Research On Known Threat Detection Technology For Blockchain Smart Contract

With the arrival of blockchain 2.0 technology and the development plan of blockchain industry written into the outline of China’s "14th Five-Year Plan",blockchain has received more and more attention at the national and social level.At the same time,the scale of blockchain industry is gradually increasing,the number of blockchain-related enterprises continues to increase,and security incidents in the blockchain field also occur frequently,causing significant property losses.Therefore,it is urgent to detect security vulnerabilities of smart contracts to prevent attacks.At present,the tools for smart contract vulnerability detection have high false positive rate and false negative rate.The deep learning method has higher accuracy and detection efficiency than other detection methods in detecting smart contract vulnerabilities.However,there are fewer types of vulnerabilities that can be detected,and most detection tools cannot detect the latest version of smart contracts.Therefore,this paper proposes a static vulnerability detection method of multi feature fusion smart contract based on graph neural network to detect the vulnerability of universal multi version smart contract,analyzes the shortcomings of the static method,and improves the dynamic vulnerability detection method of smart contract based on hybrid fuzzy testing.The contributions of this paper are mainly as follows:1.This thesis analyzes the principles of 29 common smart contract vulnerability detection tools,and divides them into six categories: formal verification method,symbol execution method,fuzzy testing method,intermediate representation method,stain analysis method and deep learning method.And a number of smart contract vulnerability detection tools are compared in terms of the types of vulnerabilities that can be detected,the detection accuracy,and the versions of smart contracts that can be detected.Ultimately the result of the experiment are summarized,and expounds the current deep learning method of static detection tools to test the accuracy of intelligent contract holes,high efficiency,but can detect intelligent fewer loopholes,contract version is old,detecting vulnerabilities such as assertion failures and unhandled exceptions is inadequate,can be make up such conclusion through dynamic detection tools.2.In this thesis,a multi-feature fusion vulnerability detection method based on graph neural network is designed and implemented.By fusing multiple graph features and pattern features,this method improves the accuracy of vulnerability detection,increases the number of detected vulnerabilities to 7,and solves the problem that the general high version smart contract cannot detect.Finally,this method is verified by experiments.3.The improved smart contract vulnerability dynamic detection method based on hybrid fuzzy testing can detect 10 common vulnerabilities of smart contracts,such as assertion failure,reentrancy and integer overflow.Through optimization and improvement of genetic algorithm,the concepts of linear sorting segmentation operator,probability crossover operator and stable mutation operator are proposed,which improve the efficiency of vulnerability detection,code coverage and branch coverage,and are verified by experiments.