- 學位論文
SafeOnLine:基於程式執行路徑標記的智能合約審計方案
SafeOnLine: A smart contract audit framework based on program execution path profiling
摘要
以太坊智能合約是由以太坊區塊鏈網絡中互不信任的節點共同運行的去中心化程式。因此,智能合約的安全性是一個重要議題。為確保智能合約安全,在部署至區塊鏈前對它們進行審計是一種常見和流行的做法。然而,倘若在審計階段遺漏某個漏洞,則部署後的智能合約將有可能持續受到攻擊。 本文提出了一個在智能合約執行過程中檢測潛在攻擊的方法。首先對智能合約進行靜態分析,再通過程式執行路徑標記和程式插樁技術,將智能合約的執行路徑限制在預先定義的安全路徑集內,攔截可疑攻擊併發出警報。實驗結果表明,該方法能夠在適度增加智能合約部署和運行開銷的前提下,有效應對路徑相關的智能合約漏洞。
並列摘要
The Ethereum smart contract is a decentralized program executed by nodes who don’t trust each other in blockchain network. So, the security of smart contract becomes an important issue. It is common and popular to audit smart contracts before they are deployed, but once they are deployed, they can no longer be secured. This thesis proposes a framework for detecting potential attacks during the execution of smart contracts. Through program execution path profiling and program instrumentation technology, the execution path of smart contracts is restricted within the pre-defined safe path set, and suspected attacks are intercepted and alerted. Experimental results show that the SafeOnLine can effectively deal with path-related smart contract vulnerabilities on the premise of moderately increasing the deployment and operation costs of smart contracts.