Several Vulnerability Analysis And Evaluation Of Blockchain Application System

With the rapid development of blockchain technology,from finance to supply chain,from copyright protection to the IOT,blockchain has gradually penetrated into all walks of life.At the same time,the security of blockchain itself has attracted more and more attention.The frequent security accidents related to blockchain have brought great economic losses to users,which shows the importance of security.Blockchain has three characteristics of decentralization,non-tampering and anonymity.Because it uses the cryptography technologies,such as public key signature,hash algorithm and Merkel Tree,blockchain has been regarded as a safe and efficient electronic currency.However,it has been turned out that as long as the programs are written by the human,such as the blockchain application,the wallet application,the bourse,etc.,the various vulnerabilities will inevitably occur and will be used by the hackers.For example,in 2015,the main program of bitcoin broke out integer overflow vulnerability and created a hug sum of bitcoin,which resulting in the rollback of the bitcoin block.In The Dao incident of Ethereum in 2016,the hackers took advantage of the reentrancy attack vulnerability of the smart contract and stole ETC worth 60 million us dollars,which resulting in a hard bifurcation of Ethereum.Some major exchanges continue to be hacked,stealing a huge number of electronic currency incidents are common.Based on such a background,this paper studies the attack methods and defense technologies against blockchain,reveals the vulnerability of blockchain-related systems,mainly including Web exchange security,terminal security and Smart Contracts security,then proposes corresponding defense technologies.The research results and innovations of this paper mainly include:1.This paper analyzes the vulnerability and attack mode of blockchain system in detail through three real cases.The first case is the Trojan analysis of a bitcoin wallet APP,the second case is the security analysis of an online operating electronic currency exchange,and the third case is the security analysis of an ethereum DAPP(pet cultivation game).In this paper,software reverse,penetration testing,machine learning and other methods are used to analyze the vulnerability of these applications,and the corresponding utilization methods or protection methods are proposed.2.According to the characteristics of blockchain Smart Contract,this paper proposes a defense scheme for EVM code audit.This paper analyzes the existing vulnerabilities of EVM based programming language Solidity,such as reentrancy attack,integer overflow,variable overwrite,honeypot contract,denial of service,etc.Study its formation principle,utilization way and harm,most of the vulnerabilities are listed in the example code and attack steps,all the code has been tested and verified.Due to the non-central and non-tamper nature of the blockchain,once security problems occur in the smart contract deployed on the blockchain,it is difficult to remedy them by means of upgrades,patches and other measures.At present,the more effective protection scheme is to conduct security audit of source code before deploying the contract.In this paper,EVM based on open source auditing tool Oyente was studied and extended to support more vulnerability type detection,including "variable overwrite","hidden source code","isolated code block" and "dangerous function call".