| With the continuous development of science and technology,blockchain technology has received extensive attention.As a product of blockchain development,smart contracts have been applied to fields such as finance,aerospace and the Internet of Things.In recent years,due to the low threshold for the development of smart contracts,many smart contracts have security loopholes,which have caused serious security incidents.Therefore,it is of great significance to study smart contract security detection technology to ensure the security of smart contracts.At present,the detection technologies for smart contracts have their own advantages and disadvantages,and the accuracy rate is the most important indicator to measure the pros and cons of detection technologies.The accuracy of static analysis is low and the labor cost is high.The coverage of symbolic execution is high but there is a problem of path explosion.Formal verification cannot detect smart contracts with complex structures.Compared with the previous three technologies,fuzz testing has the advantage of accurate Therefore,this paper uses fuzz testing to detect the security of smart contracts.Due to the randomness of test cases generated by fuzz testing,the code coverage rate and detection efficiency are low in the process of detecting smart contracts.So how to efficiently generate test cases is the focus of this paper.This paper uses fuzz testing to detect the security of smart contracts.Aiming at the problem of low code coverage,this paper designs a symbolic execution-assisted fuzzing method for smart contracts,explores new paths through symbolic execution,and assists fuzzing to generate new paths that can be covered test cases;Aiming at the problem of detection efficiency,this paper designs a feedback-guided genetic algorithm for smart contract fuzz testing,and guides the genetic algorithm to generate effective tests through three aspects:branch distance,code coverage,and read-after-write data dependence.use cases,thereby improving the detection efficiency of fuzz testing.Combining the above methods,this paper designs a smart contract fuzz testing method based on symbolic execution and genetic algorithm,and implements a security detection system for smart contracts based on this method.In this paper,the functional test and performance analysis of the system are carried out,and the code coverage,detection efficiency and detection accuracy are used as indicators to experiment and analyze the smart contracts on the official website of Ethereum.Compared with the execution tool Mythril,it effectively improves the code coverage,efficiency and accuracy of smart contract fuzzy detection. |
PDF Full Text Request