Research And Implementation Of Fabric Smart Contract Vulnerability Detection System

Fabric is currently the most popular consortium blockchain platform,using a modular architecture that provides high security,resilience,flexibility,and scalability.Smart contracts are used to automate transactions and manipulate ledger data.In the Fabric platform,smart contracts can be written in general-purpose programming languages,which provides convenience for their development.However,during the development of smart contracts,developers who lack a sufficient understanding of the underlying logic of smart contract operation may introduce risky operations,causing the execution logic of the smart contract to be inconsistent with the business logic and resulting in significant economic losses.Currently,there is little research on smart contract risk detection for the Fabric platform,and existing detection schemes and tools have not been very effective.Therefore,there is a need for research into smart contract risk detection technology specific to the Fabric platform.The main research content of this thesis is as follows:(1)Aiming at the problem of high false positive and false negative rates of current static detection solutions,an intelligent contract risk detection technology based on critical methods and their invocation chains is proposed.The critical methods represent operations on the world state of the blockchain,and by using pattern matching,they can accurately extract critical methods from the structure of the abstract syntax tree,achieving rapid localization of risks in smart contracts.The critical method invocation chain reflects the actual execution order of critical methods.By analyzing special statements and the impact of multiple functions on the execution order,the multiple properties of critical methods are used to construct the invocation chain,thereby covering more risk scenarios.At the same time,four triggering conditions for smart contract risks were analyzed,and corresponding detection rules were designed.Finally,experiments were conducted to compare the effectiveness of the proposed approach with Revive^cc.(2)A smart contract risk detection scheme based on static single assignment(SSA)intermediate code is proposed to address the issue that AST-based smart contract detection solutions cannot capture the values of method parameters,leading to false positives in the detection process.SSA can simplify the analysis of data flow.Combined with the control flow graph and function call graph,the actual values corresponding to the method parameter names are determined through value propagation analysis based on the SSA form to improve the accuracy of the detection.Finally,the effectiveness of the scheme is verified through experiments.(3)Based on the proposed smart contract risk detection technology in this thesis and practical application scenarios,a smart contract risk detection system was designed and implemented,which can help developers analyze and discover potential risks in smart contracts.The functionality and reliability of the system were verified through numerous test cases.