| 摘要: |
| 随着区块链的发展,智能合约的应用已经十分广泛。然而,我们发现智能合约的开发者倾向于克隆其他智能合约的代码来快速实现业务功能,而这种行为往往会将安全漏洞引入到新的智能合约中。在以太坊上有大约90%的智能合约存在代码克隆的现象,这进一步说明在智能合约上由代码克隆传播相似成因漏洞的风险很大。此外,开发者在克隆功能代码时可能还会对代码进行变造、跨函数修改等操作,这增加了对这类重构克隆漏洞检测的难度。由于区块链数据具有上链后不可篡改的特性,修复已经部署的漏洞智能合约是十分困难的,因此亟需在部署智能合约前对其代码进行克隆漏洞检测。本文提出了一种针对Solidity智能合约的克隆漏洞检测系统Sol-RCVD,它不需要预定义漏洞特征,能够在已有的漏洞智能合约代码基础上从函数、代码行这两种粒度自动生成漏洞指纹,以容忍重构克隆变化。Sol-RCVD还利用过程间分析和程序切片方法引入上下文信息,解决了同类工作对代码信息提取粒度粗、漏洞上下文信息不敏感的问题。本文在人工构造和真实的以太坊智能合约这两种数据集上进行了实验,结果表明Sol-RCVD比同领域的对比工作有着更低的误漏报率和更高的检测准确率及效率,检测每个智能合约文件的平均时间仅为0.37秒,这种高速分析能力能够帮助开发者在开发阶段就从源代码角度检测漏洞。我们还将Sol-RCVD和8个高水平的传统检测工作进行对比,验证了Sol-RCVD有着更好的表现。基于Sol-RCVD,我们还在以太坊中检测出了上百个未被报告的漏洞智能合约并且获得了4个CVE漏洞编号。 |
| 关键词: 克隆漏洞检测 智能合约 区块链 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2024.02.13 |
| 投稿时间:2021-12-22修订日期:2022-03-04 |
| 基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目),国家重点研发计划 |
|
| A Context-Sensitive System for Restructured Cloning Vulnerability Detection in Solidity Smart Contract |
|
YU Xingxin, WU Bin, YU Zhengmin
|
| (Institute of Information Engineering, Chinese Academy of Sciences) |
| Abstract: |
| With the development of blockchain, smart contracts are very popular. We have observed that smart contract programmers tend to copy and paste code to quickly duplicate some functionality, which can introduce clone-related vulnerabilities into new smart contract. With the fact that nearly 90% of smart contracts on Ethereum are clones, the harmfulness of cloning-related vulnerability has been magnified. Even worse, programmers may modify the copied source code across functions, which poses a huge challenge for detecting such restructured cloning vulnerability. Due to the immutability of blockchain data, it is very difficult to repair the deployed vulnerability smart contracts. Therefore, it is urgent to perform clone vulnerability detection on the code of smart contracts before deploying them. In this paper, to fill this gap, we propose a context-sensitive and scalable method to detect restructured cloning vulnerability in Solidity smart contracts, called Sol-RCVD. It does not require pre-defined vulnerability features, and it can automatically generate two granularities of vulnerability fingerprints based on the existing vulnerability smart contract code, including Function granularity and Line granularity. And we use inter-process program slicing to make the multi-granularity fingerprint context-sensitive, the improved fingerprint contains more contextual information and finer-grained code information. We evaluate our method both in the artificially constructed dataset and Ethereum smart contract dataset, the experiment result shows that Sol-RCVD has much lower false negative rate and lower false positive rate compared with competitive methods. Sol-RCVD outperforms them in terms of both accuracy and scalability (0.37 seconds per contract file), which can help developers detect vulnerabilities efficiently during the smart contract de-velopment stage. We also compare Sol-RCVD with 8 state-of-the-art detection tools that are not focused on clone-related vulnerability, and Sol-RCVD performs best. Based on Sol-RCVD, we have detected hundreds of vulnerable smart contracts in Ethereum that have never been reported before and obtain 4 CVEs. |
| Key words: cloning vulnerability detection smart contract blockchain |
