Jisuanji kexue (Mar 2022)

Overview of Vulnerability Detection Methods for Ethereum Solidity Smart Contracts

  • ZHANG Ying-li, MA Jia-li, LIU Zi-ang, LIU Xin, ZHOU Rui

DOI
https://doi.org/10.11896/jsjkx.210700004
Journal volume & issue
Vol. 49, no. 3
pp. 52 – 61

Abstract

Read online

Based on blockchain technology,Ethereum Solidity smart contract as a computer protocol is designed to spread,verify,or execute contracts in an informative way,and it provides a foundation for various distributed application services.Although implemented for less than six years,its security problems have frequently broken out and caused substantial financial losses,which attracts more attention in the security inspection research.This paper firstly introduces some specific mechanisms and operating principles of smart contracts based on Ethereum related techniques,and analyzes some smart contract vulnerabilities occurring frequently and deriving from the characteristics of smart contracts.Then,this paper explains the traditional mainstream smart contract vulnerability detecting tools in terms of symbolic execution,fuzzing,formal verification,and taint analysis.In addition,in order to cope with the endless new vulnerabilities and the need to improve the efficiency of detection,vulnerabilities detection based on machine learning in recent years is classified and summarized according to the various ways of problem transformation in three perspectives including text processing,non-Euclidean graph and standard image.Finally,this paper proposes to formulate more extensive and accurate standardized information database and measurement indicators towards the insufficiency of the detection methods in two directions.

Keywords