Research And Implementation Of Runtime Self-protection Technology In Smart Contracts

Blockchain technology is the underlying technology of virtual currency.It records transactions between multiple parties that usually do not trust each other in a verifiable and permanent way.In the past ten years,the rapid development of blockchain technology mainly benefits from the generation of smart contracts.Smart contracts provide developers with a more powerful contract programming ecosystem and are widely used to implement various business activity scenarios.In the past few years,the number of smart contracts has grown tremendously,and its commercial value has also increased with each passing day.The rapid development and huge commercial value have made the security problems of smart contracts increasingly serious.In particular,smart contracts have immutable characteristics that they cannot be changed once they are on the chain.Special challenges are provided for security issues.At present,the solutions to smart contract security problem mainly rely on code auditing before the smart contract is deployed to the blockchain.Code auditing can effectively solve many security issues,but it only works for un-chained contracts.Code auditing is not helpful for problem contracts that have already been deployed.Moreover,most of the current auditing tools have some defects.For example they often have high false positive rate and sometimes require auditing with manual involvement.In order to make up for the shortcomings of existing tools,this paper proposes a completely new security idea that the runtime application self-protection technology is used to provide dynamic protection while the smart contract is running.In order to make the research more universal,this paper chooses the largest smart contract platform Ethereum in the world for experimental analysis.Six major contract security vulnerabilities are selected to build corresponding vulnerability detection models.With the combination of these detection models,and the design characteristics of the Ethereum virtual machine,we design and implement the smart contract runtime self-protection technology prototype system ESER,and use a series of Ethereum classic vulnerabilities to conduct comparative tests on ESER and benchmark tools.The test results show that compared with other code analysis tools,ESER is less invasive to source code,and does not require manual intervention.It also has a higher detection rate and lower false positive rate,which fully shows the goodness of RASP characteristic.