Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

WASM smart contract vulnerability detection method based on symbolic execution

A smart contract and symbolic execution technology, applied in the direction of error detection/correction, software testing/debugging, program code conversion, etc., can solve the problem that the system cannot be guaranteed to be completely correct and reliable, and achieve the effect of improving the efficiency of vulnerability detection and facilitating subsequent expansion

Active Publication Date: 2021-11-19
BEIHANG UNIV
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Formal verification uses pre-established rules to analyze and verify the relevant characteristics of the system; it cannot guarantee that the system is completely correct and reliable, but it can analyze the system to the maximum extent to verify whether the system meets consistency and completeness

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • WASM smart contract vulnerability detection method based on symbolic execution
  • WASM smart contract vulnerability detection method based on symbolic execution
  • WASM smart contract vulnerability detection method based on symbolic execution

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0057] The present invention will be further described in detail below in conjunction with the accompanying drawings.

[0058] Based on the symbolic execution technology in software testing, the present invention provides conditions for the detection and location of security vulnerabilities in blockchain smart contracts. The basic principles are as follows: figure 1As shown, the symbolic execution engine is mainly composed of four parts: function call stack, execution environment (including memory and global variables), library function simulation and solver. What the symbolic execution engine processes is WebAssembly bytecode. After parsing the bytecode, an executable instance is generated, and the symbolized variables are recorded and executed symbolically. Symbolic execution starts from the entry function of the bytecode. The engine will create a function call stack and push the function call information into the stack. The contents of the stack frame include local variable...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a WASM smart contract vulnerability detection method based on symbolic execution, and belongs to the technical field of software testing. The method comprises the steps: constructing executable examples through WebAssembly byte codes of a to-be-analyzed smart contract, calling an initialization function in each example to initialize the state of a running environment, and filling numerical values of a memory area and a data area of the running environment; and further calling a function body to perform symbolic execution according to an index in a function signature, traversing an execution path of the byte code level smart contract to explore a possible state of the smart contract during actual operation, and analyzing potential security vulnerabilities of the smart contract according to the state. In addition, a general function interface and a special function are used for realizing simulation support for library functions of different block chain platforms, so that the integrity of a symbolic execution process is ensured. By setting a circulation upper limit and a branch access upper limit, the path explosion problem and the coverage rate problem in symbolic execution are solved.

Description

technical field [0001] The invention belongs to the technical field of software testing, and in particular relates to a WASM smart contract vulnerability detection method based on symbolic execution. Background technique [0002] The blockchain provides support for decentralized and trustless payment scenarios, and it is the result of interdisciplinary research on hash encryption algorithms, network technology, distributed system principles, and social economics. Blockchain provides a new type of trust mechanism in principle, and based on this, a safe, reliable, and highly fault-tolerant decentralized database system is built. Through smart contracts, the blockchain platform realizes the automation and intelligence of transactions, and improves the versatility of blockchain technology. [0003] The security research of blockchain smart contracts is mainly aimed at logical security and correctness; however, as the first blockchain platform to apply smart contracts, Ethereum ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36G06F8/41
CPCG06F11/3612G06F8/41Y02D10/00
Inventor 姜博王冬陈一飞万寒
Owner BEIHANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com