Security Audit Of Smart Contract Source Code

In recent years,blockchain technology has attracted more and more attention from governments and research institutions.The smart contract,as the representative technology of blockchain 2.0,is deployed to the blockchain in the form of a piece of programmable code,which cannot be modified once successfully deployed.If there is a security vulnerability in the smart contract,it may cause huge losses.Therefore,it is very important to conduct security audits on smart contracts before they are deployed on the blockchain.According to the common types and characteristics of security vulnerabilities in Ethereum smart contract and Fabric smart contract,an extensible security audit tool for smart contract is designed,which realizes the security audit of Ethereum smart contract source code and Fabric smart contract source code.The main contents of this thesis are as follows:1.In view of the single type of smart contract vulnerability detection and low detection efficiency,an extensible security vulnerability detection model for smart contract is designed.This model is mainly divided into preprocessing module,matching detection module and rule library.Under the condition that the matching algorithm is unchanged,ANTLR4 grammar rules and security rules are designed to realize the security audit of smart contracts on various blockchain platforms based on this model.2.Based on the above model,an extensible security audit tool for smart contract is designed and developed,named Contract Detection.The security audit of source code of Ethereum smart contract and Fabric smart contract is implemented by this tool.The design and implementation of the tool mainly completes the following work: Firstly,according to the grammar specifications of Solidity language and Go language,ANTLR4 grammar rules are defined,which are used to parse the source code of the smart contract and complete the preprocessing process.Secondly,common types of vulnerabilities in Ethereum smart contracts and Fabric smart contracts are researched and analyzed,and their vulnerability characteristics are summarized.According to the abstract syntax tree of the vulnerability feature codes,XPath detection patterns are defined.These XPath detection patterns constitute a series of security rules.And these security rules are stored in a rule library.Finally,the matching detection algorithm is implemented to complete the matching detection.3.Using Contract Detection to detect verified smart contracts in Ethereum and smart contracts in the real Fabric project,the detection results are analyzed and compared.The results show that there are still some high-risk vulnerabilities in the source code of some smart contracts.This tool provides reference value for the developers of smart contract and improves the security of the smart contract.