Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Intelligent contract security auditing method based on symbol abstraction analysis

An abstract analysis, smart contract technology, applied in computer security devices, computing, instruments, etc., can solve the problems of low contract coverage, false positives and false positives, low contract coverage, etc., to improve the detection effect and accuracy, Enhanced coverage and wide detection range

Pending Publication Date: 2022-03-18
HAINAN NORMAL UNIV
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The current automated detection tools are often too dependent on a single technology, and the degree of automation is not high. It still needs a lot of work to be used in practice.
Although it is useful in some cases, there are still some shortcomings and deficiencies. With the update and iteration of contract language and the increase of vulnerability types, due to the defects of detection mode or logic design, many key vulnerability verifications will be missing. ; Due to the inaccurate modeling of vulnerabilities, a large number of false positives and false positives will be caused; the coverage rate of the contract is not high, and the basic requirements can be met for some specific contracts, but the contract coverage rate in real production is low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intelligent contract security auditing method based on symbol abstraction analysis
  • Intelligent contract security auditing method based on symbol abstraction analysis
  • Intelligent contract security auditing method based on symbol abstraction analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] In order to better understand the technical content of the present invention, specific embodiments are provided below, and the present invention is further described in conjunction with the accompanying drawings.

[0025] see Figure 1 to Figure 3 , the present invention is a smart contract security audit method based on symbolic abstraction analysis, comprising the following steps:

[0026] S1: Input the source code of the contract to be detected, and generate a static detection file through the contract compiler;

[0027] S2: traverse the static detection file to generate a control flow chart file CFG and collect contract information;

[0028] S3: The flowchart file CFG converts the contract information into a single-assignment statement text SSA, performs modeling analysis on the single-assignment statement text SSA, and traverses to collect contract attribute information;

[0029] S4: Integrate the contract attribute information as input, execute vulnerability det...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an intelligent contract security auditing method based on symbol abstraction analysis, and the method comprises the following steps: S1, inputting a to-be-detected contract source code, and generating a static detection file through a contract compiler; s2, traversing the static detection file to generate a control flow chart (CFG) file and collecting contract information; s3, converting the CFG into a single assignment statement text SSA by using the contract information, performing modeling analysis on the single assignment statement text SSA, and traversing and collecting contract attribute information; s4, integrating the contract attribute information as input, executing vulnerability detection strategy search, and generating vulnerability types and vulnerability positions; s5, the vulnerability type and the vulnerability position serve as input of a symbolic analysis engine, a basic block where the vulnerability is located is inquired, the symbolic analysis engine analyzes the vulnerability type and the vulnerability position, traceability traversal is conducted on an execution path of the vulnerability, and the vulnerability is obtained. And completing verification and screening work of the generated vulnerability type and the vulnerability position.

Description

technical field [0001] The invention belongs to the field of smart contracts, and in particular relates to a smart contract security audit method based on symbol abstract analysis. Background technique [0002] In the field of automated security tools for smart contracts, there are not many existing symbolic execution vulnerability detection solutions, among which Oyente, WANA, etc. are more typical. The current automated detection tools often rely too much on a single technology, and the degree of automation is not high. It still needs a lot of work to be used in practice. Although it is useful in some cases, there are still some shortcomings and deficiencies. With the update and iteration of contract language and the increase of vulnerability types, due to the defects of detection mode or logic design, many key vulnerability verifications will be missing. ; Due to the inaccurate modeling of vulnerabilities, a large number of false positives and false positives will be cau...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/57
CPCG06F21/562G06F21/577
Inventor 文斌王泽旭
Owner HAINAN NORMAL UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com