CN109684838A - A kind of static code auditing system and method for ether mill intelligence contract - Google Patents
A kind of static code auditing system and method for ether mill intelligence contract Download PDFInfo
- Publication number
- CN109684838A CN109684838A CN201811404851.7A CN201811404851A CN109684838A CN 109684838 A CN109684838 A CN 109684838A CN 201811404851 A CN201811404851 A CN 201811404851A CN 109684838 A CN109684838 A CN 109684838A
- Authority
- CN
- China
- Prior art keywords
- word
- file
- solidity
- code
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Machine Translation (AREA)
- Devices For Executing Special Programs (AREA)
Abstract
The invention discloses a kind of on the ether mill platform of block chain for the static code auditing system and method for intelligent contract, belongs to field of information security technology.The present invention be able to detect the intelligent contract write on the platform of ether mill using Solidity language present on security threat, navigate to specific location, illustrate and endanger and provide corresponding solution.The method of the present invention: first, user is by project directory to be detected or the path input system of single file, system carries out pretreatment operation to input content, and entire project is copied in odd-job catalogue and deletes the notes content in Solidity file therein;Secondly, system will be by way of each Solidity file be parsed into syntax tree by the operation such as morphological analysis and syntactic analysis;Then, syntax tree structure is carried out static nature matching with the logic matching characteristic pre-established by system, obtains matching result;Finally, the result after matching is classified and summarized by system, report file, as testing result are generated.
Description
Technical field
The invention belongs to field of information security technology, and in particular to a kind of that intelligence is directed on the ether mill platform of block chain
The static code auditing system and method for contract.
Background technique
It is that data block is combined by one kind in such a way that sequence is connected sequentially in time for block chain technology narrow sense
A kind of linked data structure, and the distributed account book that can not be distorted He can not forge guaranteed in a manner of cryptography.Broad sense is come
It says, block chain technology is to verify to know together algorithm next life with storing data, using distributed node using block linked data structure
At guarantee with more new data, in the way of cryptography data transmission and access safety, using by automatized script code-group
At intelligent contract program the completely new distributed basis framework and calculation of one kind with operation data.
Ether mill is the public block platform chain for having intelligent contract function of an open source.By its dedicated encrypted currency with
Too coin provides the virtual machine of decentralization to handle point-to-point contract.
Intelligent contract is the computer transactions agreement for executing agreement terms.It is substantially exactly one section of generation that can be executed
Code, when user is accessed on the address, intelligent contract will automatic running.Intelligent contract is disclosed, the institute on block chain
There is user it can be seen that the intelligent contract based on block chain.
Intelligent contract application on existing much ether mill platforms based on block chain at present, such as social economy's platform
Backfeed, decentralization prediction markets Augur and smart grid TransActive Grid etc., however opened what is much applied
During hair, designer only focuses on its functionality and does not consider its safety problem, causes using there are security risks, and due to
The content of intelligent contract be it is disclosed, anyone can analyze its source code to finding loophole.
Summary of the invention
The purpose of the present invention is overcoming the defect of the above-mentioned prior art, a kind of needle on the ether mill platform of block chain is provided
To the static code auditing system and method for intelligent contract.
Technical problem proposed by the invention solves in this way:
A kind of static code auditing system being directed to intelligent contract on the ether mill platform of block chain, including pretreatment mould
Block, syntax tree generation module, static nature matching module and report generation module;
Preprocessing module: for detecting the legitimacy of user's input, project is integrally copied to odd-job catalogue, is deleted
Comment section in Solidity file;
Syntax tree generation module: for carrying out morphological analysis and syntactic analysis, generative grammar tree to pretreated file;
Static nature matching module: it for syntax tree to match with the logic matching rule pre-established, checks whether
Hit records corresponding code information if hitting matching;
Report generation module: for classifying and summarizing the code information of successful match, report destination file is generated.
A kind of static code auditing method being directed to intelligent contract on the ether mill platform of block chain, including following step
It is rapid:
The pretreatment of step 1. system:
System carries out legitimacy detection to the input of user, then integrally copies to project in odd-job catalogue, and
Comment section in Solidity file therein is deleted;
Step 2. syntax tree generates:
For each Solidity code file, its reference document of first processing copies to the partial content of reference
In current file, morphological analysis is then carried out, each legal vocabulary is extracted, then vocabulary is reprocessed
Operation, is packaged into corresponding structure type for variable therein and constant, finally carries out syntactic analysis, pass through pushdown automata etc.
Code expression is converted to the form of syntax tree by technology;
The matching of step 3. static nature:
System will carry out characteristic matching to the corresponding syntax tree of each code file, pass through each of traversal syntax tree
Branch matches with the logic rules pre-established, if successful match, can navigate in specific expression formula;
Step 4. examining report generates:
System classifies the result that matching obtains first, in accordance with file, according still further to the type of threat in each file
Classify again to result, specific code position, harm and settling mode are provided for the threat of each discovery;Finally, system is converged
Total all results and the report for generating an entirety.
The beneficial effects of the present invention are:
The present invention propose it is a kind of on the ether mill platform of block chain for the static code auditing system of intelligent contract with
Method realizes using technologies such as pushdown automatas and is directed to what Solidity language was write on the ether mill platform of block chain
The static code auditing system of intelligent contract can be found out and analyze security threat present on intelligent contract.The present invention has
Following features: pushdown automata technology is used, the conversion from code file to syntax tree is realized, with clearly logical level knot
Structure indicates abstract code content.Using static nature matching technique, it can increase, modify or delete the logic formulated at any time
Rule keeps system more flexible expansible.Safety problem existing for intelligent contract is able to detect that by matching, reduces application
Security risk.
Detailed description of the invention
Fig. 1 is system structure diagram of the invention.
Specific embodiment
The present invention is further detailed with reference to the accompanying drawings and examples.
The present embodiment provides a kind of on the ether mill platform of block chain for intelligent contract static code auditing system,
Its structural schematic diagram is as shown in Figure 1, include preprocessing module, syntax tree generation module, static nature matching module and report life
At module;
Preprocessing module: for detecting the legitimacy of user's input, project is integrally copied to odd-job catalogue, is deleted
Comment section in Solidity file;
Syntax tree generation module: for carrying out morphological analysis and syntactic analysis, generative grammar tree to pretreated file;
Static nature matching module: it for syntax tree to match with the logic matching rule pre-established, checks whether
Hit records corresponding code information if hitting matching;
Report generation module: for classifying and summarizing the code information of successful match, report destination file is generated.
A kind of static code auditing method being directed to intelligent contract on the ether mill platform of block chain, including following step
It is rapid:
The pretreatment of step 1. system: system carries out legitimacy detection to the input of user, then integrally copies to project
In odd-job catalogue, and the comment section in Solidity file therein is deleted, specifically includes the following steps:
Step 1-1. user inputs the path P ATH of intelligent contract project directory or single code file to be audited, and is
Whether system detection detection PATH first is legal, if the non-rule warning prompt of PATH, enters step 1-2 if PATH is legal;
Step 1-2. system navigates to the position PATH, and entire catalogue or file are all copied to odd-job catalogue
In WORK;
Step 1-3. traverses working directory WORK, the Solidity code file using sol as suffix name is found, in file
Comment section all delete;
Step 2. syntax tree generates: being directed to each Solidity code file, its reference document of first processing will be quoted
Partial content copy in current file, then carry out morphological analysis, each legal vocabulary extracted, then
Reprocessing operation is carried out to vocabulary, variable therein and constant are packaged into corresponding structure type, finally carry out syntactic analysis,
By way of code expression is converted to syntax tree by the technologies such as pushdown automata;Specifically includes the following steps:
The listed files List to be resolved of step 2-1. system maintenance oneaWith a List of resolution file listb, initially
All Solidity code files are all put into ListaIn, ListbIt empties;
Step 2-2. checks ListaIn whether have file, behaviour of step 2-3 is successively drawn off and carried out to it if having
Make, otherwise enters step 2-8;
For step 2-3. for any Solidity code file, whether system first checks for Solidity code file
In resolution file list, if entering step 2-2 if, 2-4 is otherwise entered step;
Step 2-4. checks that file whether there is " import " keyword, then determines that Solidity code file has if it exists
Reference document, system are positioned to obtain the path of reference document by the path after " import " keyword, adduction relationship are remembered
Record is got off, and then enters step 2-3 operation for reference document;2-5 is then entered step if there is no reference document;
Step 2-5. system utilizes finite automata technology, carries out morphological analysis to code content:
For a character Ci, subscript i is position of the character in code content, if it is " (", ") ", " { ", " } "
Equal boundaries' restrictive word, then individually extract it;
If character CiIt is double quotation marks or single quotation marks, then successively judges the character after it, untilIt also is corresponding
Double quotation marks or single quotation marks, k1For positive integer, then willIt is extracted as a character string constant word;
If character CiIt is underscore " _ " or letter, then successively judges the character after it, untilIt constitutes
Word is unsatisfactory for the variable naming rule of Solidity, then willIt is extracted as an identifier word, k2For
Positive integer;
If character CiIt is number, then successively judges the character after it, untilIt cannot be expressed as number again, so
Afterwards willIt is extracted as a number words, k3For positive integer;
If character CiIt is operations, the assignment such as "+", "-", " * " or compares symbol, then successively judges the character after it,
UntilA legal operation, assignment cannot be reconstructed or compare symbol, then willAs a symbol list
Word extracts, k4For positive integer;
System saves the word extracted in the form of title name, and system is in the judgment process simultaneously also by inspection
Survey newline and determine the line number where each word, ultimately generate word structure word, it by word title namewAnd row
Number nwBinary group (namew, nw) indicate;
Step 2-6. system carries out reprocessing operation to the binary group structure word that morphological analysis generates:
For a binary group wordt, subscript t indicates t-th of binary group, preferred to judge its word title namewWhether be
The fundamental type of Solidity language if it is continues the word structure after judgement, makes name thereinwThe arrangement energy of value
The variable declarations structure for enough meeting solidity, until wordt-wordt+jA legal variable declarations can not be reconstructed, j is
Positive integer, then by wordt-wordt+j-1One is packaged by fundamental type typev, limitation keyword restrictionv, become
Measure title namevWith line number nvThe four-tuple variable var of composition, expression formula are (typev, restrictionv, namev, nv),
Simultaneously by original word structure wordtVar is replaced with, and is deleted from wordt+1To wordt+j-1Word structure;If
wordtIn title namewFor character string or digital constant, then it is directly encapsulated as to one by type typec(character string or
Number), content contentcWith line number ncThe triple structure constant of composition, expression formula are (typec, contentc,
nc), then by former wordtReplace with constant;For other namewValue then remains unchanged;
Step 2-7. system carries out syntactic analysis to word, var and constant structure of generation:
The outermost layer structure of Solidity language is mainly contract (contract), library (library) and interface
(interface), system is referred to as mainBlock;System finds " contract ", " library " and " interface " first
Then keyword creates corresponding type structure:
For a binary group wordtIf its title namewFor contract, library or interface, then create
MainBlock structure is built, its type type is successively then determined according to subsequent word, var and constant structuremb, title
namembWith inheritance basemb, until there is a wordkk, kk is positive integer, title name thereinwFor boundary symbol " ";
Then content therein is continued to parse, is in this stage main structure for boundary with boundary's symbol " { " and " } "
State Variables (variable expression), Functions (function), Function Modifiers (function adjuster),
Events (event), Struct Types (structure type) and Enum Types (enumeration type);
System use pushdown automata technology, according to Solidity language formulate reduction rule by variable, constant and
Operation, assignment compare sign convention into variable expression;
For type function, system successively detects its title name for according to the function definition rule of Solidityf, ginseng
Number paramf, restrictive word restrictionfWith return value returnf, then again with boundary's symbol " { " and " } " for boundary, to therein
Expression formula content is parsed, and the same variable expression of resolving finally obtains expression formula set expListf, and added
Into function structure;If the content after function declaration be not boundary symbol " " but branch ";", then the function is abstract function, letter
Number parsing terminates;After function parses, the function structure of generation is added in mainBlock;
For function adjuster, system successively detects its title for according to the function adjuster definition rule of Solidity
namemWith parameter paramm, then again with boundary's symbol " { " and " } " for boundary, expression formula content therein is parsed, it is parsed
The same variable expression of journey finally obtains expression formula set expListm, then it is added in function controller structure;Function
After adjuster parses, the function controller structure of generation is added in mainBlock;
For event type, system will successively detect its title name according to the event definition rule of SolidityeAnd ginseng
Number parame, and the event structure of generation is added in mainBlock;
For structure type, system will will successively detect its title name according to the structure definition rule of SoliditysWith
Variable value thereins, and the structure of generation is added in mainBlock;
For enumeration structure, system will will successively detect its title name according to the enumeration definition rule of Solidityenum
The object value wherein enumeratedenum, and the enumeration structure of generation is added in mainBlock;
It is operated by above-mentioned parsing, system will generate one or several syntax trees, and the code file has parsed at this time
It completes, puts it into the List of resolution file listbIn, while in non-resolution file list ListaIt is middle that Solidity code is literary
Part is deleted, return step 2-2;
Step 2-8. all code files have all resolved to the form of syntax tree, and system will enter static nature
With the stage;
The matching of step 3. static nature:
System will carry out characteristic matching to the corresponding syntax tree of each code file, pass through each of traversal syntax tree
Branch matches with the logic rules pre-established, if successful match, can navigate in specific expression formula;
Step 4. examining report generates:
System classifies the result that matching obtains first, in accordance with file, according still further to the type of threat in each file
Classify again to result, specific code position, harm and settling mode are provided for the threat of each discovery;Finally, system is converged
Total all results and the report for generating an entirety.
Claims (4)
1. a kind of static code auditing system for being directed to intelligent contract on the ether mill platform of block chain, which is characterized in that packet
Include preprocessing module, syntax tree generation module, static nature matching module and report generation module;
Preprocessing module: for detecting the legitimacy of user's input, project is integrally copied to odd-job catalogue, is deleted
Comment section in Solidity file;
Syntax tree generation module: for carrying out morphological analysis and syntactic analysis, generative grammar tree to pretreated file;
Static nature matching module: for syntax tree to match with the logic matching rule pre-established, checking whether hit,
Corresponding code information is recorded if hitting matching;
Report generation module: for classifying and summarizing the code information of successful match, report destination file is generated.
2. a kind of static code auditing method for being directed to intelligent contract on the ether mill platform of block chain, which is characterized in that packet
Include following steps:
The pretreatment of step 1. system:
System carries out legitimacy detection to the input of user, then integrally copies to project in odd-job catalogue, and by its
In Solidity file in comment section delete;
Step 2. syntax tree generates:
For each Solidity code file, its reference document of first processing copies to the partial content of reference currently
In file, morphological analysis is then carried out, each legal vocabulary is extracted, reprocessing behaviour then is carried out to vocabulary
Make, variable therein and constant are packaged into corresponding structure type, finally carry out syntactic analysis, passes through the skills such as pushdown automata
Code expression is converted to the form of syntax tree by art;
The matching of step 3. static nature:
System will carry out characteristic matching to the corresponding syntax tree of each code file, pass through each point of traversal syntax tree
Branch, matches with the logic rules pre-established, if successful match, can navigate in specific expression formula;
Step 4. examining report generates:
System classifies the result that matching obtains first, in accordance with file, and the type in each file according still further to threat is to knot
Fruit is classified again, provides specific code position, harm and settling mode for the threat of each discovery;Finally, system summarizes institute
Some results and the report for generating an entirety.
3. the static code auditing party according to claim 2 for being directed to intelligent contract on the ether mill platform of block chain
Method, which is characterized in that the detailed process of step 1 are as follows:
Step 1-1. user inputs the path P ATH of intelligent contract project directory or single code file to be audited, system inspection
Whether legal detection PATH first is surveyed, if the non-rule warning prompt of PATH, enters step 1-2 if PATH is legal;
Step 1-2. system navigates to the position PATH, and entire catalogue or file are all copied to odd-job catalogue WORK
In;
Step 1-3. traverses working directory WORK, the Solidity code file using sol as suffix name is found, the note in file
Part is released all to delete.
4. the static code auditing party according to claim 3 for being directed to intelligent contract on the ether mill platform of block chain
Method, which is characterized in that the detailed process of step 2 are as follows:
The listed files List to be resolved of step 2-1. system maintenance oneaWith a List of resolution file listb, initially by institute
Some Solidity code files are all put into ListaIn, ListbIt empties;
Step 2-2. checks ListaIn whether have file, operation of step 2-3 is successively drawn off and carried out to it if having, it is no
Then enter step 2-8;
For step 2-3. for any Solidity code file, system first checks for whether Solidity code file is parsing
In listed files, if entering step 2-2 if, 2-4 is otherwise entered step;
Step 2-4. checks that file whether there is " import " keyword, then determines that Solidity code file has reference if it exists
File, system are positioned to obtain the path of reference document by the path after " import " keyword, adduction relationship are recorded
Come, then enters step 2-3 operation for reference document;2-5 is then entered step if there is no reference document;
Step 2-5. system utilizes finite automata technology, carries out morphological analysis to code content:
For a character Ci, subscript i is position of the character in code content, if it is " (", ") ", " { ", " } " boundary system
Word then individually extracts it;
If character CiIt is double quotation marks or single quotation marks, then successively judges the character after it, untilAlso draw for corresponding pair
Number or single quotation marks, k1For positive integer, then willIt is extracted as a character string constant word;
If character CiIt is underscore " _ " or letter, then successively judges the character after it, untilThe word of composition
It is unsatisfactory for the variable naming rule of Solidity, then willIt is extracted as an identifier word, k2It is positive whole
Number;
If character CiIt is number, then successively judges the character after it, untilIt cannot be expressed as number again, then willIt is extracted as a number words, k3For positive integer;
If character CiIt is operations, the assignment such as "+", "-", " * " or compares symbol, then successively judges the character after it, untilA legal operation, assignment cannot be reconstructed or compare symbol, then willIt is mentioned as a symbol word
It takes out, k4For positive integer;
System saves the word extracted in the form of title name, and system is changed simultaneously also by detection in the judgment process
Row symbol to determine the line number where each word, ultimately generate word structure word, it by word title namewWith line number nw
Binary group (namew, nw) indicate;
Step 2-6. system carries out reprocessing operation to the binary group structure word that morphological analysis generates:
For a binary group wordt, subscript t indicates t-th of binary group, preferred to judge its word title namewWhether be
The fundamental type of Solidity language if it is continues the word structure after judgement, makes name thereinwThe arrangement energy of value
The variable declarations structure for enough meeting solidity, until wordt-wordt+jA legal variable declarations can not be reconstructed, j is
Positive integer, then by wordt-wordt+j-1One is packaged by fundamental type typev, limitation keyword restrictionv, become
Measure title namevWith line number nvThe four-tuple variable var of composition, expression formula are (typev, restrictionv, namev, nv),
Simultaneously by original word structure wordtVar is replaced with, and is deleted from wordt+1To wordt+j-1Word structure;If
wordtIn title namewFor character string or digital constant, then it is directly encapsulated as to one by type typec, content
contentcWith line number ncThe triple structure constant of composition, expression formula are (typec, contentc, nc), it then will be former
wordtReplace with constant;For other namewValue then remains unchanged;
Step 2-7. system carries out syntactic analysis to word, var and constant structure of generation:
System finds " contract ", " library " and " interface " keyword first, then creates corresponding type knot
Structure:
For a binary group wordtIf its title namewFor contract, library or interface, then create
Then mainBlock structure successively determines its type type according to subsequent word, var and constant structuremb, title
namembWith inheritance basemb, until there is a wordkk, kk is positive integer, title name thereinwFor boundary symbol " ";
Then content therein is continued to parse for boundary with boundary's symbol " { " and " } ", is State in this stage main structure
Variables, Functions, Function Modifiers, Events, Struct Types and Enum Types;
System use pushdown automata technology, according to Solidity language formulate reduction rule by variable, constant and operation,
Assignment compares sign convention into variable expression;
For type function, system successively detects its title name for according to the function definition rule of Solidityf, parameter
paramf, restrictive word restrictionfWith return value returnf, then again with boundary's symbol " { " and " } " for boundary, to table therein
It is parsed up to formula content, the same variable expression of resolving finally obtains expression formula set expListf, and be added to
In function structure;If the content after function declaration be not boundary symbol " " but branch ";", then the function is abstract function, function
Parsing terminates;After function parses, the function structure of generation is added in mainBlock;
For function adjuster, system successively detects its title name for according to the function adjuster definition rule of Soliditym
With parameter paramm, then again with boundary's symbol " { " and " } " for boundary, expression formula content therein is parsed, resolving is same
Variable expression finally obtains expression formula set expListm, then it is added in function controller structure;Function is adjusted
After device parses, the function controller structure of generation is added in mainBlock;
For event type, system will successively detect its title name according to the event definition rule of SolidityeAnd parameter
parame, and the event structure of generation is added in mainBlock;
For structure type, system will will successively detect its title name according to the structure definition rule of SoliditysWith it is therein
Variable values, and the structure of generation is added in mainBlock;
For enumeration structure, system will will successively detect its title name according to the enumeration definition rule of SolidityenumWherein
The object value enumeratedenum, and the enumeration structure of generation is added in mainBlock;
It being operated by above-mentioned parsing, system will generate one or several syntax trees, and the code file has been parsed at this time,
Put it into the List of resolution file listbIn, while in non-resolution file list ListaIt is middle to delete Solidity code file
It removes, return step 2-2;
Step 2-8. all code files have all resolved to the form of syntax tree, and system will enter static nature and match rank
Section.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811404851.7A CN109684838B (en) | 2018-11-23 | 2018-11-23 | Static code auditing system and method for Ether house intelligent contract |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811404851.7A CN109684838B (en) | 2018-11-23 | 2018-11-23 | Static code auditing system and method for Ether house intelligent contract |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109684838A true CN109684838A (en) | 2019-04-26 |
| CN109684838B CN109684838B (en) | 2020-03-27 |
Family
ID=66185579
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811404851.7A Active CN109684838B (en) | 2018-11-23 | 2018-11-23 | Static code auditing system and method for Ether house intelligent contract |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109684838B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110309660A (en) * | 2019-07-09 | 2019-10-08 | 佛山市伏宸区块链科技有限公司 | A kind of the automation auditing system and method for intelligence contract code |
| CN110688151A (en) * | 2019-09-24 | 2020-01-14 | 暨南大学 | Safety translation and analysis method for Ether house identity intelligent contract |
| CN110727948A (en) * | 2019-10-11 | 2020-01-24 | 腾讯科技(深圳)有限公司 | Intelligent contract auditing method and device, computer equipment and storage medium |
| CN111125697A (en) * | 2019-11-14 | 2020-05-08 | 北京理工大学 | Intelligent contract defect triggerability detection method and system based on defect abstract |
| CN111666216A (en) * | 2020-06-05 | 2020-09-15 | 中国银行股份有限公司 | Intelligent contract analysis method and device |
| CN112256271A (en) * | 2020-10-19 | 2021-01-22 | 中国科学院信息工程研究所 | Block chain intelligent contract security detection system based on static analysis |
| CN113190234A (en) * | 2021-05-21 | 2021-07-30 | 电子科技大学 | Method and system for automatically recovering intelligent contract function signature of block chain |
| CN113190330A (en) * | 2021-05-26 | 2021-07-30 | 电子科技大学 | Block chain threat sensing system and method |
| CN117688564A (en) * | 2024-02-01 | 2024-03-12 | 山东大学 | Detection method, device and storage medium for intelligent contract event log |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101266550A (en) * | 2007-12-21 | 2008-09-17 | 北京大学 | Malicious code detection method |
| CN101976319A (en) * | 2010-11-22 | 2011-02-16 | 张平 | BIOS firmware Rootkit detection method based on behaviour characteristic |
| CN102799524A (en) * | 2012-07-03 | 2012-11-28 | 天津大学 | Defect detection method of browser extension |
| CN105303109A (en) * | 2015-09-22 | 2016-02-03 | 电子科技大学 | Malicious code information analysis method and system |
| CN107643984A (en) * | 2017-10-18 | 2018-01-30 | 百度在线网络技术(北京)有限公司 | Method and apparatus for output information |
| CN108595185A (en) * | 2018-04-11 | 2018-09-28 | 暨南大学 | A method of ether mill intelligence contract is converted into super account book intelligence contract |
-
2018
- 2018-11-23 CN CN201811404851.7A patent/CN109684838B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101266550A (en) * | 2007-12-21 | 2008-09-17 | 北京大学 | Malicious code detection method |
| CN101976319A (en) * | 2010-11-22 | 2011-02-16 | 张平 | BIOS firmware Rootkit detection method based on behaviour characteristic |
| CN102799524A (en) * | 2012-07-03 | 2012-11-28 | 天津大学 | Defect detection method of browser extension |
| CN105303109A (en) * | 2015-09-22 | 2016-02-03 | 电子科技大学 | Malicious code information analysis method and system |
| CN107643984A (en) * | 2017-10-18 | 2018-01-30 | 百度在线网络技术(北京)有限公司 | Method and apparatus for output information |
| CN108595185A (en) * | 2018-04-11 | 2018-09-28 | 暨南大学 | A method of ether mill intelligence contract is converted into super account book intelligence contract |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110309660A (en) * | 2019-07-09 | 2019-10-08 | 佛山市伏宸区块链科技有限公司 | A kind of the automation auditing system and method for intelligence contract code |
| CN110688151A (en) * | 2019-09-24 | 2020-01-14 | 暨南大学 | Safety translation and analysis method for Ether house identity intelligent contract |
| CN110688151B (en) * | 2019-09-24 | 2022-03-29 | 暨南大学 | Safety translation and analysis method for Ether house identity intelligent contract |
| CN110727948B (en) * | 2019-10-11 | 2021-10-29 | 腾讯科技(深圳)有限公司 | Intelligent contract auditing method and device, computer equipment and storage medium |
| CN110727948A (en) * | 2019-10-11 | 2020-01-24 | 腾讯科技(深圳)有限公司 | Intelligent contract auditing method and device, computer equipment and storage medium |
| CN111125697B (en) * | 2019-11-14 | 2022-03-04 | 北京理工大学 | Intelligent contract defect triggerability detection method and system based on defect abstract |
| CN111125697A (en) * | 2019-11-14 | 2020-05-08 | 北京理工大学 | Intelligent contract defect triggerability detection method and system based on defect abstract |
| CN111666216A (en) * | 2020-06-05 | 2020-09-15 | 中国银行股份有限公司 | Intelligent contract analysis method and device |
| CN111666216B (en) * | 2020-06-05 | 2024-01-23 | 中国银行股份有限公司 | Intelligent contract analysis method and device |
| CN112256271A (en) * | 2020-10-19 | 2021-01-22 | 中国科学院信息工程研究所 | Block chain intelligent contract security detection system based on static analysis |
| CN113190234A (en) * | 2021-05-21 | 2021-07-30 | 电子科技大学 | Method and system for automatically recovering intelligent contract function signature of block chain |
| CN113190330A (en) * | 2021-05-26 | 2021-07-30 | 电子科技大学 | Block chain threat sensing system and method |
| CN113190330B (en) * | 2021-05-26 | 2022-06-24 | 电子科技大学 | Block chain threat sensing system and method |
| CN117688564A (en) * | 2024-02-01 | 2024-03-12 | 山东大学 | Detection method, device and storage medium for intelligent contract event log |
| CN117688564B (en) * | 2024-02-01 | 2024-05-03 | 山东大学 | Detection method, device and storage medium for intelligent contract event log |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109684838B (en) | 2020-03-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109684838A (en) | A kind of static code auditing system and method for ether mill intelligence contract | |
| CN108446540B (en) | Program code plagiarism type detection method and system based on source code multi-label graph neural network | |
| CN109445834B (en) | Program code similarity rapid comparison method based on abstract syntax tree | |
| US20220091827A1 (en) | Pruning Engine | |
| CN107885999B (en) | Vulnerability detection method and system based on deep learning | |
| Bravo et al. | Extending dependencies with conditions | |
| CN111459799B (en) | Software defect detection model establishing and detecting method and system based on Github | |
| US8949166B2 (en) | Creating and processing a data rule for data quality | |
| CN106503496A (en) | Replaced and the Python shell script anti-reversal methods for merging based on operation code | |
| CN108345457A (en) | A method of to program source code automatic generation function descriptive notes | |
| CN111522708B (en) | Log recording method, computer equipment and storage medium | |
| Zeng et al. | EtherGIS: a vulnerability detection framework for Ethereum smart contracts based on graph learning features | |
| Meng et al. | [Retracted] A Deep Learning Approach for a Source Code Detection Model Using Self‐Attention | |
| CN112131120B (en) | Source code defect detection method and device | |
| CN115396147A (en) | APT (active Power Table) detection method fusing cloud network end log and threat knowledge | |
| CN115269427A (en) | Intermediate language representation method and system for WEB injection vulnerability | |
| US9600644B2 (en) | Method, a computer program and apparatus for analyzing symbols in a computer | |
| Sala et al. | DebtHunter: A machine learning-based approach for detecting self-admitted technical debt | |
| Wen et al. | A cross-project defect prediction model based on deep learning with self-attention | |
| US20230153459A1 (en) | Deidentifying code for cross-organization remediation knowledge | |
| CN114428743A (en) | Software replication rate measuring method | |
| Le et al. | Using natural language tool to assist vprg automated extraction from textual vulnerability description | |
| Hao et al. | Towards Improving Multiple Authorship Attribution of Source Code | |
| Wang et al. | A diversified feature extraction approach for program similarity analysis | |
| Tian et al. | MFF-SC: A multi-feature fusion method for smart contract classification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |