Ethereum Smart Contract Security Vulnerability Analysis And Automated Batch Detection

In recent years,with the continuous development of Ethereum,smart contract applications have shown an explosive growth trend.The contract has broadened the development path of Ethereum,coupled with the decentralized,transparent,tamper resistant,and anonymous nature of blockchain itself,making it convenient for users and improving efficiency.However,most contracts are not secure,as the writing language of the contract is not mature enough and the immutable feature once deployed on the chain inevitably leads to security vulnerabilities in the contract,which can cause huge economic losses.Therefore,the research and application of smart contract vulnerability detection technology are of great significance.The thesis analyzes several common security vulnerabilities of Ethereum smart contracts so far,and proposes corresponding prevention methods based on these vulnerabilities;Design and develop a smart contract vulnerability detection tool,and analyze and detect the source code of Solidity;At the same time,an automated batch detection method is proposed for large sample contract sets.Specifically,the main research contents of the paper are as follows:1.Summarized the common security vulnerabilities of smart contracts in Ethereum:reentrancy vulnerability,integer overflow vulnerability,timestamp dependency vulnerability,transaction order dependency vulnerability,privilege control vulnerability,coverage vulnerability of delegated Call function,division operation vulnerability,zero day asset vulnerability,etc.,and designed good security prevention methods for each vulnerability.2.Aiming at the problems of high false positive rate,low time efficiency and low code coverage in the current method of detecting smart contracts,the IXVDM model is designed,which is mainly composed of three modules: intermediate representation,XPath language rule base and vulnerability analyzer.Based on the IXVDM model,a smart contract security vulnerability detection tool named Slight Detection is developed,which realizes the security vulnerability detection of Ethereum smart contract Solidity source code.3.Aiming at the problem of time consumption in detecting a large number of contract cases,an automated batch testing method is designed,which mainly consists of two modules: contract batch generator and batch vulnerability analysis report.Based on this method,you can scan the contract files under the specified folder and read the contents of each contract.Finally,the batch inspection report of the contract is output.At the same time,in order to show the effect of automatic batch processing of Slight Detection contracts,this paper realizes the automatic batch processing function of contracts of Oyente and Vandal.4.The thesis implements the construction of the smart contract vulnerability detection system,that is,the Slight Detection tool is embedded in the Web page,and the function of the Slight Detection tool is visualized on the browser by connecting to the Web front end.