Vulnerabilities Of Smart Contracts And Corresponding Safety Function Design On Ethereum

The advent of ETHEREUM marked the realization of Block Chain 2.0.ETHEREUM realized the complete smart contract programmable function of Block Chain Turing.Developers can develop and implement complex de-centralized applications.However,the security problems brought about by smart contracts have attracted great attention from all sides.For example,the most famous security incident in Ethereum,"The DAO",caused a loss of $60 million.This paper introduces most of the smart contract vulnerabilities that have appeared,and expounds the principles of some vulnerabilities that have caused losses,such as re-entry vulnerabilities and integer overflow vulnerabilities.The purpose of this paper is to elaborate the principle of smart contract vulnerability,and put forward some solutions for smart contract vulnerability.Therefore,this paper proposes an smart contract security function library to prevent the corresponding vulnerabilities,such as status locks to prevent re-entry vulnerabilities,detection of status values to prevent stack call hierarchical limitations,and detection of address values to prevent short address attacks.Finally,the effect of the security function is validated in the test network.From the perspective of hackers,the Ether with vulnerable contracts are successfully stolen.From the perspective of contract holders,the security function is successfully used to prevent hackers from attacking.The main research of this paper is divided into four parts.Chapters 1 to 3 describe in detail the current situation of smart contract security,the structure of ETHEREUM,and the operation process of smart contract.Chapter 4 summarizes various types of smart contract vulnerabilities,and puts forward some prevention schemes for vulnerabilities.The fifth chapter designs and implements the token contract with loopholes based on the truffle framework and practical application.Chapter Six tests various token contracts and corresponding safety functions,and draws the test conclusion.With the discovery of new vulnerabilities and attacks,the classification of vulnerabilities will continue to develop,and security functions will continue to increase.It can be predicted that the interaction between the huge investment in security-sensitive block-chain applications and the low security currently implemented will facilitate research on these topics.