A static code auditing system and method for an Ethereum smart contract

A smart contract and static code technology, applied in the field of information security, can solve problems such as functional failure to consider security issues and applications with security risks, and achieve the effect of reducing security risks

Active Publication Date: 2019-04-26
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF6 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] At present, there are many smart contract applications on the blockchain-based Ethereum platform, such as Backfeed on the social and economic platform, Augur on the decentralized prediction market, and TransActive Grid on the smart grid. However, in the development process of many applications, the design Those who only pay attention to its functionality without considering its security issues lead to potential safety hazards in the application, and because the content of the smart contract is public, anyone can analyze its source code to find loopholes

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A static code auditing system and method for an Ethereum smart contract

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0026] This embodiment provides a static code audit system for smart contracts on the Ethereum platform of the block chain, and its structural diagram is as follows figure 1 As shown, including preprocessing module, syntax tree generation module, static feature matching module and report generation module;

[0027] Preprocessing module: used to detect the legitimacy of user input, copy the project as a whole to the temporary working directory, and delete the comment part in the Solidity file;

[0028] Syntax tree generation module: used to perform lexical analysis and syntax analysis on the preprocessed file to generate a syntax tree;

[0029] Static feature matching module: used to match the syntax tree with the pre-established logical matching rules, check whether it is a hit, and record the corresponding code information if it hits a match;

[0030...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a static code auditing system and method for an intelligent contract on an Ethernet workshop platform of a block chain, and belongs to the technical field of information security. According to the method, security threats existing on the smart contract written on the Ethereum platform by using the Solidity language can be detected, the specific position is positioned, the harm is explained, and a corresponding solution is given. The method comprises the steps that firstly, a user inputs a to-be-detected project directory or a path of a single file into a system, the system conducts preprocessing operation on input content, the whole project is copied into a temporary work directory, and annotation content in a Solidity file in the temporary work directory is deleted; Secondly, the system analyzes each Solidity file into a syntax tree form through operations such as lexical analysis and grammatical analysis; Then, the system performs static feature matching on the syntax tree structure and a pre-established logic matching feature to obtain a matching result; And finally, classifying and summarizing the matched results by the system to generate a report file,namely a detection result.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to a static code audit system and method for smart contracts on the Ethereum platform of the block chain. Background technique [0002] In a narrow sense, blockchain technology is a chained data structure that combines data blocks in a sequential manner in chronological order, and is a cryptographically guaranteed non-tamperable and unforgeable distributed ledger. Broadly speaking, blockchain technology uses block chain data structures to verify and store data, uses distributed node consensus algorithms to generate and update data, uses cryptography to ensure the security of data transmission and access, and uses automated scripts to A new distributed infrastructure and computing method for programming and manipulating data through smart contracts composed of code. [0003] Ethereum is an open source public blockchain platform with smart contract functions....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 李洪伟谈辰刘森成艺龚丽杨浩淼任彦之
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap