Disclosure of Invention
The invention aims to provide a method, a system, a device, a storage medium and electronic equipment for auditing an intelligent contract, which are used for solving the technical problem that the accuracy rate of auditing the intelligent contract is low by setting a specific algorithm to match byte codes of the intelligent contract according to a certain pattern in the related technology.
In order to achieve the above object, in a first aspect of the embodiments of the present disclosure, there is provided a method for auditing smart contracts, the method including:
acquiring byte codes of the intelligent contracts;
mapping the byte code based on a word2vec algorithm to obtain a target input matrix;
and inputting the target input matrix into a trained intelligent contract auditing model to obtain an auditing result used for representing the safety of the intelligent contract and having low safety.
Optionally, the intelligent contract auditing model is a Convolutional Neural Network (CNN) model, and the training sample of the CNN model comprises an input matrix obtained by mapping byte codes of the intelligent contract based on a word2vec algorithm and a sample data pair composed of probabilities with low security and used for representing the intelligent contract.
Optionally, the width of the convolution kernel of the CNN model is the same as the width of the target input matrix, and/or the size of the filter of the pooling layer of the CNN model is the same as the size of the feature map after the convolution of the target input matrix.
Optionally, the width of the target input matrix and the width of the convolution kernel both range from 50 to 100, the number of the convolution kernels ranges from 50 to 200, and the stride of the CNN model is 1.
Optionally, the method further comprises:
and storing the audit result to a block chain where the intelligent contract is located, and/or sending the audit result to a terminal so as to store the audit result in a cache of the terminal.
Optionally, the auditing result is used for determining whether the security of the intelligent contract meets the executing condition of the transaction event based on the auditing result before the transaction event in the corresponding intelligent contract is executed.
In a second aspect of the disclosed embodiments, there is provided a system for auditing smart contracts, comprising:
the intelligent contract auditing device is connected with the intelligent contract monitoring device;
the control console is used for generating an audit command and sending the audit command to the intelligent contract monitoring device;
the intelligent contract monitoring device is used for acquiring the byte codes of the intelligent contracts to be audited from the block chain system according to the audit command and sending the byte codes of the intelligent contracts to the intelligent contract auditing device;
the intelligent contract auditing device is used for executing a method for auditing intelligent contracts.
Optionally, the console is configured to generate an audit command for instructing to audit the smart contract when a terminal is detected to deploy a transaction event to the smart contract.
Optionally, the intelligent contract auditing device is further configured to send the auditing result to the intelligent contract monitoring device;
the intelligent contract monitoring device is further used for determining whether the security of the intelligent contract meets the execution condition of the transaction event on the intelligent contract or not based on the received auditing result;
and if the security of the intelligent contract does not meet the execution condition of the transaction event, rejecting the execution of the transaction event.
In a third aspect of the embodiments of the present disclosure, an apparatus for auditing a smart contract is provided, comprising:
an obtaining module configured to obtain a bytecode of the smart contract;
the mapping module is configured to map the byte codes to obtain a target input matrix based on a word2vec algorithm;
and the auditing module is configured to input the target input matrix into a trained intelligent contract auditing model to obtain an auditing result used for representing the intelligent contract and having low safety.
In a fourth aspect of the embodiments of the present disclosure, a computer-readable storage medium is provided, on which a computer program is stored, which when executed by a processor implements the steps of the method of any one of the above first aspects.
In a fifth aspect of the embodiments of the present disclosure, there is provided an electronic device, including:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of the method of any of the first aspects above.
Acquiring the byte code of the intelligent contract through the technical scheme; mapping the byte codes based on a word2vec algorithm to obtain a target input matrix; and inputting the target input matrix into a trained intelligent contract auditing model to obtain an auditing result used for representing the safety of the intelligent contract and having low safety. The intelligent contract auditing model is established based on a machine learning algorithm, the machine learning algorithm has better working efficiency in pattern recognition, and the trained intelligent contract auditing model is used for recognizing a target input matrix obtained by byte code mapping of an intelligent contract, so that the accuracy of intelligent contract auditing is improved.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows.
Detailed Description
The following detailed description of specific embodiments of the present disclosure is provided in connection with the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
FIG. 1 is a block diagram illustrating a system for auditing smart contracts, according to an exemplary embodiment, such as system 10 shown in FIG. 1, including:
the intelligent contract monitoring system comprises a control console 101, an intelligent contract monitoring device 102 connected with the control console 101, and an intelligent contract auditing device 103 connected with the intelligent contract monitoring device 102;
the control console 101 is configured to generate an audit command and send the audit command to the intelligent contract monitoring apparatus 102;
the intelligent contract monitoring device 102 is configured to obtain a bytecode of an intelligent contract to be audited from a block chain system according to the audit command, and send the bytecode of the intelligent contract to the intelligent contract auditing device 103;
the intelligent contract auditing apparatus 103 is configured to execute the method shown in fig. 2, and specifically includes:
and S11, acquiring the byte code of the intelligent contract.
In the present disclosure, the console 101, the intelligent contract monitoring apparatus 102, and the intelligent contract auditing apparatus 103 may be implemented in the form of hardware, or may be implemented in the form of software functional units. The software functional unit is stored in a storage medium and comprises a plurality of functional functions. Specifically, the software functional unit is stored in a computer readable storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute. And the aforementioned storage medium includes: Read-Only Memory (ROM), Random Access Memory (RAM), and other various media capable of storing program codes. For example, in one possible implementation, the console 101 is deployed in a local computer, and the smart contract monitoring apparatus 102 and the smart contract auditing apparatus 103 are deployed in a cloud server.
The intelligent contract is deployed in the blockchain system shown in fig. 1, after receiving an audit command sent by the console 101, the intelligent contract monitoring apparatus 102 obtains a bytecode of a specific intelligent contract to be audited from the blockchain system according to the audit command, for example, the audit command may include address information of the intelligent contract to be obtained, and further obtains the bytecode of the intelligent contract to be audited according to the address information. The intelligent contract monitoring apparatus 102 then sends the bytecode of the intelligent contract to the intelligent contract auditing apparatus 103.
Optionally, the console 101 is configured to generate an audit command indicating that the smart contract is audited when a terminal deploys a transaction event to the smart contract.
Specifically, since the security of the execution of the transaction event is affected by the security of the smart contract in which the transaction event is located, the transaction event deployed on the smart contract is automatically executed when a certain condition is met or a set time is reached, and in order to ensure the security of the execution of the transaction event, when the control console 101 detects that the terminal deploys the transaction event to the smart contract, the audit command is generated, so that the smart contract audit device 103 audits the smart contract in which the transaction event is located, and the system 10 itself or the user can determine whether the transaction event is executed according to the audit result, thereby ensuring the security of the execution of the transaction event to a certain extent.
Of course, in other possible embodiments, the console 101 may also receive an audit command triggered by the user and used for instructing to audit the smart contract, and then the user may determine whether to audit the smart contract according to actual needs.
In one possible embodiment, to simultaneously audit multiple intelligent contracts, multiple intelligent contract auditing apparatuses 103 may be deployed, and a reverse-broker apparatus may be deployed to distribute bytecodes of different intelligent contracts to particular intelligent contract auditing apparatuses 103 to increase auditing efficiency.
And S12, mapping the bytecode to obtain a target input matrix based on the word2vec algorithm.
Because the sizes of different byte codes are different, after the intelligent contract auditing device 103 obtains the byte codes of the intelligent contract, the byte codes are converted into the target input matrix through the word2vec algorithm, so that on one hand, the size of the target input matrix can be unified, subsequent calculation is facilitated, and on the other hand, the byte codes can be simplified through the word2vec algorithm to remove redundant information, and subsequent calculation amount is reduced. It should be noted that the word2vec algorithm belongs to the prior art, and this disclosure does not specifically describe it.
And S13, inputting the target input matrix into the trained intelligent contract auditing model to obtain an auditing result used for representing the intelligent contract with low safety.
Specifically, in a possible implementation manner, the intelligent contract auditing model is a Convolutional Neural Network (CNN) (convolutional Neural networks) model, a training sample of the CNN model includes an input matrix obtained by mapping a byte code of an intelligent contract based on a word2vec algorithm, and a sample data pair composed of probabilities of low security and used for representing the intelligent contract, an intelligent contract corresponding to an input matrix in the sample data pair may be an existing intelligent contract with known security, or may be written by itself as needed, and a probability of a corresponding input matrix may be obtained by manually evaluating. The CNN model has higher accuracy in pattern recognition, and the accuracy of the obtained audit result can be improved by auditing the intelligent contract through the trained CNN model.
In addition, it should be noted that, for the method for auditing the smart contracts shown in fig. 2, the application objects thereof are not limited to the smart contract auditing device 103 shown in fig. 1, and the application objects of the method are not particularly limited by the present disclosure.
Optionally, the intelligent contract auditing means 103 is further configured to send the auditing result to the intelligent contract monitoring means 102;
the intelligent contract monitoring apparatus 102 is further configured to determine whether the security of the intelligent contract meets the execution condition of the transaction event on the intelligent contract based on the received auditing result;
and if the security of the intelligent contract does not meet the execution condition of the transaction event, rejecting the execution of the transaction event.
For example, if the probability of the audit result representing the security of the intelligent contract corresponding to the intelligent contract where the transaction event is executed needs to be greater than or equal to 70%, and if the probability of the audit result of the intelligent contract where the transaction event is received by the intelligent contract monitoring device 102 is 60%, that is, the security of the intelligent contract does not satisfy the execution condition of the transaction event, the execution of the transaction event is rejected, and further, the transaction event is not executed even when the predetermined time for executing the transaction event is reached. If the probability of the auditing result of the intelligent contract where the transaction event is received by the intelligent contract monitoring device 102 is 80%, that is, the security of the intelligent contract meets the execution condition of the transaction event, when the scheduled time for executing the transaction event is reached, the execution of the transaction event is allowed. Therefore, the system 10 can refuse the execution of the transaction event with lower security according to the audit result, and the security of the transaction event is guaranteed.
In other words, in the present disclosure, the audit result is used to determine whether the security of the smart contract satisfies the execution condition of the transaction event before the transaction event in the corresponding smart contract is executed.
Acquiring the byte code of the intelligent contract through the technical scheme; mapping the byte codes based on a word2vec algorithm to obtain a target input matrix; and inputting the target input matrix into a trained intelligent contract auditing model to obtain an auditing result used for representing the safety of the intelligent contract and having low safety. The intelligent contract auditing model is established based on a machine learning algorithm, the machine learning algorithm has better working efficiency in pattern recognition, and the trained intelligent contract auditing model is used for recognizing a target input matrix obtained by byte code mapping of an intelligent contract, so that the accuracy of intelligent contract auditing is improved.
Optionally, in this disclosure, a width of a convolution kernel of the CNN model is the same as that of the target input matrix, and/or a size of a filter of a pooling layer of the CNN model is the same as that of a feature map after the target input matrix is convolved.
Specifically, considering that a row of the intelligent and contracted bytecode contains a complete piece of information and cannot be divided, the width of a convolution kernel of the CNN model is set to be the same as that of the target input matrix, and the width of a feature map obtained by convolution is 1, which is used for characterizing the feature of the row of the bytecode. In order to further simplify information contained in the byte code, the size of a filter of a pooling layer of the CNN model is set to be the same as that of a feature map obtained by convolving the target input matrix, and further, after any feature map obtained by the convolution is pooled by the filter, the size of the obtained feature map is 1 x 1, so that the contained information amount is reduced, and the calculation speed is increased.
For example, the size of the target input matrix is n × k1 × 1, where n is the height of the target input matrix, and the size may be in opcode units, that is, when mapping is performed by word2vec algorithm, 32 bytes are used as one unit, and then 1 unit height of the target input matrix corresponds to 32 bytes of the bytecode, k1 represents the width of the target input matrix, and 1 in the size of the target input matrix represents that the target input matrix is a single channel. The size of the convolution kernel is h x k2 x w, where h is the convolution kernel height, k2 is the convolution kernel width, and k2= k1, w represents the number of convolution kernels. The size of the feature map obtained after convolution is c × 1 × w, that is, the height of the feature map after convolution is c, the width is 1, and the number is w, wherein,
and stride is the stride of the CNN model. The size of the filter in the pooling layer is c × 1 × w, i.e., the height of the filter is c, the width is 1, and the number is w, and the size of each obtained feature map after pooling the filter is 1 × 1. When the filter is pooled, the maximum value of the action objects can be selected as the pooled feature map. After pooling, the pooled feature maps can be classified and output by softmax through the full connection layer of the CNN model.
Optionally, the width of the target input matrix and the width of the convolution kernel both range from 50 to 100, the number of the convolution kernels ranges from 50 to 200, and the stride of the CNN model is 1.
Following the above example, in one possible implementation, k1= k2=100, w =200, stride =1, and h =2, it should be noted that the values of the convolution kernel height h may be different for different convolution kernels, for example, there are 3 convolution kernels, the height h =1 for the first convolution kernel, the height h =2 for the second convolution kernel, and the height h =5 for the third convolution kernel, so as to obtain a feature map containing different information. During the training of the full connection layer of the CNN model, a Dropout algorithm may be used to avoid overfitting, and a ReLu (Rectified Linear Unit) is used as an activation function of the CNN model.
Optionally, in this disclosure, the method for auditing the smart contract may further include:
and storing the audit result to a block chain where the intelligent contract is located, and/or sending the audit result to a terminal so as to store the audit result in a cache of the terminal.
Specifically, after the step S13 is executed, the obtained audit result is stored, for example, in the block chain and the terminal cache simultaneously, and when the user needs to query the audit result, the user may first search in the terminal cache, and if the audit result is not searched, the user may search in the block chain again. Of course, the audit result can also be output through the terminal according to the user instruction, for example, displayed through a display screen of the terminal.
In another aspect of the disclosed embodiment, there is also provided an apparatus for auditing smart contracts, as shown in fig. 3, where the apparatus 200 includes:
an obtaining module 210 configured to obtain a bytecode of the smart contract;
a mapping module 220 configured to map the bytecode to obtain a target input matrix based on a word2vec algorithm;
and the auditing module 230 is configured to input the target input matrix into the trained intelligent contract auditing model to obtain an auditing result used for representing the intelligent contract and having low safety.
Acquiring the byte code of the intelligent contract through the technical scheme; mapping the byte codes based on a word2vec algorithm to obtain a target input matrix; and inputting the target input matrix into a trained intelligent contract auditing model to obtain an auditing result used for representing the safety of the intelligent contract and having low safety. The intelligent contract auditing model is established based on a machine learning algorithm, the machine learning algorithm has better working efficiency in pattern recognition, and the trained intelligent contract auditing model is used for recognizing a target input matrix obtained by byte code mapping of an intelligent contract, so that the accuracy of intelligent contract auditing is improved.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
FIG. 4 is a block diagram illustrating an electronic device in accordance with an example embodiment. For example, the electronic device 1900 may be provided as a server. Referring to fig. 4, an electronic device 1900 includes a processor 1922, which may be one or more in number, and a memory 1932 for storing computer programs executable by the processor 1922. The computer program stored in memory 1932 may include one or more modules that each correspond to a set of instructions. Further, processor 1922 may be configured to execute the computer program to perform the method for auditing smart contracts described above.
Additionally, the electronic device 1900 may also include a power component 1926 and a communication component 1950, the power component 1926 may be configured to perform power management for the electronic device 1900, and the communication component 1950 may be configured to enable communication for the electronic device 1900, e.g., wired or wireless communication. In addition, the electronic device 1900 may also include input/output (I/O) interfaces 1958. The electronic device 1900 may operate based on an operating system, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, etc., stored in memory 1932.
In another exemplary embodiment, a computer readable storage medium comprising program instructions which, when executed by a processor, implement the steps of the above-described method of auditing smart contracts is also provided. For example, the computer-readable storage medium may be the memory 1932 described above that includes program instructions executable by the processor 1922 of the electronic device 1900 for performing the method for auditing smart contracts described above.
In another exemplary embodiment, a computer program product is also provided, which comprises a computer program executable by a programmable apparatus, the computer program having code portions for performing the method for auditing intelligent contracts described above when executed by the programmable apparatus.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that, in the foregoing embodiments, various features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various combinations that are possible in the present disclosure are not described again.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure as long as it does not depart from the gist of the present disclosure.