Overview of Vulnerability Detection Methods for Ethereum Solidity Smart Contracts

• Published in: Ji suan ji ke xue Vol. 49; no. 3; pp. 52 - 61
• Main Authors: Zhang, Ying-li, Ma, Jia-li, Liu, Zi-ang, Liu, Xin, Zhou, Rui
• Format: Journal Article
• Language: Chinese
• Published: Chongqing Guojia Kexue Jishu Bu 01.03.2022; Editorial office of Computer Science
• Subjects: Contracts; Cryptography; Inspection; Machine learning; Security; smart contracts|blockchain|security vulnerability|vulnerability detection tools|machine learning
• ISSN: 1002-137X
• DOI: 10.11896/jsjkx.210700004

Based on blockchain technology, Ethereum Solidity smart contract as a computer protocol is designed to spread, verify, or execute contracts in an informative way, and it provides a foundation for various distributed application services.Although implemented for less than six years, its security problems have frequently broken out and caused substantial financial losses, which attracts more attention in the security inspection research.This paper firstly introduces some specific mechanisms and operating principles of smart contracts based on Ethereum related techniques, and analyzes some smart contract vulnerabilities occurring frequently and deriving from the characteristics of smart contracts.Then, this paper explains the traditional mainstream smart contract vulnerability detecting tools in terms of symbolic execution, fuzzing, formal verification, and taint analysis.In addition, in order to cope with the endless new vulnerabilities and the need to improve the efficiency of detection, vulnerabilities detect