| In recent years,Ethereum smart contracts have attracted widespread attention due to their advantages of not requiring third-party supervision,non-tampering,and trusted transactions,and have been applied in many fields such as games and finance.Due to the neglect of security and the huge economic value of the contract itself,smart contracts become the target of attackers,which seriously damages the interests of users.Therefore,it is particularly important to detect contract vulnerabilities.According to the execution principle and vulnerability characteristics of Ethereum smart contracts,this thesis studies and implements a smart contract static vulnerability detection system.The main research contents of this thesis are as follows:(1)Aiming at the high false positive rate of the current symbolic execution scheme and the inability to detect the vulnerability caused by the joint action of multiple functions,a symbolic execution vulnerability detection scheme based on the state variable dependency graph is designed.This scheme guides the construction of combined paths by extracting state variable dependency graphs from smart contracts,so that vulnerabilities triggered by multiple functions can be detected in a small path space.At the same time,four kinds of vulnerability detection schemes are designed according to the state variable dependency graph,which reduces the false positive rate.Experiments are conducted on the constructed dataset,and the results show that the scheme outperforms other symbolic execution tools.(2)Aiming at the problem of poor detection effect caused by excessive noise in the machine learning vulnerability detection scheme,a deep learning smart contract vulnerability detection scheme based on key combination paths is designed.The critical combination path removes a lot of contract code that is not related to vulnerabilities,greatly reducing noise.At the same time,the smart contract code is analyzed,and a code normalization method is proposed,which removes the homogenized code and further reduces the noise.Finally,the effectiveness of the proposed scheme is verified by experiments.(3)Based on the above two schemes,a static vulnerability detection system for Ethereum smart contracts is designed and implemented.When the symbol execution time-out leads to false negatives,the detection results of deep learning are used to supplement,which improves the overall detection effect.The function and performance of the system are tested,and the test results show that the system has the advantages of high accuracy,low false positive rate and low false negative rate. |
PDF Full Text Request