Smart contract reentry vulnerability detection method and device, storage medium and related equipment
A smart contract and vulnerability detection technology, which is applied in computer security devices, other database retrieval, structured data retrieval, etc., can solve problems such as economic loss, path explosion, and detection result errors, to achieve accurate detection results and avoid false detection results Effect
Pending Publication Date: 2022-06-07
SUN YAT SEN UNIV
View PDF0 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, new features are often accompanied by new security risks and new security loopholes, especially in the blockchain scenario, if there are security loopholes in the smart contract and unexpected behavior occurs, it will cause major economic losses
[0003] In order to avoid the problem of path explosion, the existing reentrancy vulnerability detection tools are only based on a single function in the smart contract, and it is difficult to analyze the control flow data flow information across functions, which will easily lead to errors in the detection results, and the existing reentrancy Ingress vulnerability detection tools mainly rely on the keyword call.value()(), making it difficult to adapt to the latest vulnerability development model
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0047] The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are only a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.
[0048] In order to avoid the problem of path explosion, the existing reentrancy vulnerability detection tools only detect based on a single function in the smart contract, and it is difficult to parse the cross-function control flow data flow information, which may easily lead to errors in the detection results. Intrusion detection tools mainly rely on the keyword call.value()(), which makes it difficult to adapt to the latest vulnerability...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
According to the intelligent contract reentry vulnerability detection method and device, the storage medium and the related equipment provided by the invention, when whether the intelligent contract source code contains the reentry vulnerability is detected, the abstract syntax tree corresponding to the to-be-detected intelligent contract source code can be firstly constructed; then, original control flow information and original data flow information of the abstract syntax tree are determined, the original control flow information and the original data flow information are determined on the basis of the abstract syntax tree, and the relation between cross-function control flow and data flow is considered, so that a wrong detection result caused by cross-function information can be avoided; furthermore, according to the application, the original control flow information and the original data flow information can be screened by utilizing a pre-constructed reentry vulnerability keyword library, so that the key control flow information and the key data flow information obtained by screening comprise various types of functions; therefore, the detection method can be applied to reentry vulnerability detection of any smart contract.
Description
technical field [0001] The present application relates to the technical field of vulnerability detection, and in particular, to a method, device, storage medium and related equipment for detecting a smart contract reentrancy vulnerability. Background technique [0002] At present, as an important part of blockchain 2.0, smart contracts provide basic conditions for the application of blockchain in various fields. On this basis, the virtualized trading platform proposes a new smart contract language Solidity to meet the needs of asset transfer between accounts in the blockchain scenario and the execution needs in the decentralized scenario. These two requirements have given birth to a series of unique new machine features of Solidity, such as transfer mechanism, gas mechanism and so on. However, new features are often accompanied by new security risks and new security loopholes. Especially in the blockchain scenario, if there are security loopholes in smart contracts and unex...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06Q40/04G06F16/903G06F16/9038G06F16/27
CPCG06F21/577G06Q40/04G06F16/90335G06F16/9038G06F16/27
Inventor 郑子彬钟志杰
Owner SUN YAT SEN UNIV