  • 韩松明,梁彬,黄建军,石文昌.DC-Hunter:一种基于字节码匹配的危险智能合约检测方案[J].信息安全学报,2020,5(3):100-112    [点击复制]
  • HAN Songming,LIANG Bin,HUANG Jianjun,SHI Wenchang.DC-Hunter: Detecting Dangerous Smart Contracts via Bytecode Matching[J].Journal of Cyber Security,2020,5(3):100-112   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭


过刊浏览    高级检索

本文已被:浏览 7314次   下载 7877 本文二维码信息
韩松明, 梁彬, 黄建军, 石文昌
(中国人民大学信息学院 北京 中国 100872)
关键词:  字节码匹配  切片  规范化  图嵌入  蜜罐
DC-Hunter: Detecting Dangerous Smart Contracts via Bytecode Matching
HAN Songming, LIANG Bin, HUANG Jianjun, SHI Wenchang
(School of Information, Renmin University of China, Beijing 100872, China)
In recent years, detecting vulnerabilities in smart contracts has become a critical task. However, the detection performance is subject to lack of source code and comprehensive detection signatures. In this paper we present a smart contract detection method based on bytecode matching, called DC-Hunter. It can effectively find vulnerable smart contracts by retrieving the analogues of known vulnerable contracts, and can be directly applied to the real-world smart contracts without requiring source code and predefined signatures. To make the proposed method more practicable, we utilize program slicing to mitigate the impact of irrelevant code, perform normalization to reduce the differences caused by compiler versions, and use graph embedding network to capture the structural information of functions, so that false positives and false negatives are significantly pruned. Besides, we expose a new type of dangerous contract with help of DC-Hunter. We find that there are some pseudo-vulnerable contracts specially designed for seducing people into attacking them to steal their ether, which are called honeypot contracts. We implement DC-Hunter and apply it to real-world smart contracts. 183 dangerous contracts are reported and confirmed, including 160 vulnerable ones and 23 honeypot contracts.
Key words:  bytecode matching  slicing  normalization  graph embedding  honeypot