Vulnerability Checking Of Smart Contracts Based On Intermediate Representations

With the development of society,blockchain technology has become a hot topic all around the world.The fundamental concept is a decentralized,immutable,and anonymous public ledger.Compared to traditional contracts,smart contracts save time and money by being deployed on the blockchain and instantly executing once the pre-defined conditions are fulfilled.Smartcontracts are applied in an open network context,which on the blockchain are challenging to change.Moreover,the programming language for the smart contracts is not mature enough and the level of developers varies,leading to the frequent smart contract security problems.In order to reduce the loss caused by smart contract vulnerabilities,it is necessary to detect smart contracts before deployment.For this purpose,we analyze the vulnerabilities of smart contracts and design some security strategies for different vulnerabilities.A smart contract detection tool based on the intermediary representation that we have researched,designed,and developed is called SmartETH,and we used the tool to experiment on a real large data set.The following is the research of the thesis:(1)The traditional smart contract vulnerabilities,such as integer overflow,timestamp dependency,reentrancy,transaction order dependency,self-destruction,denial of service,and delegatecall vulnerabilities,are analyzed,and the corresponding vulnerability protection strategies are proposed to ensure the accuracy of the suggested vulnerability protection strategies.(2)SmartETH is a smart contract detection approach based on intermediate representation.Initially,SmartETH uses ANTLR4 to translate the smart contract source code into the intermediary representation,an XML tree.Second,an XPath rule is created by designing XPath rules in accordance with vulnerability characteristics and smart contract protection strategies.Finally,XPath path matching is used to detect smart contract vulnerabilities.Moreover,SmartETH allows batch detection,which significantly improves the effectiveness of batch smart contracts’ analysis.The SmartETH tool is visualized on a browser and provides trend and accumulation analysis for smart contracts by connecting to the Web online.(3)In order to verify the detection effectiveness of SmartETH,we analyze the false positive rate,false negative rate and detection efficiency.The experimental results show that SmartETH is efficient for detecting some smart contract vulnerabilities.