Design And Integration Of Vulnerability Scanner Based On Ethereum Smart Contracts

With the increasing maturity of blockchain technology and the emergence of the public blockchain platform Ethereum,the application of smart contracts has developed rapidly.Smart contracts which prescribe specific trading events are developed by Solidity program language.Due to developer's negligence and development habits,smart contract that have not been checked are likely to have vulnerabilities which can be exploited by hackers.That will cause huge loss of digital assets to users.Therefore,how to effectively and quickly detect and locate vulnerabilities in smart contracts is called the key to smart contract and blockchain security issues.At present,the security detection of smart contract codes mainly depends on the audit of contract codes based on expert knowledge and the programming level of contract developers.There is no universal and automated detection tool and method.Faced with the increasing number of smart contracts,the expanding scope of smart contract applications,the increasingly complex contract functions,and the increasingly difficult contract vulnerabilities,the difficulty and complexity of code auditing for smart contracts is also increasing,and it is no longer possible to meet the new situation of smart contract code detection task.Therefore,the research and development of new smart contract vulnerability detection methods and tools is imminent.This paper focuses on the security issues of Ethereum smart contracts,and mainly conducts the following research:First,the Ethereum smart contract vulnerability scanner integration platform scanDocker based on the three open source smart contract scanners Mythril,Oyente,and Slither are proposed.Through the integration of three open source smart contract scanners,a one-stop smart contract scanning platform with more comprehensive vulnerability detection capabilities,clearer vulnerability report information,and user-friendly experience is provided,which provides reliable support for the security of smart contracts.Second,we use program slicing technology to generate and labeled Solidity smart contract program slices,and generate a Solidity vulnerability detection dataset suitable for deep learning.This dataset is currently the first dataset for Solidity source code vulnerability detection,which can be used by any deep learning model.Third,a deep learning model for Solidity smart contract vulnerability detection is designed,and experiments have proved that deep learning can achieve good results in smart contract vulnerability detection,simplifying the vulnerability detection process,and providing a new method to smart contract vulnerability detection tasks.