Advanced Security Auditing Methods for Solidity-Based Smart Contracts

【Author】 Xiao, Meihua; Xu, Yangping; Li, Zehuan; Wan, Hongbin

【Source】ELECTRONICS

【影响因子】2.690

【Abstract】The development of smart contracts remains in its early stages, with significant differences in underlying programming languages and application platforms resulting in a lack of standardization. This lack of standardization increases the susceptibility to vulnerabilities and associated financial losses. To address security vulnerabilities in smart contracts on the Ethereum blockchain platform, this paper proposes a security audit method based on formal verification. The method integrates an input module, static analysis module, formal verification module, analog execution module, and report and recommendation module, which can accurately discover the security vulnerabilities and logical flaws of smart contracts through formal verification and other analysis techniques, thus realizing correctness detection. During the experiment, the method detects 8 types of common vulnerabilities in 148 smart contracts and marks 21 smart contracts with vulnerabilities. After manual review and analysis, it is found that 17 of these 21 marked smart contracts do have security vulnerabilities. The experimental results show that the proposed method can accurately detect security vulnerabilities and logic flaws in smart contracts through formal verification and other analysis techniques before smart contracts are deployed, thus significantly improving the security of smart contracts and reducing the economic losses that may be caused by code defects.

【Keywords】smart contracts; blockchain; formal methods; model checking; Ethereum

【发表时间】2024 OCT

【收录时间】2024-11-04

【文献类型】实验仿真

【主题类别】

区块链治理-技术治理-智能合约漏洞检测