Research On Smart Contract Vulnerability Detection Technology

Smart contracts are now widely used in various scenarios.However,smart contracts based on the blockchain are often exposed to have security problems.It is precisely because of the immutable nature of the blockchain that the vulnerabilities exposed by the smart contract will cause irreversible economic losses.How to ensure the security of the smart contract before the smart contract is put on the chain has become a problem that researchers pay close attention to.This thesis focuses on the research on smart contract vulnerability detection technology.Based on the existing research work,it proposes supplementary improvements for technologies such as static analysis and dynamic fuzzing.The specific work is as follows:(1)Aiming at the problem that the vulnerability detection code is strongly coupled to the static detection tool,this thesis introduces a novel approach to detect vulnerabilities in smart contracts,called the meta-operation-based method.It involves converting the basic detection process of the tool into an abstract form of metaoperation and customizing the vulnerability scanning process by using different metaoperations and logical operators.The proposed method has been experimentally verified to require significantly fewer characters than the Slither tool’s vulnerability detection method to describe vulnerabilities,proving its potential for more efficient and concise detection.Additionally,the method offers greater scalability and flexibility while supporting the reliability of the detection tool.(2)Aiming at the problem that existing fuzzing tools fail to dynamically select a suitable detection strategy according to the characteristics of smart contract vulnerabilities,this thesis proposes a smart contract fuzzing method based on vulnerability feedback guidance.Through this method,during the execution process,according to the execution effect of different test case optimization schemes,the allocation of fuzzy resources is dynamically adjusted,and more fuzzy resources are allocated to the test case optimization schemes that are most likely to explore vulnerabilities.At the same time,to improve the random fuzzification of parameters,this thesis proposes a transaction parameter guidance method,which maximizes the use of the fuzzification information generated in each round to guide the current process of parameter fuzzification.Finally,it is proved by experiments that compared with other methods,the branch coverage rate of this method can be increased by 49%～52%;the number of vulnerability detections can be increased by 18.3%in the same period of time.(3)Aiming at the problem that the fuzzer based on the optimization idea will destroy the valuable test case structure in the process of test case optimization,a smart contract fuzzing method based on the combination of static and dynamic is proposed.Through the combination of static analysis technology and fuzz testing technology,quickly generate the shortest test cases that can explore vulnerabilities,and selectively optimize test cases by distinguishing test cases.At the same time,a more comprehensive value calculation formula is used to guide the optimization process of test cases.Finally,it is proved by experiments that this method is superior to the existing smart contract fuzzing testing tools in terms of vulnerability detection speed,the vulnerability detection time can be shortened by 26.4%,and the length of the test cases generated when the vulnerability is discovered can be reduced by 35.1%.Compared with advanced fuzzing tools,the execution speed of use cases can be increased by 16.5%,which proves the effectiveness of this method.