CN114510723B - Intelligent contract authority management vulnerability detection method and device - Google Patents
Intelligent contract authority management vulnerability detection method and device Download PDFInfo
- Publication number
- CN114510723B CN114510723B CN202210150834.5A CN202210150834A CN114510723B CN 114510723 B CN114510723 B CN 114510723B CN 202210150834 A CN202210150834 A CN 202210150834A CN 114510723 B CN114510723 B CN 114510723B
- Authority
- CN
- China
- Prior art keywords
- instruction
- intelligent contract
- constructor
- operation code
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 34
- 238000000034 method Methods 0.000 claims abstract description 17
- 230000006870 function Effects 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 10
- 238000010276 construction Methods 0.000 claims description 7
- 238000012216 screening Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000003607 modifier Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
- G06F11/3624—Software debugging by performing operations on the source code, e.g. via a compiler
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Quality & Reliability (AREA)
- Devices For Executing Special Programs (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses an intelligent contract authority management vulnerability detection method and device, and belongs to the technical field of blockchain security. The method comprises two stages, wherein the first stage is to compile an intelligent contract solidity source code into an operation code instruction sequence, find an instruction for indicating the end of a constructor in the operation code instruction sequence, find an instruction related to the initialization of a key authority variable "owner" in the instruction before the instruction for indicating the end of the constructor, and determine the storage position of the "owner" during the initialization; the second stage is to traverse paths of all values stored in the 'owner' storage position possibly modified outside the constructor through a symbol execution method, and to perform constraint solving to obtain the intelligent contract authority management vulnerability. The invention can detect whether the value of the special authority variable 'owner' defined in the intelligent contract can be modified or not, and increase specific constraint conditions to improve the detection accuracy.
Description
Technical Field
The invention relates to the technical field of blockchain security, in particular to a detection method and device for blockchain intelligent contract authority management loopholes.
Background
Solidity is a Turing-complete programming language for writing smart contracts, which also means that any complex logic DApp can be built. In writing smart contracts, the developer of the contract typically sets an "wner" value that has some privileges, such as transfer, function call, etc. If an attacker is able to modify the value to its own address, the attacker will use these privileges to attack the contract and gain benefits.
Currently, a representative tool for performing vulnerability detection using a symbolic execution method is Oyente, manticore, mythril. Oyente can detect four common vulnerabilities, but the vulnerabilities are not detected; mythril can detect that tx.origin is used as a vulnerability for authentication, but no detection is made as to whether the "owner" value can be modified; manticore, as well as the same. In addition, some tools check the modifier of the function, but only compare the function caller to "wner" and whether "wner" is modified is unknown.
Disclosure of Invention
In order to overcome the defects in the prior art, the invention provides an intelligent contract authority management vulnerability detection method and device based on symbol execution, which are used for judging whether an authority management vulnerability exists or not by detecting whether the value of a special authority variable 'wner' defined in an intelligent contract can be modified or not and increasing 'onlyOwner' judgment to improve detection accuracy.
The technical scheme provided by the invention is as follows:
a method for detecting intelligent contract authority management loopholes based on symbolic execution is characterized by comprising two stages, wherein the first stage is to compile intelligent contract solidity source codes into an operation code instruction sequence, find an instruction which indicates the end of a constructor in the operation code instruction sequence, find an instruction related to the initialization of a key authority variable "owner" in the instruction before the end of the constructor, and determine the storage position of the "owner" during the initialization; the second stage is to traverse paths of all values stored in the 'owner' storage position possibly modified outside the constructor through a symbol execution method, and to perform constraint solving to obtain the intelligent contract authority management vulnerability.
The first stage determines the storage location of "wner" and performs the following steps:
Step 1, determining a constructor demarcation point according to an operation code instruction sequence of the intelligent contract, namely determining an instruction in the constructor and an instruction outside the constructor;
and 2, screening the variable initialized by the instruction in the construction function, determining an ' own ' variable, and determining a storage position when the ' own variable is initialized.
Traversing paths of all values stored in the storage position possibly modified by an external instruction of the constructor through a symbol execution method, and carrying out constraint solving to obtain an intelligent contract authority management vulnerability, wherein the traversing solving stage comprises the following steps:
step 3, judging a write operation instruction of an instruction outside the constructor, and judging whether the storage position of the write operation is the position according to the storage position of the 'owner' variable;
step 4, judging whether the transaction of the writing operation can be called for any address;
And 5, carrying out constraint solving on paths meeting the conditions, and reporting the loopholes if the paths are solved.
The invention provides an intelligent contract authority management vulnerability detection device based on symbol execution, which comprises: the system comprises a source code processing subsystem, a symbol execution virtual machine subsystem and a vulnerability detection and constraint solving subsystem; wherein:
the source code processing subsystem comprises an intelligent contract code compiling module and an intelligent contract byte code file analyzing module, and converts input intelligent contract data into an operation code instruction sequence which is uniformly described.
The symbolic execution virtual machine subsystem comprises a byte code execution module and a context information management module. The byte code executing module executes the operation code instruction sequence obtained through processing; the context information management module stores information generated in the symbol execution process, including stack data, memory data, storage data and the like, and is used for analysis and processing by the vulnerability detection module after the symbol execution is finished.
The vulnerability detection and constraint solving subsystem comprises a vulnerability detection module and a constraint solving module. The vulnerability detection module analyzes branch data stored in the virtual machine context after the symbol execution is completed, and judges the vulnerability or establishes a constraint expression through an instruction execution path, a symbol table and a path constraint set stored in the branch; and the constraint solving module utilizes an SMT method to solve the constraint condition expression.
The beneficial effects of the invention are as follows:
The invention provides an intelligent contract authority management vulnerability detection method based on symbol execution, which is characterized in that an intelligent contract solidity source code is compiled into an operation code sequence, an operation code with a constructor characteristic is found in the byte code sequence, an instruction sequence is divided into an constructor inner instruction and an constructor outer instruction by taking the operation code as a boundary point, a key authority variable 'owner' is found according to a CALLER operation code in the constructor inner instruction, and a storage position of the key authority variable 'owner' is determined according to a SSTORE instruction. And traversing all paths which are possibly modifying the value stored in the storage position outside the constructor by a symbol execution method, and carrying out constraint solving so as to effectively judge whether an operation capable of modifying the variable value exists.
Drawings
FIG. 1 is a block flow diagram of the detection method of the present invention.
Fig. 2 is a block diagram of a device structure provided by an embodiment of the detection device of the present invention.
Detailed Description
The invention is further described by way of examples in the following with reference to the accompanying drawings, but in no way limit the scope of the invention.
The invention provides an intelligent contract authority management vulnerability detection method based on symbol execution, which is characterized in that an intelligent contract solidity source code is compiled into an operation code sequence, an operation code with a constructor characteristic is found in the byte code sequence, an instruction sequence is divided into an constructor inner instruction and an constructor outer instruction by taking the operation code as a boundary point, a key authority variable 'owner' is found according to a CALLER operation code in the constructor inner instruction, and a storage position of the key authority variable 'owner' is determined according to a SSTORE instruction. And traversing all paths which are possibly modifying the value stored in the storage position outside the constructor by a symbol execution method, and carrying out constraint solving so as to effectively judge whether an operation capable of modifying the variable value exists.
FIG. 1 is a block flow diagram of the detection method of the present invention. The implementation of the invention comprises two stages, and the following specific embodiments can be adopted:
stage one, determining the storage position of a key authority variable 'owner';
Step two, traversing and solving all paths possibly changing the value of the variable "owner";
Wherein stage one includes the following steps:
and step 1, determining the boundary points of the construction functions of the intelligent contracts, namely the inner instructions and the outer instructions of the construction functions of the intelligent contracts according to the instruction sequence of the operation codes of the intelligent contracts.
Further, the detailed process is as follows:
When the smart contract is written, the key rights variable "wner" is initialized within the constructor. At the byte code level, the constructor will end up at CODECOPY, and first locate to the position where CODECOPY is located, taking this as the demarcation point. According to the instruction sequence of the operation code compiled by the contract, the serial number of the position of the CODECOPY operation code is found, the instruction smaller than the serial number is the instruction in the constructor, and the instruction larger than the serial number is the instruction outside the constructor.
And 2, determining the storage position of the owner. And (3) screening the initialized variables in the construction function according to the range of the construction function determined in the step (1), determining which is the 'owner' variable, and determining the storage position of the 'owner' variable.
Further, the detailed process is as follows:
Within the constructor, the "owner" variable is typically assigned a msg.sender, i.e., the creator of the contract, pushed by the CALLER opcode onto the EVM stack, with the assignment operation being performed by the SSTORE opcode. And (2) searching the CALLER operation code smaller than the sequence number of the demarcation point in the instruction set according to the demarcation point obtained in the step (1), and placing the msg.sender value in a stack by the CALLER to track the data in the stack. The SSTORE operation retrieves keys and values from the stack by looking for SSTORE opcodes in the instruction set that have a sequence number less than the demarcation point sequence number. If value is msg.sender, then the key is the storage location of "wner" in storage. This storage location is recorded for use in subsequent steps.
The second stage comprises the following steps:
And 3, judging the write operation outside the constructor, and judging whether the storage position of the write operation is the position according to the storage positions determined in the step 1 and the step 2. Traversing SSTORE the opcode outside the find constructor, SSTORE the opcode fetches the key from the EVM stack and determines if the key is consistent with the "owner" storage location found in step 2. If so, the path is recorded.
And step 4, judging whether the transaction of the writing operation can be called for any address. And (3) adding constraint conditions to the path obtained in the step (3), namely whether the caller of the current transaction can be any address.
And 5, carrying out constraint solving on paths meeting the conditions, and reporting the loopholes if the paths are solved. Solving according to the current constraint condition, if the solution exists, the fact that any caller can modify the value of 'owner', namely, the vulnerability exists is indicated.
Through the two-stage operation, intelligent contract authority management vulnerability detection based on symbolic execution is realized.
By using the intelligent contract authority management vulnerability detection method based on symbol execution, the invention realizes a corresponding intelligent contract authority management vulnerability detection device based on symbol execution, and fig. 2 is a device structure block diagram provided by an embodiment of the identification device of the invention; the intelligent contract authority management vulnerability detection device comprises the following subsystems:
a subsystem, a source code processing subsystem;
a subsystem II, a symbol execution virtual machine subsystem;
third, a vulnerability detection and constraint solving subsystem;
the subsystem comprises the following modules:
The intelligent contract code compiling module is used for converting input intelligent contract source code data into an operation code instruction sequence which is uniformly described;
the second module and the intelligent contract byte code file analysis module are used for converting the input intelligent contract byte code data into an operation code instruction sequence which is uniformly described;
The subsystem II comprises the following modules:
the third module is a byte code executing module, and the symbol executes the operation code instruction sequence obtained through processing;
A fourth module, a context information management module, which stores information generated in the symbol execution process, including stack data, memory data, storage data, etc., for analysis processing by the vulnerability detection module after symbol execution is finished;
the subsystem three comprises the following modules:
The fifth module is a vulnerability detection module, which analyzes the branch data stored in the virtual machine context after the symbol execution is completed, and judges the vulnerability or establishes a constraint expression through the instruction execution path, the symbol table and the path constraint set stored in the branch;
And a sixth module, a constraint solving module, which is used for solving the constraint condition expression by using the SMT method.
It should be noted that the purpose of the disclosed embodiments is to aid further understanding of the present invention, but those skilled in the art will appreciate that: various alternatives and modifications are possible without departing from the spirit and scope of the invention and the appended claims. Therefore, the invention should not be limited to the disclosed embodiments, but rather the scope of the invention is defined by the appended claims.
Claims (2)
1. A detection method of intelligent contract authority management loopholes is characterized by comprising two stages, wherein the first stage is to compile intelligent contract solidity source codes into an operation code instruction sequence, find an instruction which indicates the end of a constructor in the operation code instruction sequence, find an instruction related to the initialization of a key authority variable "owner" in the instruction before the end of the constructor, and determine the storage position of the "owner" during the initialization; the second stage is to traverse paths of all values stored in the 'owner' storage position possibly modified outside the constructor through a symbol execution method, and perform constraint solving to obtain an intelligent contract authority management vulnerability, wherein:
the first stage comprises the following specific steps:
Step 1, determining a constructor demarcation point according to an operation code instruction sequence of the intelligent contract, namely determining an instruction in the constructor and an instruction outside the constructor; specifically, the position of CODECOPY is taken as a demarcation point, the sequence number of the position of CODECOPY operation code is found according to the operation code instruction sequence compiled by the contract, the instruction smaller than the sequence number is an instruction in the constructor, and the instruction larger than the sequence number is an instruction outside the constructor;
Step 2, screening a variable initialized by an instruction in a construction function, determining an ' own ' variable, and determining a storage position when the variable is initialized, specifically, assigning the ' own ' variable as msg.sender in the instruction in the construction function, wherein the msg.sender is pushed into an EVM stack by a CALLER operation code, assigning operation is completed by SSTORE operation codes, the CALLER operation code searches for the CALLER operation code smaller than a demarcation point sequence number in an instruction set, the CALLER operation code can put the value of the msg.sender in the stack, tracks the data in the stack, searches for the SSTORE operation code with the sequence number smaller than the demarcation point sequence number in the instruction set, and SSTORE operation can acquire key and value from the stack, and if the value is msg.sender, the key is the storage position of the ' own in the storage position;
the second stage comprises the following specific steps:
step 3, judging a write operation instruction of an instruction outside the constructor, and judging whether the storage position of the write operation is the position according to the storage position of the 'owner' variable;
step 4, judging whether the transaction of the writing operation can be called for any address;
And 5, carrying out constraint solving on paths meeting the conditions, and reporting the loopholes if the paths are solved.
2. An intelligent contract authority management vulnerability detection apparatus for executing the intelligent contract authority management vulnerability detection method as set forth in claim 1, and comprising a source code processing subsystem, a symbol execution virtual machine subsystem, a vulnerability detection and constraint solving subsystem; wherein:
The source code processing subsystem comprises an intelligent contract code compiling module and an intelligent contract byte code file analyzing module, and converts input contract data into an intelligent contract operation code instruction sequence which is uniformly described;
The symbolic execution virtual machine subsystem comprises a byte code execution module and a context information management module, wherein the byte code execution module executes an operation code instruction sequence obtained through processing; the context information management module stores information generated in the symbol execution process, wherein the information comprises stack data, memory data and storage data;
The vulnerability detection and constraint solving subsystem comprises a vulnerability detection module and a constraint solving module, wherein the vulnerability detection module analyzes branch data stored in the virtual machine context after symbol execution is completed, and vulnerability judgment is carried out or a constraint expression is established through an instruction execution path, a symbol table and a path constraint set stored in the branch; and the constraint solving module utilizes an SMT method to solve the constraint condition expression.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210150834.5A CN114510723B (en) | 2022-02-18 | 2022-02-18 | Intelligent contract authority management vulnerability detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210150834.5A CN114510723B (en) | 2022-02-18 | 2022-02-18 | Intelligent contract authority management vulnerability detection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114510723A CN114510723A (en) | 2022-05-17 |
| CN114510723B true CN114510723B (en) | 2024-04-16 |
Family
ID=81551712
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210150834.5A Active CN114510723B (en) | 2022-02-18 | 2022-02-18 | Intelligent contract authority management vulnerability detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114510723B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115022026A (en) * | 2022-05-31 | 2022-09-06 | 电子科技大学 | Block chain intelligent contract threat detection device and method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20200051262A (en) * | 2018-11-05 | 2020-05-13 | 충남대학교산학협력단 | Smart contract excution apparatus and vulnerability detection method |
| CN112990941A (en) * | 2021-03-10 | 2021-06-18 | 武汉大学 | Vulnerability detection method and system for Pompe frauds in intelligent contracts |
| CN113051574A (en) * | 2021-03-11 | 2021-06-29 | 哈尔滨工程大学 | Vulnerability detection method for intelligent contract binary code |
| CN113672515A (en) * | 2021-08-26 | 2021-11-19 | 北京航空航天大学 | WASM intelligent contract vulnerability detection method based on symbolic execution |
| CN113886836A (en) * | 2021-10-19 | 2022-01-04 | 中山大学 | Intelligent contract vulnerability detection method and related equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9824214B2 (en) * | 2014-08-15 | 2017-11-21 | Securisea, Inc. | High performance software vulnerabilities detection system and methods |
| WO2019180701A1 (en) * | 2018-03-18 | 2019-09-26 | Valid Network Ltd | A method and system for detecting and preventing issues in smart contracts based on historical behavior analysis |
-
2022
- 2022-02-18 CN CN202210150834.5A patent/CN114510723B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20200051262A (en) * | 2018-11-05 | 2020-05-13 | 충남대학교산학협력단 | Smart contract excution apparatus and vulnerability detection method |
| CN112990941A (en) * | 2021-03-10 | 2021-06-18 | 武汉大学 | Vulnerability detection method and system for Pompe frauds in intelligent contracts |
| CN113051574A (en) * | 2021-03-11 | 2021-06-29 | 哈尔滨工程大学 | Vulnerability detection method for intelligent contract binary code |
| CN113672515A (en) * | 2021-08-26 | 2021-11-19 | 北京航空航天大学 | WASM intelligent contract vulnerability detection method based on symbolic execution |
| CN113886836A (en) * | 2021-10-19 | 2022-01-04 | 中山大学 | Intelligent contract vulnerability detection method and related equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114510723A (en) | 2022-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107832619B (en) | Automatic application program vulnerability mining system and method under Android platform | |
| CN111125716B (en) | Method and device for detecting Ethernet intelligent contract vulnerability | |
| CN111695119B (en) | Web vulnerability detection method based on fine-grained static stain analysis and symbol execution | |
| CN101661543B (en) | Method and device for detecting security flaws of software source codes | |
| CN110443045B (en) | Fuzzy test case generation method based on machine learning method | |
| CN101853200B (en) | High-efficiency dynamic software vulnerability exploiting method | |
| CN110909358A (en) | Shaping vulnerability detection method based on dynamic and static analysis | |
| CN113271237B (en) | Industrial control protocol analysis method and device, storage medium and processor | |
| WO2012025865A1 (en) | Mining source code for violations of programming rules | |
| CN113497809B (en) | MIPS framework vulnerability mining method based on control flow and data flow analysis | |
| CN112651028B (en) | Vulnerability code clone detection method based on context semantics and patch verification | |
| CN114996126B (en) | Vulnerability detection method and system for EOSIO intelligent contracts | |
| CN110929267A (en) | Code vulnerability detection method, device, equipment and storage medium | |
| CN114510723B (en) | Intelligent contract authority management vulnerability detection method and device | |
| CN114238948A (en) | Application program detection method and device, electronic equipment and storage medium | |
| CN111897711A (en) | Method and device for positioning bug in code, electronic equipment and readable storage medium | |
| CN116366377A (en) | Malicious file detection method, device, equipment and storage medium | |
| CN106845235B (en) | A kind of Android platform call back function detection method based on machine learning method | |
| CN115795489B (en) | Software vulnerability static analysis method and device based on hardware-level process tracking | |
| CN110609703B (en) | Performance detection tool implementation method and device, readable storage medium and terminal equipment | |
| RU168346U1 (en) | VULNERABILITY IDENTIFICATION DEVICE | |
| CN112784290B (en) | Data export tool security analysis method and system and data export method | |
| US20240095360A1 (en) | Risc-v and o-cfi mechanism-based defense method and apparatus for code reuse attacks | |
| CN113836023B (en) | Compiler security testing method based on architecture cross check | |
| CN113553593B (en) | Semantic analysis-based method and system for mining loopholes of firmware kernel of Internet of things |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |