A static code audit system and method for Ethereum smart contracts

A smart contract and static code technology, applied in the field of information security, can solve problems such as functional failure to consider security issues, application security risks, etc., and achieve the effect of reducing security risks

Active Publication Date: 2020-03-27
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] At present, there are many smart contract applications on the blockchain-based Ethereum platform, such as Backfeed on the social and economic platform, Augur on the decentralized prediction market, and TransActive Grid on the smart grid. However, in the development process of many applications, the design Those who only pay attention to its functionality without considering its security issues lead to potential safety hazards in the application, and because the content of the smart contract is public, anyone can analyze its source code to find loopholes

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A static code audit system and method for Ethereum smart contracts

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0026] This embodiment provides a static code audit system for smart contracts on the Ethereum platform of the block chain, and its structural diagram is as follows figure 1 As shown, including preprocessing module, syntax tree generation module, static feature matching module and report generation module;

[0027] Preprocessing module: used to detect the legitimacy of user input, copy the project as a whole to the temporary working directory, and delete the comment part in the Solidity file;

[0028] Syntax tree generation module: used to perform lexical analysis and syntax analysis on the preprocessed file to generate a syntax tree;

[0029] Static feature matching module: used to match the syntax tree with the pre-established logical matching rules, check whether it is a hit, and record the corresponding code information if it hits a match;

[0030...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a static code audit system and method for smart contracts on the Ethereum platform of the blockchain, and belongs to the technical field of information security. The invention can detect the security threat existing on the smart contract written in the Solidity language on the Ethereum platform, locate the specific location, clarify the hazard and provide a corresponding solution. The method of the present invention: first, the user inputs the project directory to be detected or the path of a single file into the system, and the system performs a preprocessing operation on the input content, copies the entire project into the temporary working directory and deletes the annotation content in the Solidity file therein; Secondly, the system will parse each Solidity file into the form of a syntax tree through operations such as lexical analysis and syntax analysis; then, the system performs static feature matching on the syntax tree structure and the pre-established logical matching features to obtain the matching result; finally, The system classifies and summarizes the matched results to generate a report file, which is the test result.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to a static code audit system and method for smart contracts on the Ethereum platform of the block chain. Background technique [0002] In a narrow sense, blockchain technology is a chained data structure that combines data blocks in a sequential manner in chronological order, and is a cryptographically guaranteed non-tamperable and unforgeable distributed ledger. Broadly speaking, blockchain technology uses block chain data structures to verify and store data, uses distributed node consensus algorithms to generate and update data, uses cryptography to ensure the security of data transmission and access, and uses automated scripts to A new distributed infrastructure and computing method for programming and manipulating data through smart contracts composed of code. [0003] Ethereum is an open source public blockchain platform with smart contract functions....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 李洪伟谈辰刘森成艺龚丽杨浩淼任彦之
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap