Smart Contract Symbol Execution Vulnerability Detection Method Based on CFG Path Pruning

Smart Contract Symbol Execution Vulnerability Detection Method Based on CFG Path Pruning

연구 분야: Infrastructure

학회: BSCI '23: Proceedings of the 5th ACM International Symposium on Blockchain and Secure Critical Infrastructure

In recent years, with the continuous promotion of blockchain technology, the application of smart contracts has shown an explosive growth trend, and smart contract vulnerabilities seriously threaten the ecological security of blockchain. Aiming at the inefficiency of existing smart contract Symbolic Execution vulnerability detection technology, this paper proposes an effective smart contract vulnerability detection method at the source code level. Firstly, we define the critical path. As attackers typically aim to steal or freeze funds, we define the path related to fund transfer as the critical path, and its related instructions are the critical instructions. Then, we constructed a smart contract control flowchart based on Ethereum bytecode and used a constraint solver to solve path constraints and corresponding vulnerability constraints. Detect common smart contract vulnerabilities such as reentrancy, access control, arithmetic vulnerabilities, unchecked low calls, and denial of service. The experimental results show that the proposed scheme has good detection performance, and vulnerability detection was performed on 55 smart contracts containing vulnerabilities in the dataset. Compared with the pre optimized scheme, the precision rate of this scheme has been improved by 7.52%, and the total execution time has been reduced by 34.92%.