Unlock instant, AI-driven research and patent intelligence for your innovation.

Smart contract defect triggerability detection method and system based on defect summary

A technology of smart contracts and detection methods, applied in error detection/correction, platform integrity maintenance, software testing/debugging, etc., can solve the code defects of detection results, cannot well describe the security status of smart contracts, and predict system security risks and prevention of problems such as limited reference significance, to achieve the effect of protecting safety

Active Publication Date: 2022-03-04
BEIJING INSTITUTE OF TECHNOLOGYGY +1
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

A static analysis cannot describe the security status of smart contracts well
And because the existing detection methods do not take into account the specific values ​​when the smart contract is executed during the detection process, it may lead to a large number of potential code defects in the detection results. Since the triggering of these defects requires specific conditions, the detection results are reduced. The effectiveness of the system security risk prediction and prevention reference is very limited
[0006] Since the smart contracts deployed on the blockchain system cannot be modified, these smart contracts cannot be repaired after they are found to be flawed, which leads to a large number of flawed smart contracts in Ethereum

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Smart contract defect triggerability detection method and system based on defect summary
  • Smart contract defect triggerability detection method and system based on defect summary
  • Smart contract defect triggerability detection method and system based on defect summary

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment 1

[0088] The detection process of a smart contract defect triggerability detection method based on defect summary is as follows:

[0089] Step 1. For the defects of the smart contract to be detected, define the defect triggering constraints (the defect triggering constraints are fixed); the agreed symbol σs represents the contract execution stack, INS represents the currently executed instructions and defines related functions, The relevant functions include: zero extension function ZeroExt, sign extension function SignExt and unsigned number comparison function UGT, etc.

[0090] Take the unsigned number comparison function UGT as an example. When the first parameter is greater than the second parameter, UGT returns true, otherwise it returns false; for example, the defect trigger condition of subtraction overflow of uint256 data can be expressed as:

[0091] {INS==SUB,UGT(σs[1],σs[0])}

[0092] Step 2. Select any symbolic execution tool to extract the path constraint set T wh...

specific Embodiment 2

[0103] The detection process of a smart contract defect triggerability detection method based on defect summary is as follows:

[0104] Step 1: Select the open source tool Oyente as the symbolic execution tool;

[0105] Step 2: Use the open source tool ethereumetl to obtain the smart contract existing in Ethereum as a test case;

[0106] Step 3: Use Oyente to perform symbolic execution on all test cases to obtain a defect summary for each test case;

[0107] Step 4: When the contract call for the smart contract in the test case occurs, obtain the status data of the smart contract and the contract call data;

[0108] Step 5: Use real data to replace the symbols in the path constraints and defect trigger condition constraints obtained by symbolic execution with real values;

[0109] Step 6: For path constraints and defect trigger condition constraints whose symbols are replaced with real values, Z3 is used to solve the constraints and calculate whether all constraints have sol...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a smart contract defect triggerability detection method and system based on defect summaries. The method includes: performing defect detection on the smart contract to be detected, and extracting one or more defect summaries; when the smart contract is invoked, obtaining the real-time contract State data set and contract call data set; use real-time state data and call data to replace the default initial symbol value in each defect summary of the smart contract; solve the defect summary after the symbol is replaced, if the path constraint of the defect summary Simultaneously with the solution to the defect triggering condition constraint, it is detected that the smart contract will trigger the defect when it is invoked. This method quickly judges the triggerability of the defect in the smart contract by combining the defect summary and the real-time status data of the smart contract with the contract call data, which can solve the high false positives caused by not considering the real data in the current smart contract defect detection to improve the accuracy of smart contract defect detection.

Description

technical field [0001] The invention relates to the technical field of Ethereum smart contract and program defect detection, in particular to a method and system for detecting the triggerability of smart contract defects based on defect abstracts. Background technique [0002] A smart contract refers to a set of digitally defined contracts that can achieve credible transactions without the supervision of a trusted third party, and each transaction is traceable and irreversible. The smart contract implemented in Ethereum is a Turing-complete language, and its essence is a program that can implement business logic such as asset management, message recording, event prediction, games, and tokens. Smart contract program defect detection methods include static detection, symbolic execution, fuzzy testing, etc. [0003] Static detection has the characteristics of low detection cost and fast detection speed, and can be automatically detected, which is more suitable for large-scale ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F11/36
CPCG06F21/563G06F11/3612
Inventor 计卫星田泽民刘法旺王一拙高玉金石峰
Owner BEIJING INSTITUTE OF TECHNOLOGYGY