| Early blockchain was only used in cryptocurrencies.With the introduction of smart contracts,blockchain quickly broke through the single application scenario of cryptocurrencies and made a splash in a wide range of industries.A smart contract is essentially a piece of script deployed on a blockchain network that can automatically execute transactions.However,due to the tamperevident nature of the blockchain,smart contract code deployed on the blockchain cannot be fixed for security vulnerabilities in the same way as ordinary software,which gives many unscrupulous profiteers an opportunity to take advantage of the situation.Therefore,it is crucial to conduct security checks before deploying smart contract code on the blockchain,and vulnerability detection can largely reduce the security risk of the contract.This paper studies known security threat detection techniques for blockchain smart contracts,dissects the principles of known vulnerabilities and existing smart contract vulnerability detection methods,and designs a machine learning and fuzzy testing-based smart contract vulnerability detection method and a deep learning-based smart contract vulnerability detection model for the problems of few vulnerability types supported by existing detection tools and low detection efficiency.The details are as follows:(1)This paper investigates the known security threat intelligence of smart contracts,introduces the contract vulnerabilities according to the Solidity code layer,EVM execution layer and blockchain system layer,elaborates on the smart contract vulnerability analysis methods from five perspectives: formal verification method,symbolic execution method,fuzzy test method,central representation method and deep learning method,and conducts experiments on twenty-five representative detection tools under the five mainstream methods.Through experiments,the detection capabilities of different tools for different types of vulnerabilities under different methods are analyzed and summarized,and the compatibility of six tools for 0.4 to 0.8 versions of smart contract detection is explored and summarized.(2)Aiming at the problem that the existing fuzzers are difficult to find the key transaction sequence,which leads to the low detection efficiency,this paper designs and implements an improved fuzzing intelligent contract vulnerability detection method based on machine learning.This method uses the two-dimensional node queue to improve the seed generation strategy and selection strategy.In the mutation stage,the Concolic test technology is used to assist the experiment,and the state information of the variables is monitored and collected by tracking the dynamic data flow.The integer overflow vulnerability,reentrant vulnerability,block state dependence vulnerability and exception handling vulnerability in the contract under test are excavated,which achieves higher code coverage and better vulnerability detection efficiency than other tools of the same type.The method is verified by experiments.(3)Aiming at the problem that the contract vulnerability detection tool under the existing deep learning method supports less types of vulnerabilities and relatively high false alarm rate,this paper constructs a smart contract vulnerability detection model based on deep learning.This paper first performs pre-training on the smart contract source code,so that the model can be detected for the Solidity language,and then uses the mask matrix for feature learning.At the same time,the combination of SMOTE and Tomek Link solves the problem of data imbalance in model execution.The model in this paper can mine the integer overflow vulnerability,transaction order dependency vulnerability,call stack overflow vulnerability,timestamp vulnerability and reentrant vulnerability existing in the tested contract,and achieve better vulnerability detection efficiency.Experiments show that the model in this paper is superior to other detection tools in detection performance. |
PDF Full Text Request