—
	29AME	2021	https：//github.com/Messi-Q/AMEVulDetector	A、P、R、F	②③④⑧⑩
	30SmartEmbed	2020	https：//github.com/beyondacm/SmartEmbed	P、R、F、FP、FN	④

方法	工具	发布年份	开源地址	评价指标	对比工具
静态分析	①MadMax	2018	https：//github.com/nevillegrech/MadMax	T	—
	②Slither	2019	https：//github.com/crytic/slither	T	③④
	③Securify	2018	https：//github.com/eth-sri/securify2	FP	⑧⑩
	④SmartCheck	2018	https：//github.com/smartdec/smartcheck	TP、FN	③⑩
	⑤Zeus	2018	未开源	FP、FN	⑩
	⑥eThor	2020	https：//secpriv.wien/ethor/	F	⑤
	⑦VRust	2022	未开源	FP	—
符号执行	⑧Mythril	2017	https：//github.com/ConsenSys/mythril	—	—
	⑨DefectChecker	2021	https：//github.com/Jiachi-Chen/DefectChecker/	TP、TN、FP、FN、P、F	③⑧⑩
	⑩Oyente	2016	https：//github.com/melonproject/oyente	FP	—
	⑪Park	2022	https：//github.com/tczpl/park/	T	⑧⑩
	⑫Solar	2020	https：//github.com/fredfeng/solar	FP、FN	⑧⑬⑮
	⑬teEther	2018	https：//github.com/nescio007/teether	T	—
	⑭Maian	2018	https：//github.com/MAIAN-tool/MAIAN	TP、FN	—
模糊检测	⑮ContractFuzzer	2018	https：//github.com/gongbell/ContractFuzzer	TP、FP、FN	⑩
	⑯ReGuard	2018	未开源	FP、FN	—
	⑰ILF	2019	未开源	C	21
	⑱ContraMaster	2022	未开源	T	—
	⑲Harvey	2020	未开源	T、C	—
	⑳sFuzz	2020	https：//github.com/duytai/sFuzz	TP	⑩⑮
	21Echidna	2021	https：//github.com/crytic/echidna	T	—
	22Smartian	2021	https：//github.com/SoftSec-KAIST/Smartian	TP、FP、C	⑧⑰⑳
	23IcyChecker	2023	https：//github.com/MingxiYe/IcyChecker-Artifact	P、FN、FP	22
	24HFContractFuzzer	2021	未开源	—	—
深度学习	25DR-GCN	2020	https：//github.com/Messi-Q/GraphDeeSmartContract	A、P、R、F	③④⑧⑩
	26TMP	2020	https：//github.com/Messi-Q/GGNNSmartVulDetector	A、P、R、F	③④⑧⑩
	27ContractWard	2021	未开源	F	—
	28DeeSCVHunter	2021	https：//github.com/MRdoulestar/DeeSCVHunter	A、P、R、F	—
	29AME	2021	https：//github.com/Messi-Q/AMEVulDetector	A、P、R、F	②③④⑧⑩
	30SmartEmbed	2020	https：//github.com/beyondacm/SmartEmbed	P、R、F、FP、FN	④

方法	工具	RE	IO	TOD	TD	ME	FE	GS	SAA	UEC	DoS	DD	BSD
静态分析	MadMax		√				√
	Slither						√		√	√		√
	Securify	√	√		√	√	√			√			√
	SmartCheck	√	√		√		√	√		√	√
	Zeus	√		√	√								√
	eThor		√
	VRust	√
符号执行	DefectChecker	√		√						√	√		√
	Oyente	√	√	√	√	√						√
	Park	√		√	√
	Mythril	√	√		√		√				√	√
	Solar				√			√
	teEther	√					√			√
	Maian	√		√
模糊检测	ContractFuzzer	√			√	√	√	√		√		√	√
	ReGuard	√
	ILF	√				√	√
	Contramaster	√
	Harvey	√	√
	sFuzz	√	√		√	√	√	√				√	√
	Echidna
	Smartian	√	√			√	√						√
	IcyChecker	√
	HFContractFuzzer	√	√
深度学习	DR-GCN	√			√
	TMP	√			√
	ContractWard	√	√	√	√
	DeeSCVHunter	√			√
	AME	√											√
	SmartEmbed	√	√		√		√						√
总计		25	12	6	14	6	11	4	1	6	3	5	8