Research On Blockchain Smart Contract Vulnerability Detection Based On Taint Analysis And Genetic Algorithm

Blockchain is now the focus of emerging technology development.And smart contract is the key technology of blockchain,which greatly expands the services and functions of blockchain.But its code essence also makes smart contract the weakest security part in blockchain.Therefore,the security of smart contract is significant to ensure the security of blockchain.There are few researches on the security of blockchain and smart contract at present,which do not adapt to its wide application and rapid development.Aiming at adapting vulnerability detection method to smart contract,this paper studies the operation mechanism of Ethereum smart contract,and designs two static vulnerability detection methods based on feature source matching and symbol execution for Ethereum smart contract.Besides,a dynamic vulnerability detection method based on fuzzing is designed.On this basis,the paper analyzes the characteristics of related methods,and points out their advantages and disadvantages.The static mehod can effectively improve the detection efficiency but holds high false alarm rate.And the fuzzing can effectively reduce the false alarm rate but has low detection efficiency.Furthermore,in view of the low efficiency of the dynamic vulnerability detection method of smart contract fuzzing,the paper makes corresponding improvements.To solve the problem of too much invalid data,a data screening method based on taint analysis is designed.Aiming at keeping balance of detection efficiency and coverage,a genetic algorithm oriented to smart contract is designed to provide guidance for the variation of fuzzing.To identify the smart contract vulnerabilities,an instrument method for smart contract is designed,which is also information support for taint analysis and genetic algorithm.Based on the above technologies,this paper designs and realizes a fuzzing framework of vulnerability detection of blockchain smart contract based on taint analysis and genetic algorithm.Indicators such as precision and coverage are selected to compare the framework with other detection tools.The results show that the framework we proposed has a high detection accuracy rate,and effectively reduces the detection time without dropping those performance indicators.