Research On Ethereum Platform Smart Contract Vulnerability Detection Tool

The emergence of the blockchain has changed the way of trust between people.From the traditional third-party to the trust technology itself,the cost of trust is greatly reduced,so that strangers who do not know each other need no intermediary.Trading can be done safely and reliably.Bitcoin is the most successful application case for the blockchain,but its function is relatively simple,only to realize the free flow of electronic money without trust.Ethereum further introduced smart contracts on the basis of blockchain,making it possible to apply blockchains to other fields.Due to the characteristics of the blockchain,once the smart contract is deployed,it cannot be changed,resulting in the vulnerability can not be changed even if it is found,leaving room for hackers to attack,once the vulnerability is breached,a large amount of funds will be lost.In recent years,the issue of smart contract security has attracted much attention,smart contract automation auditing tools based on symbolic execution have emerged in large numbers,the mainstream are Oyente tool based on static symbol execution,Manticore tool based on dynamic symbol execution,Mythril tool based on the combination of symbol execution and specific execution,at present,Mythril tool can cover the most types of vulnerabilities with high accuracy.Based on the study of the core structure of Mythril tool and the existing vulnerability detection strategies,this paper proposes a detection algorithm for transaction order dependency vulnerabilities,which fills the gap that Mythril tool can not detect such types of vulnerabilities,making its vulnerability detection ability more complete,and it is more accurate than similar algorithms in the Oyente tool.At the same time,based on Ganache Visual Version Virtual Block Chain Network and Truffle Framework which integrates development,compilation,deployment and debugging,and combined with the best practices of intelligent contract summarized in Chapter 2,this paper constructs a safety real estate property rights trading system without transaction order dependence vulnerabilities,and combines with the transaction order dependence vulnerability detection algorithm proposed in Chapter 3 with the help of manual audit to detect the real estate property trading system to ensure that there is no transaction order dependence vulnerability,and reverse validates the effectiveness of the transaction order dependence vulnerability detection algorithm.