[1]傅紫薇,沈子牛,陈云芳,等.以太坊智能合约的漏洞自动化修复技术研究[J].计算机技术与发展,2023,33(02):110-118.[doi:10. 3969 / j. issn. 1673-629X. 2023. 02. 017]
 FU Zi-wei,SHEN Zi-niu,CHEN Yun-fang,et al.Research on Automatic Vulnerability Repair Technology of Smart Contracts on Ethereum[J].,2023,33(02):110-118.[doi:10. 3969 / j. issn. 1673-629X. 2023. 02. 017]
点击复制

以太坊智能合约的漏洞自动化修复技术研究()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
33
期数:
2023年02期
页码:
110-118
栏目:
网络空间安全
出版日期:
2023-02-10

文章信息/Info

Title:
Research on Automatic Vulnerability Repair Technology of Smart Contracts on Ethereum
文章编号:
1673-629X(2023)02-0110-09
作者:
傅紫薇沈子牛陈云芳张 伟
南京邮电大学 计算机学院,江苏 南京 210023
Author(s):
FU Zi-weiSHEN Zi-niuCHEN Yun-fangZHANG Wei
School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China
关键词:
区块链安全以太坊智能合约漏洞检测自动化修复
Keywords:
blockchain securityEthereumsmart contractsvulnerability detectionautomation repair
分类号:
TP393
DOI:
10. 3969 / j. issn. 1673-629X. 2023. 02. 017
摘要:
以太坊等公链上的智能合约可以实现各种去中心化应用,但频发的安全事件导致用户的财产遭受威胁。 智能合约安全问题极大地影响用户对去中心化应用的信任度,且链上信息具有不可篡改的特性,使得智能合约在部署前的安全审计和漏洞修复过程必不可少,但当前的安全研究大多聚焦于智能合约漏洞检测技术。 文章首先介绍了智能合约相关背景并比较了其与传统应用程序的差异,提出了包含漏洞识别和补丁生成两大关键步骤的智能合约部署前漏洞自动化修复流程,然后分析并阐述了常见的漏洞类型和漏洞检测技术,深入讨论了基于字节码和源码生成智能合约常见漏洞补丁的研究进展,最后对智能合约漏洞补丁生成技术面临的有效性、成本、可扩展性等性能问题以及漏洞自动修复技术的未来方向进行了展望。
Abstract:
Smart contracts on public blockchain such as Ethereum can realize various decentralized applications, but frequent securityincidents threaten users’ property. The security problems of smart contracts greatly affect users’ trust in decentralized applications,and theimmutable nature of on-chain information makes the security audit and vulnerability repair process of smart contracts essential before deployment. However,most of the current security research focuses on the vulnerability detection technology of smart contracts. Firstly,thebackground of smart contracts is introduced and the differences between smart contracts and traditional application are compared. The automatic vulnerability repair process before deployment of smart contracts is proposed,which includes two key steps of vulnerability identification and patch generation. Besides, common vulnerability types and vulnerability detection technologies are analyzed, the researchprogress of patch generation based on bytecode and source code is discussed in detail. Finally,the effectiveness,cost,scalability and otherperformance problems,as well as the future direction of vulnerability automatic repair technology are prospected.

相似文献/References:

[1]朱诗生,李朝清,黄仁俊,等.基于区块链的医疗数据安全共享模型与机制[J].计算机技术与发展,2020,30(10):123.[doi:10. 3969 / j. issn. 1673-629X. 2020. 10. 023]
 ZHU Shi-sheng,LI Chao-qing,HUANG Ren-jun,et al.Secure Sharing Model and Mechanism of Medical Data Based on Block Chain[J].,2020,30(02):123.[doi:10. 3969 / j. issn. 1673-629X. 2020. 10. 023]
[2]李莎莎,姬永清,罗 盘,等.针对主从多链的区块链集成共识机制研究[J].计算机技术与发展,2021,31(08):82.[doi:10. 3969 / j. issn. 1673-629X. 2021. 08. 014]
 LI Sha-sha,JI Yong-qing,LUO Pan,et al.Research on Blockchain Integrated Consensus Mechanisms of Master and Slave Multi-chain[J].,2021,31(02):82.[doi:10. 3969 / j. issn. 1673-629X. 2021. 08. 014]
[3]王赫彬,郑长友,黄摇 松,等.以太坊智能合约安全形式化验证方法研究进展[J].计算机技术与发展,2021,31(09):104.[doi:10. 3969 / j. issn. 1673-629X. 2021. 09. 018]
 WANG He-bin,ZHENG Chang-you,HUANG Song,et al.Review:Secure Formal Verification Methods for Ethereum Smart Contracts[J].,2021,31(02):104.[doi:10. 3969 / j. issn. 1673-629X. 2021. 09. 018]
[4]陈 曦,沈苏彬.一种基于区块链的存储资源可信分配方法[J].计算机技术与发展,2022,32(02):130.[doi:10. 3969 / j. issn. 1673-629X. 2022. 02. 021]
 CHEN Xi,SHEN Su-bin.A Storage Resource Allocation Method Based on Blockchain[J].,2022,32(02):130.[doi:10. 3969 / j. issn. 1673-629X. 2022. 02. 021]
[5]严国秀,沈苏彬.一种基于区块链的物联网标识管理方案[J].计算机技术与发展,2022,32(04):158.[doi:10. 3969 / j. issn. 1673-629X. 2022. 04. 027]
 YAN Guo-xiu,SHEN Su-bin.An Identity Management Solution of IoT Based on Blockchain[J].,2022,32(02):158.[doi:10. 3969 / j. issn. 1673-629X. 2022. 04. 027]
[6]毛典辉,梁秀霞,赵 爽,等.面向区块链平台的庞氏骗局模式检测方法[J].计算机技术与发展,2022,32(05):153.[doi:10. 3969 / j. issn. 1673-629X. 2022. 05. 026]
 MAO Dian-hui,LIANG Xiu-xia,ZHAO Shuang,et al.Ponzi Scheme Pattern Detection Method for Blockchain Platform[J].,2022,32(02):153.[doi:10. 3969 / j. issn. 1673-629X. 2022. 05. 026]
[7]李 铭,沈苏彬.一种基于区块链的自媒体版权管理方案[J].计算机技术与发展,2023,33(01):206.[doi:10. 3969 / j. issn. 1673-629X. 2023. 01. 031]
 LI Ming,SHEN Su-bin.A Solution for Self-media Copyright Management Based on Blockchain[J].,2023,33(02):206.[doi:10. 3969 / j. issn. 1673-629X. 2023. 01. 031]
[8]刘 江,沈苏彬.一种基于区块链的环境监测的可信管理[J].计算机技术与发展,2023,33(02):84.[doi:10. 3969 / j. issn. 1673-629X. 2023. 02. 013]
 LIU Jiang,SHEN Su-bin.A Trusted Management of Environmental Monitoring Based on Blockchain[J].,2023,33(02):84.[doi:10. 3969 / j. issn. 1673-629X. 2023. 02. 013]
[9]檀钟盛,陈春晖.基于区块链技术的疫情健康码方案[J].计算机技术与发展,2023,33(07):215.[doi:10. 3969 / j. issn. 1673-629X. 2023. 07. 032]
 TAN Zhong-sheng,CHEN Chun-hui.Epidemic Health Code Scheme Based on Blockchain Technology[J].,2023,33(02):215.[doi:10. 3969 / j. issn. 1673-629X. 2023. 07. 032]

更新日期/Last Update: 2023-02-10