CN110598420B - Cross-file intelligent contract reentry vulnerability defense method and device - Google Patents
Cross-file intelligent contract reentry vulnerability defense method and device Download PDFInfo
- Publication number
- CN110598420B CN110598420B CN201910876109.4A CN201910876109A CN110598420B CN 110598420 B CN110598420 B CN 110598420B CN 201910876109 A CN201910876109 A CN 201910876109A CN 110598420 B CN110598420 B CN 110598420B
- Authority
- CN
- China
- Prior art keywords
- sensitive
- function
- intelligent contract
- detected
- variable
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
The invention discloses a cross-file intelligent contract reentry vulnerability defense method, which comprises the following steps: when the intelligent contract to be detected enters a sensitive area determined by a preset method, locking sensitive variables of the sensitive area, wherein the sensitive area comprises the sensitive variables which can be read and written by functions in different code files; and when the intelligent contract to be detected leaves the sensitive area, unlocking the sensitive variable. According to the defense method, when the intelligent contract to be detected enters the sensitive area, the sensitive variable is locked, other intelligent contract files are prevented from tampering the sensitive variable, when the intelligent contract to be detected leaves the sensitive area, the sensitive variable is unlocked, other non-sensitive area services are executed, and defense for reentry vulnerabilities of the intelligent contract to be detected is achieved.
Description
Technical Field
The invention relates to the technical field of computer security, in particular to a cross-file intelligent contract reentrant vulnerability defense method and device.
Background
The intelligent contracts adopted by the block chains are script codes written by developers, the intelligent contracts have vulnerabilities due to the fact that the developers write the codes loosely, reentry vulnerabilities are common intelligent contract vulnerabilities, and the reentry vulnerabilities can cross a plurality of intelligent contracts in the block chains and are often utilized by attackers.
Taking the withdrawal process as an example, if a reentrant vulnerability exists in the intelligent contract, the execution logic of the code is to repeatedly call the function until the first call of the function is finished until the balance of the user becomes 0. Since the user's balance is not set to 0 until the function ends, the second and subsequent function calls will still be successful and will bring up the user's balance again and again.
Therefore, it is desirable to provide a method for defending a reentrant vulnerability in a smart contract across a file smart contract.
Disclosure of Invention
In view of the above, the present invention provides a method and an apparatus for defending a reentry vulnerability in a cross-file intelligent contract, which are used for defending a reentry vulnerability in an intelligent contract, and the specific scheme is as follows:
a cross-file intelligent contract reentry vulnerability defense method comprises the following steps:
when the intelligent contract to be detected enters a sensitive area determined by a preset method, locking sensitive variables of the sensitive area, wherein the sensitive area comprises the sensitive variables which can be read and written by functions in different code files;
and when the intelligent contract to be detected leaves the sensitive area, unlocking the sensitive variable.
The method described above, optionally, the sensitive region determined by using a preset method, includes:
acquiring a sensitive function in an intelligent contract to be detected;
when the sensitive function has a function calling sequence crossing a code file, identifying a sensitive variable in the sensitive function;
and determining the sensitive area according to the position of the sensitive variable in the intelligent contract to be detected.
The above method, optionally, further includes:
and marking the position of the sensitive function in the intelligent contract to be detected.
Optionally, the method for obtaining the sensitive function in the intelligent contract to be detected includes:
extracting and marking a function calling sequence in the intelligent contract to be detected according to the function and the variable in the intelligent contract to be detected;
and matching the function in the function calling sequence with a preset sensitive function rule base, and identifying the sensitive function in the function calling sequence.
The above method, optionally, further includes:
and setting a safety strategy for releasing the interlocking for the intelligent contract to be detected, and avoiding the intelligent contract to be detected from executing a dead loop in the sensitive area.
A cross-file intelligent contract reentrant vulnerability defense apparatus, comprising:
the locking module is used for locking the sensitive variables of the sensitive area when the intelligent contract to be detected enters the sensitive area determined by a preset method, wherein the sensitive area comprises the sensitive variables which can be read and written by functions in different code files;
and the unlocking module is used for unlocking the sensitive variable when the intelligent contract to be detected leaves the sensitive area.
The above apparatus, optionally, the locking module includes:
the acquisition unit is used for acquiring a sensitive function in the intelligent contract to be detected;
the identification unit is used for identifying a sensitive variable in the sensitive function when the sensitive function has a cross-code file function calling sequence;
and the determining unit is used for determining the sensitive area according to the position of the sensitive variable in the intelligent contract to be detected.
The above apparatus, optionally, further comprises:
and the marking unit is used for marking the position of the sensitive function in the intelligent contract to be detected.
The above apparatus, optionally, the obtaining unit includes:
the extraction marking subunit is used for extracting and marking the function calling sequence in the intelligent contract to be detected according to the function and the variable in the intelligent contract to be detected;
and the matching and identifying subunit is used for matching the function in the function calling sequence with a preset sensitive function rule base and identifying the sensitive function in the function calling sequence.
The above apparatus, optionally, further comprises:
and the strategy setting module is used for setting a safety strategy for releasing the interlocking for the intelligent contract to be detected and avoiding the intelligent contract to be detected from executing a dead cycle in the sensitive area.
Compared with the prior art, the invention has the following advantages:
the invention discloses a cross-file intelligent contract reentry vulnerability defense method, which comprises the following steps: when the intelligent contract to be detected enters a sensitive area determined by a preset method, locking sensitive variables of the sensitive area, wherein the sensitive area comprises the sensitive variables which can be read and written by functions in different code files; and when the intelligent contract to be detected leaves the sensitive area, unlocking the sensitive variable. According to the defense method, when the intelligent contract to be detected enters the sensitive area, the sensitive variable is locked, other intelligent contract files are prevented from tampering the sensitive variable, when the intelligent contract to be detected leaves the sensitive area, the sensitive variable is unlocked, other non-sensitive area services are executed, and defense for reentry vulnerabilities of the intelligent contract to be detected is achieved.
Of course, it is not necessary for any product in which the invention is practiced to achieve all of the above-described advantages at the same time.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a cross-file intelligent contract reentrant vulnerability defense method disclosed in an embodiment of the present application;
fig. 2 is a flowchart of another method for defending against reentry of a cross-file intelligent contract according to an embodiment of the present application;
fig. 3 is a block diagram of a cross-file intelligent contract reentrant vulnerability defense apparatus disclosed in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The invention discloses a cross-file intelligent contract reentry vulnerability defense method and device, which are used for detecting and defending reentry vulnerabilities existing in a block chain intelligent contract cross file and preventing the reentry vulnerabilities from being utilized by attackers, wherein the intelligent contracts adopted by a block chain are script codes written by developers, and the block chain can contain a plurality of intelligent contracts. For a single smart contract file, if the user attempts to invoke again before the end of the first invocation, the lock will prevent it from producing any effect. However, when there are multiple intelligent contracts that need to cooperate, the intelligent contract code as shown below is an insecure situation:
an attacker may call getLock () and then never call releaseLock (). If they do so, the smart contract will be locked forever and no further changes can be made. If mutual exclusion is used to prevent reentry, it is necessary to ensure that no method can assert and release the lock.
The execution flow of the defense method is shown in fig. 1, and comprises the following steps:
s101, locking sensitive variables of a sensitive area when the intelligent contract to be detected enters the sensitive area determined by a preset method, wherein the sensitive area comprises the sensitive variables which can be read and written by functions in different code files;
in the embodiment of the invention, the block chain can comprise a plurality of intelligent contracts, and each intelligent contract is respectively used as the intelligent contract to be detected to perform reentry vulnerability defense. When the intelligent contract to be detected enters the sensitive area determined by adopting a preset method, the sensitive variable in the sensitive area is obtained, the circulation waiting is set for locking the sensitive variable, other intelligent contracts in the block chain are forbidden to call the sensitive variable, and the sensitive variable is prevented from being tampered by other intelligent contract files in the block chain. The sensitive area is a part of the intelligent contract to be detected, which always contains sensitive variables, and the sensitive variables are variables that can be called by a plurality of intelligent contracts in a block chain.
A start identifier may be set for the sensitive region, where the start identifier may be a letter, a number, a combination of a letter and a number, or other preferable identifiers, and the form of the start identifier is not limited in the embodiment of the present invention. Whether the intelligent contract to be detected enters the sensitive area or not can be determined through the starting identifier, when the intelligent contract to be detected is executed to the starting identifier of the sensitive area, the intelligent contract to be detected can be determined to enter the sensitive area, otherwise, the intelligent contract to be detected is determined not to enter the sensitive area.
S102, when the intelligent contract to be detected leaves the sensitive area, unlocking the sensitive variable.
In this embodiment of the present invention, an end identifier may be set for the sensitive area, where the end identifier may be a letter, a number, a combination of a letter and a number, or another preferred identifier, and a form of the end identifier is not limited in this embodiment of the present invention. And judging whether the intelligent contract to be detected leaves the sensitive area or not, judging that the intelligent contract to be detected leaves the sensitive area when the intelligent contract to be detected is executed to the end mark of the sensitive area, informing the breaking of cycle waiting in a semaphore manner, and unlocking the sensitive variable so as to execute the business logic of other non-sensitive areas of the intelligent contract to be detected. Otherwise, the intelligent contract to be detected is judged not to leave the sensitive area.
The invention discloses a cross-file intelligent contract reentry vulnerability defense method, which comprises the following steps: when the intelligent contract to be detected enters a sensitive area determined by a preset method, locking sensitive variables of the sensitive area, wherein the sensitive area comprises the sensitive variables which can be read and written by functions in different code files; and when the intelligent contract to be detected leaves the sensitive area, unlocking the sensitive variable. According to the defense method, when the intelligent contract to be detected enters the sensitive area, the sensitive variable is locked, other intelligent contract files are prevented from tampering the sensitive variable, when the intelligent contract to be detected leaves the sensitive area, the sensitive variable is unlocked, other non-sensitive area services are executed, and defense for reentry vulnerabilities of the intelligent contract to be detected is achieved.
In the embodiment of the present invention, further, in the process of locking the sensitive variable, because the execution logic of the intelligent contract to be detected has a problem or the intelligent contract to be detected may execute a dead loop in the sensitive area due to negligence of a programmer in the locking process, in order to avoid occurrence of the dead loop, a security policy for releasing the interlock may be set for the intelligent contract to be detected. Such as: by taking the thought of deadlock prevention in an operating system as a reference, resources are allocated at one time in deadlock prevention, and when new resources of a certain process are not met, occupied resources are released, and the condition of incapability of deprivation is damaged; allowing processes to dynamically apply for resources uses a deadlock avoidance banker algorithm to pre-compute the security of the resource allocation prior to resource allocation.
In an embodiment of the present invention, a process of determining the sensitive area by using a preset method in the defense method is shown in fig. 2, and includes the steps of:
s201, acquiring a sensitive function in the intelligent contract to be detected;
in the embodiment of the invention, code detection is performed on the intelligent contract to be detected, a code file of the intelligent contract to be detected is read in a file flow mode, a function calling sequence of the code file in the intelligent contract to be detected is extracted and marked by adopting an abstract syntax tree according to a stated function and variable in a code syntax structure identification code, a function in the function calling sequence is matched with a preset sensitive function rule base, and a sensitive function in the function calling sequence is identified, wherein the matching process of the function in the function calling sequence and the sensitive function rule base can be that the function is completely matched with a corresponding function in the sensitive function rule base or the similarity meets a preset threshold value, the preset threshold value can be set according to experience or concrete conditions, in the embodiment of the invention, the concrete numerical value of the preset threshold value is not limited, the function rule base is obtained by analyzing according to big data.
S202, identifying a sensitive variable in the sensitive function when the sensitive function has a cross-code file function calling sequence;
in the embodiment of the invention, whether the sensitive function is a cross-code file function call sequence is judged, and the judgment process is as follows: and acquiring the number of function call sequences in the sensitive function cross-code file, identifying the sensitive variable of the sensitive function when the number is more than or equal to 2, and otherwise abandoning the identification of the sensitive variable in the sensitive function. The method for identifying the sensitive variable of the sensitive function comprises the following steps: and identifying variables of the sensitive area, which can be read and written by functions in different code files, and marking the variables as sensitive variables.
S203, determining the sensitive area according to the position of the sensitive variable in the intelligent contract to be detected.
In the embodiment of the invention, the positions of the sensitive variables in the intelligent contract to be detected are obtained, and in each position, code segments contained in the starting position and the ending position of the sensitive variables are used as sensitive areas.
In the embodiment of the invention, in order to facilitate a program developer to search the general sensitive function of the intelligent contract to be detected, a file position attribute can be added to the sensitive function according to whether the sensitive function is from a code file of the same intelligent contract.
Based on the method for defending the reentry vulnerability of the cross-file intelligent contract, the embodiment of the invention also provides a device for defending the reentry vulnerability of the cross-file intelligent contract, and the structural block diagram of the device for defending the reentry vulnerability of the cross-file intelligent contract is shown in fig. 3 and comprises the following steps:
a locking module 301 and an unlocking module 302.
Wherein the content of the first and second substances,
the locking module 301 is configured to lock a sensitive variable of the sensitive area when the intelligent contract to be detected enters the sensitive area determined by using a preset method, where the sensitive area includes sensitive variables that can be read and written by functions in different code files;
the unlocking module 302 is configured to unlock the sensitive variable when the intelligent contract to be detected leaves the sensitive area.
The defense method can identify the sensitive function reentry vulnerability under the condition of the cross-code file, mark a sensitive area and a sensitive variable, and prevent the sensitive variable from being modified in a locking mode when the intelligent contract code to be detected enters the sensitive area, so that the cross-function reentry vulnerability under the multi-code file is avoided, and the defense purpose of the reentry vulnerability under the condition of the defensive cross-code file is achieved.
The invention discloses a cross-file intelligent contract reentrant vulnerability defense device, which comprises: when the intelligent contract to be detected enters a sensitive area determined by a preset method, locking sensitive variables of the sensitive area, wherein the sensitive area comprises the sensitive variables which can be read and written by functions in different code files; and when the intelligent contract to be detected leaves the sensitive area, unlocking the sensitive variable. According to the defense device, when the intelligent contract to be detected enters the sensitive area, the sensitive variable is locked, other intelligent contract files are prevented from being tampered with the sensitive variable, when the intelligent contract to be detected leaves the sensitive area, the sensitive variable is unlocked, other non-sensitive area services are executed, and defense for reentry vulnerabilities of the intelligent contract to be detected is achieved.
In this embodiment of the present invention, the locking module 301 includes:
an acquisition unit 303, a recognition unit 304, and a determination unit 305.
Wherein the content of the first and second substances,
the acquiring unit 303 is configured to acquire a sensitive function in the intelligent contract to be detected;
the identifying unit 304 is configured to identify a sensitive variable in the sensitive function when the sensitive function has a function call sequence across code files;
the determining unit 305 is configured to determine the sensitive area according to the position of the sensitive variable in the smart contract to be detected.
In this embodiment of the present invention, the locking device 301 further includes: a marking unit 306.
Wherein the content of the first and second substances,
the marking unit 306 is configured to mark a position of the sensitive function in the intelligent contract to be detected.
In this embodiment of the present invention, the obtaining unit 303 includes:
an extraction tag subunit 307 and a match identification subunit 308.
Wherein the content of the first and second substances,
the extraction marking subunit 307 is configured to extract and mark a function call sequence in the intelligent contract to be detected according to the function and the variable in the intelligent contract to be detected;
the matching identification subunit 308 is configured to match a function in the function call sequence with a preset sensitive function rule base, and identify a sensitive function in the function call sequence.
In an embodiment of the present invention, the defense apparatus further includes: a policy setting module 309.
Wherein the content of the first and second substances,
the policy setting module 309 is configured to set a security policy for releasing the interlock for the to-be-detected intelligent contract, so as to prevent the to-be-detected intelligent contract from executing a dead loop in the sensitive area.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the device-like embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the units may be implemented in the same software and/or hardware or in a plurality of software and/or hardware when implementing the invention.
From the above description of the embodiments, it is clear to those skilled in the art that the present invention can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which may be stored in a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
The method and the device for defending the reentry vulnerability of the cross-file intelligent contract provided by the invention are described in detail, a specific example is applied in the method to explain the principle and the implementation mode of the invention, and the description of the embodiment is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (8)
1. A cross-file intelligent contract reentrant vulnerability defense method is characterized by comprising the following steps:
when an intelligent contract to be detected enters a sensitive area determined by a preset method, locking sensitive variables of the sensitive area, wherein the sensitive area comprises the sensitive variables which can be read and written by functions in different code files;
when the intelligent contract to be detected leaves the sensitive area, unlocking the sensitive variable;
the sensitive area determined by adopting a preset method comprises the following steps:
acquiring a sensitive function in an intelligent contract to be detected;
identifying a sensitive variable in the sensitive function when a cross-code file function call sequence exists in the sensitive function, wherein the identifying the sensitive variable in the sensitive function comprises: acquiring the number of function call sequences in the sensitive function across code files, identifying the sensitive variable of the sensitive function when the number is greater than or equal to a preset threshold value, otherwise giving up the identification of the sensitive variable in the sensitive function, wherein the variable which can be read and written by the functions in different code files in the sensitive area is identified and marked as the sensitive variable;
and determining the sensitive area according to the position of the sensitive variable in the intelligent contract to be detected.
2. The method of claim 1, further comprising:
and marking the position of the sensitive function in the intelligent contract to be detected.
3. The method of claim 1, wherein obtaining the sensitive function in the intelligent contract to be detected comprises:
extracting and marking a function calling sequence in the intelligent contract to be detected according to the function and the variable in the intelligent contract to be detected;
and matching the function in the function calling sequence with a preset sensitive function rule base, and identifying the sensitive function in the function calling sequence.
4. The method of claim 1, further comprising:
and setting a safety strategy for releasing the interlocking for the intelligent contract to be detected, and avoiding the intelligent contract to be detected from executing a dead loop in the sensitive area.
5. A cross-file intelligent contract reentrant vulnerability defense apparatus, comprising:
the locking module is used for locking the sensitive variables of the sensitive area when the intelligent contract to be detected enters the sensitive area determined by a preset method, wherein the sensitive area comprises the sensitive variables which can be read and written by functions in different code files;
the unlocking module is used for unlocking the sensitive variable when the intelligent contract to be detected leaves the sensitive area;
the locking module comprises:
the acquisition unit is used for acquiring a sensitive function in the intelligent contract to be detected;
an identifying unit, configured to identify a sensitive variable in the sensitive function when a cross-code file function call sequence exists in the sensitive function, where the identifying of the sensitive variable in the sensitive function includes: acquiring the number of function call sequences in the sensitive function across code files, identifying the sensitive variable of the sensitive function when the number is greater than or equal to a preset threshold value, otherwise giving up the identification of the sensitive variable in the sensitive function, wherein the variable which can be read and written by the functions in different code files in the sensitive area is identified and marked as the sensitive variable;
and the determining unit is used for determining the sensitive area according to the position of the sensitive variable in the intelligent contract to be detected.
6. The apparatus of claim 5, further comprising:
and the marking unit is used for marking the position of the sensitive function in the intelligent contract to be detected.
7. The apparatus of claim 5, wherein the obtaining unit comprises:
the extraction marking subunit is used for extracting and marking the function calling sequence in the intelligent contract to be detected according to the function and the variable in the intelligent contract to be detected;
and the matching and identifying subunit is used for matching the function in the function calling sequence with a preset sensitive function rule base and identifying the sensitive function in the function calling sequence.
8. The apparatus of claim 5, further comprising:
and the strategy setting module is used for setting a safety strategy for releasing the interlocking for the intelligent contract to be detected and avoiding the intelligent contract to be detected from executing a dead cycle in the sensitive area.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910876109.4A CN110598420B (en) | 2019-09-17 | 2019-09-17 | Cross-file intelligent contract reentry vulnerability defense method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910876109.4A CN110598420B (en) | 2019-09-17 | 2019-09-17 | Cross-file intelligent contract reentry vulnerability defense method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110598420A CN110598420A (en) | 2019-12-20 |
| CN110598420B true CN110598420B (en) | 2022-03-01 |
Family
ID=68860162
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910876109.4A Active CN110598420B (en) | 2019-09-17 | 2019-09-17 | Cross-file intelligent contract reentry vulnerability defense method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110598420B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109801166A (en) * | 2019-01-28 | 2019-05-24 | 浙江师范大学 | A kind of design method and system of the safe function of the intelligent contract based on status lock |
| CN109948345A (en) * | 2019-03-20 | 2019-06-28 | 杭州拜思科技有限公司 | A kind of method, the system of intelligence contract Hole Detection |
| CN110162474A (en) * | 2019-05-10 | 2019-08-23 | 北京理工大学 | A kind of intelligent contract reentry leak detection method based on abstract syntax tree |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10102265B1 (en) * | 2017-04-12 | 2018-10-16 | Vijay K. Madisetti | Method and system for tuning blockchain scalability for fast and low-cost payment and transaction processing |
| US10250394B1 (en) * | 2018-09-20 | 2019-04-02 | Accenture Global Solutions Limited | Cryptologic self-executing blockchain export commitment |
| CN109697606A (en) * | 2018-09-30 | 2019-04-30 | 贝克链区块链技术有限公司 | The distributed network and the ecosystem of common recognition agreement are proved based on innovative prestige |
| CN109800175B (en) * | 2019-02-20 | 2020-08-11 | 河海大学 | Ether house intelligent contract reentry vulnerability detection method based on code instrumentation |
-
2019
- 2019-09-17 CN CN201910876109.4A patent/CN110598420B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109801166A (en) * | 2019-01-28 | 2019-05-24 | 浙江师范大学 | A kind of design method and system of the safe function of the intelligent contract based on status lock |
| CN109948345A (en) * | 2019-03-20 | 2019-06-28 | 杭州拜思科技有限公司 | A kind of method, the system of intelligence contract Hole Detection |
| CN110162474A (en) * | 2019-05-10 | 2019-08-23 | 北京理工大学 | A kind of intelligent contract reentry leak detection method based on abstract syntax tree |
Non-Patent Citations (2)
| Title |
|---|
| "Reentrancy Woes in Smart Contracts";Emin;《https://hackingdistributed.com/2016/07/13/reentrancy-woes/》;20160713;全文 * |
| "区块链智能合约安全开发技术研究与实现";毕晓冰等;《信息安全与通信保密》;20190125;第63-73页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110598420A (en) | 2019-12-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zhang et al. | ViewDroid: Towards obfuscation-resilient mobile application repackaging detection | |
| CN109871691B (en) | Authority-based process management method, system, device and readable storage medium | |
| RU2543564C1 (en) | System of detection and prevention of intrusions based on control of access to resources | |
| US8561192B2 (en) | Method and apparatus for automatically protecting a computer against a harmful program | |
| CN107908958B (en) | SELinux security identifier anti-tampering detection method and system | |
| CN108763951B (en) | Data protection method and device | |
| CN102768717A (en) | Malicious file detection method and malicious file detection device | |
| CN107851159B (en) | Control configuration data storage | |
| CN109800571B (en) | Event processing method and device, storage medium and electronic device | |
| CN115292172B (en) | Method for improving intelligent contract detection coverage rate, electronic equipment and storage medium | |
| CN111338622B (en) | Supply chain code identification method, device, server and readable storage medium | |
| CN111524007A (en) | Embedded intrusion detection method and device for intelligent contract | |
| CN111028077B (en) | Intelligent contract protection method and system based on input filter | |
| CN110598420B (en) | Cross-file intelligent contract reentry vulnerability defense method and device | |
| Cohen et al. | Engineering algorithms for workflow satisfiability problem with user-independent constraints | |
| KR20140044974A (en) | Method of enhancing security based on permission detection for android applications, and computer-readable recording medium with android security program based on permission detection for the same | |
| Feichtner et al. | Obfuscation-resilient code recognition in Android apps | |
| CN104636661A (en) | Method and system for analyzing Android application program | |
| Dam et al. | Learning malware using generalized graph kernels | |
| CN109145575A (en) | A kind of distribution method and device using permission | |
| CN103593614A (en) | Unknown virus retrieval method | |
| CN115935328A (en) | Resource access control method, device, equipment and storage medium | |
| CN113590264A (en) | File tamper-proofing method and device under container environment | |
| CN107203718B (en) | Detection method and system for SQL command injection | |
| CN113127868A (en) | Script identification method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |