透過您的圖書館登入 IP:3.139.82.23
透過您的圖書館登入
IP:3.139.82.23
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 期刊

智能合約的安全防護與檢測平台實作

Smart contract security protection and detection platform implementation

江毓晴(Yu-Qing Jiang) 陳元娣(Yuan-Di Chen) 呂明憲(Ming-Hsien Lu) 汪侑翰(Yu-Han Wang) 陳宗和(Tzung-Her Chen)
《資訊安全通訊》 29卷1期 (2023/02) Pp. 35-52
全文下載

摘要

以太坊(Ethereum)為支持智能合約(Smart Contract)最大的區塊鏈(Blockchain)平台,透過發佈智能合約的Bytecode到鏈上來佈署智能合約之後,就沒辦法再進行更改,所以開發人員在佈署之前檢測智能合約的安全極其重要。目前有許多智能合約的漏洞檢測工具可供給開發人員使用,以確保智能合約的安全,但是這些工具尚未全面性檢測漏洞,且各種攻擊手法與時俱進的在更新,開發人員更容易遺漏各種攻擊的可能性,為了讓開發人員檢驗自己的智能合約之安全性,更全面性的檢測工具是必要的。本研究實作具全面性檢測的智能合約漏洞檢測工具(稱為Ladybugs),除了將coverage rate從55%提升至94%外,也提升precision rate、recall rate至80%以上。接著以Ladybugs為基礎上實作一個具有漏洞介紹的動態掃描區塊鏈智能合約之弱點檢測平台-ContractPecker,透過動態抓取區塊鏈已發佈合約進行檢測與回報,以幫助開發者(或使用者)了解合約出現哪些漏洞,介紹漏洞產生原因,以期避免漏洞的出現。

關鍵字

以太坊 區塊鏈 智能合約 漏洞檢測

並列摘要

Ethereum is the largest Blockchain platform that supports Smart Contracts. After deploying smart contracts by publishing Bytecode of smart contracts to the chain, they are irreparable. It is important to check the security of smart contracts before deploying. There are currently many smart contract vulnerability detection tools available to developers to ensure the security of smart contracts. However, these tools have not comprehensively detected vulnerabilities while various attack methods are being updated with the times. It is easier for developers to miss the possibility of various attacks. This study implements a smart contract vulnerability detection tool (called Ladybugs) with comprehensive detection. In addition to increasing the coverage rate from 55% to 94%, it also increases the precision rate and recall rate to more than 80%. Furthermore, a web platform, ContractPecker, is implemented based on Ladybugs by providing a dynamic weakness-detection mechanism to scan the smart contract deployed on Ethereum blockchain. With vulnerability introduction on the basis of Ladybugs Weakness Detection.

並列關鍵字

Ethereum blockchain smart contract vulnerability detection

參考文獻

Böhme, R., Christin, N., Edelman, B., & Moore, T. (2015). Bitcoin: Economics, technology, and governance. Journal of economic Perspectives, 29(2), 213-38.
Feist, J., Grieco, G., & Groce, A. (2019). Slither: a static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB) (pp. 8-15).
Ferreira, J. F., Cruz, P., Durieux, T., & Abreu, R. (2020). SmartBugs: a framework to analyze solidity smart contracts. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering (pp. 1349-1352).
Ghaleb, A., & Pattabiraman, K. (2020). How effective are smart contract analysis tools? evaluating smart contract static analysis tools using bug injection. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (pp. 415-427).
Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Decentralized Business Review, 21260.

延伸閱讀

全文下載