CN110807195A

CN110807195A - Intelligent contract issuing method, issuing platform device and issuing system

Info

Publication number: CN110807195A
Application number: CN201910921071.8A
Authority: CN
Inventors: 郁昱; 张宇尧; 李开涞
Original assignee: Turing Artificial Intelligence Research Institute (nanjing) Co Ltd
Current assignee: Turing Artificial Intelligence Research Institute (nanjing) Co Ltd
Priority date: 2019-09-26
Filing date: 2019-09-26
Publication date: 2020-02-18
Anticipated expiration: 2039-09-26
Also published as: CN110807195B

Abstract

The application provides a publishing method, a publishing platform device and a publishing system of an intelligent contract. And then, repairing the security vulnerability in the execution logic based on a preset security logic description rule to obtain a repaired second executable program. Finally, the repaired second executable program is issued to the blockchain network. The intelligent contract issuing method, the intelligent contract issuing platform device and the intelligent contract issuing system can automatically check and repair security vulnerabilities existing in the intelligent contracts before the intelligent contracts are issued.

Description

Intelligent contract issuing method, issuing platform device and issuing system

Technical Field

The present application relates to the field of computers, and in particular, to a method, a platform device, and a system for issuing an intelligent contract.

Background

The non-tamperable nature of blockchains makes the update mechanism of smart contracts different from that of traditional programs. Once the intelligent contracts are issued and stored on the blockchain, the intelligent contracts cannot be changed at will. Unlike other businesses, smart contracts themselves have some financial attributes, which relate to accounts and their financial changes at runtime, among other things. If the intelligent contracts issued on the block chain have security vulnerabilities, the intelligent contracts with the security vulnerabilities are more easily utilized by attackers, and technical problems such as data maintenance and the like and even legal problems are caused.

Even if a security breach is found in an already issued intelligent contract, the intelligent contract cannot be repaired any more. The discovered security vulnerabilities are fixed before the smart contracts are released in the blockchain to prevent exploitation by attackers. However, most of the existing analysis tools and analysis methods can only realize the function of detecting the security vulnerabilities in the intelligent contracts and cannot provide corresponding repair schemes, and a large number of security vulnerabilities are found every day, and developers who only rely on the intelligent contracts cannot timely and effectively repair the large number of security vulnerabilities.

Disclosure of Invention

In view of the above drawbacks of the prior art, an object of the present application is to provide a method, a platform device and a system for issuing an intelligent contract, which are used to solve the problems that an analysis tool cannot provide a repair scheme corresponding to a security vulnerability of an intelligent contract before the intelligent contract is issued and developers of the intelligent contract cannot timely and effectively repair a large number of security vulnerabilities in the prior art.

To achieve the above and other related objects, a first aspect of the present application provides a method for issuing an intelligent contract, including: analyzing a first executable program of an intelligent contract to be issued to obtain the current execution logic of the first executable program; repairing the security loophole in the execution logic based on a preset security logic description rule to obtain a repaired second executable program; wherein the security logic description rule comprises security execution logic when executing an intelligent contract in accordance with invoking a resource of an external node; the second executable program is published into a blockchain network.

In certain embodiments of the first aspect of the present application, the step of parsing a first executable program of a smart contract to be issued to obtain current execution logic of the first executable program comprises: disassembling the first executable program to obtain control relationships and data relationships describing the intelligent contract execution process; wherein the control relationship and data relationship are used to describe the currently executing logic and include logical relationships generated based on invoking resources of an external node.

In certain embodiments of the first aspect of the present application, the current execution logic is described by a block diagram.

In certain embodiments of the first aspect of the present application, the security breach comprises at least one of: the state variable change instruction is located after the external call instruction, lacks a check instruction for out-of-bounds operations, and lacks a check instruction for external calls.

In some embodiments of the first aspect of the present application, the step of repairing the security vulnerability in the current execution logic based on a preset security logic description rule to obtain a repaired second executable program includes: checking the control relation between external resource calling and state variable updating in the current execution logic; and adjusting the control sequence between the external resource call and the state variable update according to the corresponding security logic description rule based on the check result to obtain the repaired second executable program.

In some embodiments of the first aspect of the present application, the step of repairing the security vulnerability in the current execution logic based on a preset security logic description rule to obtain a repaired second executable program includes: checking a data relationship in the current execution logic that is generated based on an external resource call; and supplementing a data validity checking mechanism for the called external resource based on the checking result and according to the corresponding security logic description rule to obtain the repaired second executable program.

In some embodiments of the first aspect of the present application, the step of repairing the security vulnerability in the current execution logic based on a preset security logic description rule to obtain a repaired second executable program includes: checking a control relation and/or a data relation of the execution result of the called external resource in the current execution logic; and supplementing an exception handling mechanism for the execution result based on the check result and according to a corresponding safety logic description rule to obtain the repaired second executable program.

In certain embodiments of the first aspect of the present application, before the issuing step, the method further comprises the steps of: validating the second executable program based on a trusted portion of the current execution logic.

In some embodiments of the first aspect of the present application, the step of repairing the security vulnerability in the current execution logic based on a preset security logic description rule to obtain a repaired second executable program includes: rewriting security vulnerabilities in intermediate codes obtained by analyzing the first executable program according to the security logic description rules; the rewritten intermediate code is translated into a second executable program.

In certain embodiments of the first aspect of the present application, before performing the translating step, further comprising the steps of: verifying the rewritten intermediate code based on the trusted portion of the current execution logic.

In certain embodiments of the first aspect of the present application, further comprising: and updating the security logic description rule.

A second aspect of the present application further provides a platform device for issuing an intelligent contract, including: the interface device is used for receiving a first executable program of the intelligent contract and issuing a second executable program repaired by the first executable program to the blockchain network; storage means for storing at least one program; and the processing device is connected with the storage device and the interface device and used for calling and executing the at least one program so as to coordinate the interface device and the storage device to execute the publishing method according to the first aspect.

The third aspect of the present application also provides a computer-readable storage medium storing at least one program which, when invoked, performs the publishing method as described in the preceding first aspect.

A fourth aspect of the present application also provides a system for issuing an intelligent contract, including: the analysis module is used for analyzing a first executable program of an intelligent contract to be issued so as to obtain the current execution logic of the first executable program; the repairing module is used for repairing the security loophole in the execution logic based on a preset security logic description rule to obtain a repaired second executable program; wherein the security logic description rule comprises security execution logic when executing an intelligent contract in accordance with invoking a resource of an external node; and the issuing module is used for issuing the second executable program to the blockchain network.

As described above, according to the issuing method, the issuing platform device, and the issuing system for an intelligent contract, the execution logic of the executable program of the intelligent contract can be automatically checked before the intelligent contract is issued, and the executable program with a security vulnerability can be automatically rewritten based on the check result, so that various security vulnerabilities existing in the executable program can be repaired and eliminated, and the rewritten executable program without the security vulnerability can be issued to the block chain network. The additional manual analysis and repair cost is reduced, and the overall safety of the block chain platform is improved.

Drawings

Fig. 1 is a schematic structural diagram of a hardware system of an issuing platform device of the intelligent contract in an embodiment of the present application.

Fig. 2 is a schematic block diagram showing a flow of the issuing method of the intelligent contract of the present application.

FIG. 3 is a block diagram of the current execution logic of an intelligent contract.

Fig. 4 is a schematic structural diagram of a publishing system of the intelligent contract in an embodiment of the present application.

Fig. 5 is a schematic diagram of a network architecture of a distribution system and a blockchain network of the intelligent contract of the present application.

Detailed Description

The following description of the embodiments of the present application is provided for illustrative purposes, and other advantages and capabilities of the present application will become apparent to those skilled in the art from the present disclosure.

Although the terms first, second, etc. may be used herein to describe various elements in some instances, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first executable program may be referred to as a second executable program, and similarly, a second executable program may be referred to as a first executable program, without departing from the scope of the various described embodiments. The first executable and the second executable are both describing one executable, but are not the same executable unless the context clearly dictates otherwise.

Also, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context indicates otherwise. It will be further understood that the terms "comprises," "comprising," "includes" and/or "including," when used in this specification, specify the presence of stated features, steps, operations, elements, components, items, species, and/or groups, but do not preclude the presence, or addition of one or more other features, steps, operations, elements, components, species, and/or groups thereof. The terms "or" and/or "as used herein are to be construed as inclusive or meaning any one or any combination. Thus, "A, B or C" or "A, B and/or C" means "any of the following: a; b; c; a and B; a and C; b and C; A. b and C ". An exception to this definition will occur only when a combination of elements, functions, steps or operations are inherently mutually exclusive in some way.

The intelligent contract issued on the blockchain platform is a bytecode for compiling a source code of the intelligent contract written by a developer using a high-level programming language into an intelligent contract for execution by a virtual machine by a compiler, and the bytecode of the intelligent contract is commonly maintained and used by a plurality of node devices in the blockchain platform once issued on the blockchain platform. The intelligent contract issued on an ethereal (Ethereum) blockchain platform can respond to the received information, receive and store account information and corresponding fund information, and send user account information and corresponding fund information outwards. Based on the financial attributes of the intelligent contracts, if the intelligent contracts issued on the block chain have security vulnerabilities, the intelligent contracts with the security vulnerabilities are more easily utilized by attackers to obtain benefits.

In order to avoid tampering and interception of information of the intelligent contracts issued on the blockchain due to security vulnerabilities, it is necessary to analyze and repair the security vulnerabilities existing in the intelligent contracts before issuing. However, the way of testing before release is limited to the data used by the test case, and logic problems and exception handling problems in the program are not necessarily found.

Therefore, the intelligent contract issuing method, the intelligent contract issuing platform device and the intelligent contract issuing system can automatically perform security vulnerability check on the intelligent contract and repair corresponding security vulnerabilities without a developer providing a source program before the intelligent contract is issued, and issue the checked and repaired intelligent contract to the block chain. The safety of the intelligent contract issued on the block chain is improved, and the problem that a developer of the intelligent contract cannot timely and effectively repair a large number of security holes is solved.

The intelligent contract refers to program code running on a blockchain, which can perform arbitrary computation and implement complex logic. The program code of the intelligent contract can have the functions of transmitting the account information of the user and the corresponding fund information, calling other intelligent contracts mutually, maintaining the account information of the user and the corresponding fund information together with other node equipment of the block chain platform and the like. The intelligent contracts issued on the blockchain are byte codes of the intelligent contracts, which are compiled by a compiler by a developer using a high-level programming language, into intelligent contracts which can be executed by a virtual machine or a processor. Wherein the high-level programming language includes, but is not limited to, any of: the compiler corresponds to the high-level programming language, and the type of the compiler used in compiling is different when the high-level programming language is different.

Referring to fig. 1, fig. 1 is a schematic structural diagram of a hardware system of a publishing platform apparatus of an intelligent contract according to an embodiment of the present application, where the publishing platform apparatus 10 may be a single computer device, a service system based on a cloud architecture, and the like. The single computer device may be an autonomously configured computer device that can execute the issuing method of the intelligent contract, and may be located in a private computer room or a leased computer location in a public computer room. The Service system of the Cloud architecture comprises a Public Cloud (Public Cloud) Service end and a Private Cloud (Private Cloud) Service end, wherein the Public or Private Cloud Service end comprises Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS), and the like. The private cloud service end is used for example for an Aliskian cloud computing service platform, an Amazon cloud computing service platform, a Baidu cloud computing platform, a Tencent cloud computing platform and the like.

As shown in fig. 1, the issuing platform device 10 of the intelligent contract includes an interface device 12, a storage device 11 and a processing device 13. According to the hardware device actually operated by the distribution platform device 10 for executing the distribution method, the above devices may be located on a single server, or located in multiple servers and cooperatively completed through data communication between the servers.

The interface device 12 of the issuing platform device 10 is configured to receive a first executable program of the smart contract to be issued and provide the first executable program to the processing device; the processing device checks and repairs the first executable program and issues a second executable program of the repaired smart contract into a blockchain network through the interface device 12. The interface device 12 includes, but is not limited to, a network card, a mobile network access module, etc.

The first executable program is a bytecode file compiled by a compiler for executing an intelligent contract. The second executable is a bytecode file that is checked and repaired by the publishing platform assembly 10 to enable an intelligent contract to be executed with the first executable. The bytecode file is in the form of an execution file of the high-level programming language, is a binary file, and is a file that needs a virtual machine to interpret execution or needs a processor to execute. For example, if the high level programming language of the source program is Java, the bytecode file is a class file. For another example, if the high-level programming language of the source program is the Solidity language, the bytecode file is the. evm file. The type of the bytecode file is associated with the high-level programming language.

The storage means 11 is used to store at least one program that can execute the distribution method. The storage means 11 may be located on the same physical server as the processing means 13 or in a different physical server and deliver the program to the processing means 13 running the program through the interface means 12 of the respective server. The storage 11 may comprise high speed random access memory and may also comprise non-volatile memory, such as one or more magnetic disk storage devices, flash memory devices or other non-volatile solid state storage devices, and the like. In an embodiment, the storage device may also include memory remote from the one or more processors, such as network-attached memory accessed via RF circuitry or external ports and a communication network (not shown), which may be the internet, one or more intranets, Local Area Networks (LANs), wide area networks (WLANs), Storage Area Networks (SANs), etc., or a suitable combination thereof. The memory device 11 also includes a memory controller that controls access to the memory by other components of the apparatus, such as the CPU and peripheral interfaces. Among the software components stored in memory are an operating system, a communications module (or set of instructions), a text input module (or set of instructions), and an application (or set of instructions).

The processing device 13 is connected to the interface device 12 and the storage device 11, and is configured to call and execute the at least one program, so as to coordinate the interface device 12 and the storage device 11 to execute the publishing method. The processing means 13 is operatively coupled to the storage means 11. More specifically, processing device 13 may execute programs stored in memory and/or non-volatile storage to perform operations in the publishing platform assembly 10. As such, the processing device 13 may include one or more general purpose microprocessors, one or more application specific processors (ASICs), one or more field programmable logic arrays (FPGAs), or any combination thereof. The plurality of CPUs included in the processing device may be located in the same physical server or distributed in a plurality of physical servers, and implement data communication by means of the interface device 12 to issue the repaired second executable program into the blockchain network.

Referring to fig. 2, fig. 2 is a schematic block diagram illustrating a flow of a method for issuing an intelligent contract according to the present application. The issuing method may be performed by the issuing platform apparatus of the intelligent contract, or other computer device that may perform the steps associated with the issuing method of the intelligent contract.

In step S110, the publishing platform device parses a first executable program of a smart contract to be published to obtain a current execution logic of the first executable program.

Here, the issuing platform apparatus acquires a first executable program of a smart contract to be issued, and parsing the acquired first executable program is to facilitate acquisition of logic of an internal execution process in the first executable program, logic of calling an external resource, and a data processing process generated when the external resource is called. The external resource call includes, but is not limited to, at least one of: invoking a processing result of the external intelligent contract, invoking data stored by the external contract, invoking the external intelligent contract, and the like.

The publishing platform device may obtain, through an interface device, a first executable program submitted by a user in a WEB browser or a client, so as to trigger the publishing platform device to execute step S110.

In one embodiment, parsing the first executable program of the intelligent contract to be issued to obtain the control relation and the data relation describing the execution process of the intelligent contract is realized by disassembling the first executable program. The disassembly is the process of converting machine language to assembly language code, i.e., the disassembly may convert a first executable program to an assembly execution sequence. The manner and/or tools of disassembling the first executable program may also be different for intelligent contracts written in different kinds of high-level programming languages. For example, where the high level programming language is identity, the disassembly tool used in disassembling the corresponding first executable program includes: evmdis, porosity, Etherspray, etc.

The control relation refers to the sequence of execution sequence among instructions in the assembly execution sequence, and in the same execution sequence, the subsequently executed instructions depend on the previously executed instructions. The data relationship is the transfer of data between instructions, an instruction using a certain data depending on the instruction defining the data. The control and data relationships are used to describe the current execution logic of the first executable program, and the control and data relationships also contain logical relationships that are generated based on invoking resources of an external node. I.e., the currently executing logic contains logical relationships that are generated based on invoking resources of the external node. The current execution logic is described by means of a block diagram. For example, referring to FIG. 3, FIG. 3 is a block diagram of the execution logic of an intelligent contract, where the circles represented by the numbers represent instructions, the solid lines represent control relationships between instructions, and the dashed lines represent data relationships between instructions. The control relationships may be described by a control flow graph and the data relationships may be described by a data flow graph. The control flow graph is exemplified by a directed graph, for example, graph G ═ (N, E, neighbor) —, where N is a set of nodes, and each instruction of the assembly execution sequence corresponds to a node in the graph; edge set E { (N1, N2) | N1, N2 ∈ N and N1 executes, possibly N2 immediately; the entry and exit nodes of the assembly execution sequence are the neighbor and neighbor, respectively. The data flow diagram refers to a logic flow direction and a logic transformation process of data in an assembly execution sequence from a data transfer perspective, and can describe a storage mode, a reading mode and a processing mode of the assembly execution sequence on the data. In a specific embodiment, according to the order of instructions in an assembly execution sequence obtained by disassembling, the function of the instructions in the API, and the like, the simulation includes stopping executing the control relationship of the instructions in the assembly execution sequence, transferring and executing the control relationship of the instructions in the assembly execution sequence, and sequentially executing the control relationship of the instructions in the assembly execution sequence, and the like, so as to obtain the control relationship describing the intelligent contract execution process. And simulating stack operation, memory operation and the like according to parameter definitions such as data structures, global variables and local variables in an assembly execution sequence obtained by disassembling so as to obtain a data relation describing the intelligent contract execution process. And the control relation of stopping execution is used for indicating the node equipment in the block chain to stop executing the current execution sequence after the instruction is executed. The control relationship of the branch execution is used for indicating that the node device in the block chain executes the execution sequence starting from the target address after the instruction is executed. The sequentially executed control relationship is used for indicating the node equipment in the block chain to sequentially execute the next instruction in the execution sequence after the instruction is executed. A stack operation refers to the instruction pushing an operand to the stack or popping an operand from the stack. A memory operation refers to the instruction writing to memory or reading an operand from memory. The operand comprises a source of data required by an execution instruction, the operand is a field in an instruction of an assembly execution sequence, and the operand can be used for storing the operand per se, an operation address and a calculation method of the operation address in the field of the operand in the instruction. Typically an instruction contains both operators and operands. For example: in the compare instruction, an operator specifies a computer to perform a compare operation, and an operand specifies two values to be compared. Wherein the operands comprise data provided from an external calling resource. For example, the fund data corresponding to the same user account information from other intelligent contracts called externally.

In another embodiment, the control relationship and the data relationship describing the execution process of the intelligent contract are obtained by using a dynamic program analysis technology based on the assembly execution sequence and a method of combining the simulation execution technology with the simulation execution technology in the previous embodiment. The dynamic program analysis technology is used for acquiring a control relation and a data relation under the actual running condition of a program by observing the state of the program in the running process. After the control relationship and the data relationship of the intelligent contract are calculated based on the analysis method in the foregoing specific embodiment, each instruction of the intelligent contract may be actually run based on a dynamic program analysis technique to obtain an instruction execution result, a memory usage condition, a stack usage condition, a function of the intelligent contract, and the like in the intelligent contract. The actually running intelligent contract can be a first executable program or an assembly execution sequence obtained by disassembling the first executable program. The control relationship and the data relationship of the intelligent contract obtained by estimation are confirmed and corrected based on the execution result of the instruction obtained by actually operating the program, the memory usage, the stack usage, the function of the intelligent contract, and the like.

The publishing platform device obtains a current execution logic of a first executable program by analyzing the first executable program to be published, and executes step S120 to repair a security vulnerability in the execution logic based on a preset security logic description rule to obtain a repaired second executable program. Wherein the security logic description rule includes security execution logic when executing the smart contract in dependence on invoking the resource of the external node. Wherein the invoking of the resource of the external node comprises: and the first executable program calls the blockchain node to execute the external intelligent contract and obtain a processing result of the external intelligent contract, data stored on the calling blockchain node and the like.

Here, the security vulnerabilities in the execution logic include at least one of: the state variable change instruction is located after the external call instruction, lacks a check instruction for out-of-bounds operations, and lacks a check instruction for external calls.

The security vulnerability of the state variable change instruction after the external call instruction means that the external call instruction and the state change instruction exist in the first executable program, and the state change instruction is after the external call instruction, namely the internal execution process of the first executable program changes the state variable depending on the external execution of the intelligent contract on the block chain; wherein the state variables include, but are not limited to, variables stored in memory (storage). For example, when the node device in the block chain does not receive the execution result of the DAO contract during the execution of the instruction for calling the external DAO contract in the first execution program, the processing result of the DAO contract is tampered, so that the corresponding node device executes a subsequent state change instruction according to the received tampered processing result, which causes a security vulnerability to occur in the execution of the intelligent contract.

The exception condition for executing the instruction includes the instruction of the arithmetic operation whose calculation result is out of bounds but lack of checking. For example, the first executable program includes an instruction for performing arithmetic calculation using data obtained from an externally called resource, and when the instruction for calling the external resource is intercepted and a calculation result for causing the calculation to be out of range is received, a corresponding security hole is generated. Examples of such security holes include integer overflow, integer underflow. Here, when an arithmetic calculation instruction is executed in the first executable program according to the acquired external resource, the obtained calculation result lacks a check instruction for the boundary crossing operation, which results in integer overflow. For example, a memory space for storing 8-bit integer data is opened in the memory in advance, and if the calculation result is greater than 255, an integer overflow is generated to cause an error to be stored as 0, thereby causing a security hole. For another example, a memory space for storing 8-bit integer data is opened in the memory in advance, and if the calculation result is less than-128, an integer underflow is generated to cause an error to be stored as 127, thus causing a security hole.

The lack of a security hole for the check instruction for the external call refers to the lack of an instruction for data validity check of the return value of the external call operation in the first executable program. For example, there is a security hole lacking a checking instruction for the external call in the first executable program, and when the external call is abnormal, the first executable program does not detect the boolean value false returned by the external resource, and continues to execute the executable program of the current smart contract. That is, the first executable continues to execute normally without exception according to the external call, thus resulting in a security breach.

And based on the security vulnerabilities, popularizing the security vulnerabilities to other security vulnerabilities, and reflecting the security vulnerabilities in the control relationship and the data relationship obtained through analysis. For example, in the control flow graph obtained by the analysis, the control flow of the first execution program is represented by a control relationship described by a point and a directed edge. For another example, in the dataflow graph obtained by the analysis, the data reading and writing flow of the first execution program is represented by using the data relationship described by the point and the directed edge. In order to facilitate rapid location of the security vulnerability, a security logic description rule corresponding to the security vulnerability is preset in the publishing platform device, and the security logic description rule is described as security execution logic when the intelligent contract is executed according to the resource of the external node. According to the instruction bug describing the security vulnerability, the preset security logic description rule may include at least one of the following: the state variable change instruction precedes the external call instruction, adds a check instruction for out-of-bounds operations, and adds a check instruction for external calls.

Here, the security logic description rule corresponds to a description mode for parsing the execution logic of the first executable program. Taking the example that the publishing platform device parses the first executive program into a structure diagram, the security logic description rule includes a rule of a point in the structure diagram and a safe connection order and a connection mode described by a directed edge. The release platform device checks the constructed structure diagram of the first executive program by using the structure diagram rule which is provided by the security logic description rule and eliminates the security vulnerability, and when the position which does not accord with the structure diagram rule is checked, the position of the security vulnerability in the first executive program is determined. For example, the attributes of points in the structure diagram of the first executive program constructed according to the instruction rules in the security logic description rules are checked, the attributes of directed edges between corresponding points in the corresponding structure diagram are checked according to the instruction execution sequence in the security logic description rules, and when the attributes do not meet the instruction execution sequence, the position of the security hole in the corresponding structure diagram is determined, so that the position of the security hole of the first executive program is obtained.

When the issuing platform device determines the position of the security vulnerability in the first executable program, rewriting the security vulnerability in the intermediate code obtained by analyzing the first executable program according to the security logic description rule, and translating the rewritten intermediate code into a second executable program. Wherein the intermediate code is instruction code in the assembly execution sequence. Here, the publishing platform apparatus replaces the security vulnerability in the control relationship and the data relationship for describing the first execution program according to the security logic description rule, and rewrites the instruction code of the corresponding position in the assembly execution sequence according to the replaced position of the control relationship and the data relationship. Examples of the rewrite operation include, but are not limited to: adjusting the execution sequence of the instruction codes, or adding corresponding checking instruction codes, and the like. And the release platform device translates the rewritten assembly execution sequence into a second executable program, so that the second executable program which can be executed by the node equipment on the block chain is obtained.

In some embodiments, the step S120 further includes a step (not shown) of updating the security logic description rule, where the updating operation is to store the corresponding security logic description rule in the publishing platform device according to an emerging new security vulnerability; and/or providing improved security logic description rules for existing security logic description rules to improve execution efficiency of the repaired executable program. For example, the execution of each instruction consumes a certain amount of unit cost (gas) during the execution of the smart contract, wherein the unit cost (gas) is a unit for measuring the amount of calculation required for executing a certain instruction. The new security logic description rule received by the publishing platform device is a security logic description rule that replaces an original security logic description rule to consume less unit cost (gas).

For convenience of understanding, in the following embodiments, the repair process corresponding to the security vulnerability based on the preset security logic description rule is exemplified by an intelligent contract source program.

In an embodiment, the step S120 includes: and checking the control relation between the external resource call and the state variable update in the current execution logic, and adjusting the control sequence between the external resource call and the state variable update according to the corresponding safety logic description rule based on the check result to obtain the repaired second executable program.

Here, the issuing platform device determines, according to the check result, that the control relationship is to execute the state variable update instruction after executing the external resource call instruction in the first executable program, and then adjusts the state variable update instruction to be executed before the external resource call instruction according to the corresponding security logic description rule. For convenience of description, taking an example of describing a security vulnerability in source code of a smart contract as an example, actually the security vulnerability in the following example is obtained based on parsed execution logic, the issuing platform device detects the description in the structure diagram of an instruction in the source code calling the windowbalance function, and an instruction (call value () function) determining fund information provided by an external resource is executed before an instruction (userbalanes function) updating a state variable:

value () function is an external resource call instruction for sending the fund information to the user who called the withdrawBalance. The userBalances function of the sixth row is a state variable update instruction that is used to update the balance in the user account. To this end, the execution logic that is parsed to correspond to the function call value () in the smart contract preceding the userbalanes function is a security hole in the smart contract. If an attacker calls the withdrawBalance function in the intelligent contract through a malicious intelligent contract, the intelligent contract executes a call value () function to send fund information to the malicious intelligent contract and simultaneously transfers the control relation to the malicious intelligent contract. Although the intelligent contract already sends the fund information to the malicious intelligent contract, the intelligent contract automatically calls the fallback function of the malicious intelligent contract and calls the withdraw function again in the fallback function because the intelligent contract is waiting for the return of the external resource calling instruction at the moment and the state variable updating instruction is not executed yet. The malicious intelligent contract can utilize the legitimacy check instruction of the fourth row bypassed by the security vulnerability to implement reentry attack so as to extract the fund information stored in the intelligent contract again.

In order to eliminate the security holes, the state variable update instruction may be adjusted to be executed before the external resource call instruction based on the corresponding security logic description rule, so as to obtain a repaired intelligent contract (source code) as follows:

in actual operation, the publishing platform device rewrites and translates the corresponding bytecode or intermediate code according to the execution logic of the source code to obtain the repaired second executable program.

In another specific embodiment, the step S120 includes: and checking a data relation generated based on external resource calling in the current execution logic, and supplementing a data validity checking mechanism of the called external resource based on a checking result and according to a corresponding security logic description rule to obtain a repaired second executable program. The data validity checking mechanism is used for checking whether an operation result of the arithmetic operation instruction has an out-of-range operation result.

The issuing platform device determines that the instruction which does not check the operation result of the arithmetic operation instruction in the intelligent contract according to the check result and possibly causes the arithmetic operation instruction of the intelligent contract to generate an out-of-range result, and adds the check instruction to the arithmetic operation instruction which possibly generates the out-of-range result according to the corresponding safety logic description rule. For convenience of description, taking an example of describing a security vulnerability in source code of an intelligent contract, in fact, the security vulnerability in the following example is obtained based on parsed execution logic, the issuing platform device detects the description in the structure diagram of an instruction in the source code calling the increaseLockTime function, and a variable required for determining an arithmetic operation instruction depends on a variable (timeToIncreate) provided by an external resource:

wherein, the check instruction (require () function) of the tenth line in the intelligent contract requires that the user can take out the fund information stored in the intelligent contract after one week. If the user inputs a large enough variable (timetoanrease) to cause the addition instruction in the sixth row to generate an out-of-range result, the changed unsigned integer variable (lockTime) bypasses the check instruction in the tenth row, so that the fund information can be taken out in less than one week.

To eliminate the security hole, a check instruction may be added to the arithmetic operation instruction based on the corresponding security logic description rule to obtain a repaired intelligent contract (source code) as follows:

In another embodiment, the step of repairing the security vulnerability in the current execution logic based on the preset security logic description rule to obtain a repaired second executable program includes: checking a control relation and/or a data relation of the execution result of the called external resource in the current execution logic; and supplementing an exception handling mechanism for the execution result based on the check result and according to a corresponding safety logic description rule to obtain the repaired second executable program.

For example, the issuing platform device determines, according to the check result, that an external resource call instruction exists in the intelligent contract, and according to a control relationship of the external resource call instruction in the execution logic, determines that the execution logic lacks a check instruction for checking whether an exception exists in the result of the external resource call instruction, and supplements an exception handling mechanism for the execution result to the result of the external resource call instruction according to a corresponding security logic description rule, where the exception handling mechanism includes adding a check instruction to the execution result.

For another example, the issuing platform device determines that the external resource calling instruction exists in the smart contract according to the checking result, and determines that the checking instruction for checking whether the result of the external resource calling instruction is abnormal exists in the execution logic and the execution result of the first executable program depends on the execution result of the called external resource according to the control relation of the external resource calling instruction used in the execution logic and the data relation of the execution result of the called external resource instruction in the current execution logic. Supplementing the result of the external resource calling instruction with an exception handling mechanism for the execution result according to a corresponding security logic description rule, wherein the exception handling mechanism comprises an instruction for adding a check instruction to the execution result.

For another example, the issuing platform device determines that the external resource calling instruction exists in the intelligent contract according to the checking result, and determines that the checking instruction for checking whether the result of the external resource calling instruction is abnormal exists in the execution logic and the execution result of the first executable program does not depend on the execution result of the called external resource according to the control relation of the external resource calling instruction used in the execution logic and the data relation of the execution result of the called external resource instruction in the current execution logic. Supplementing the result of the external resource calling instruction with an exception handling mechanism for the execution result according to a corresponding security logic description rule, wherein the exception handling mechanism comprises an instruction for adding a check instruction to the execution result.

For convenience of description, taking an example of describing a security vulnerability in source code of an intelligent contract as an example, actually the security vulnerability in the following example is obtained based on the parsed execution logic, the issuing platform device detects the description of an instruction in the source code calling sendtewinner function in the structure diagram, and determines whether there is an exception for the execution result of the instruction for providing funding information for external resources (send () function) and has no corresponding checking instruction:

the send () function in the seventh row is used to send the fund information to the winner, because the send () function is a bottom function, the exception of the execution result is not transferred to the current contract, and the program or data is not restored to the last correct state, but a boolean value false is returned, because the intelligent contract defaults to regarding the external resource calling instruction as successfully executed, the data validity check is not performed on the execution result of the send () function.

In order to eliminate the security hole, a check instruction may be added to the external resource call instruction based on the corresponding security logic description rule, so as to obtain a repaired intelligent contract (source code) as follows:

in actual operation, the publishing platform device rewrites and translates the corresponding bytecode or intermediate code according to the execution logic of the source code to obtain the repaired second executable program. It should be noted that the repair manners provided by the above examples may be used in combination, for example, the control relationship and the data relationship of the first executable program to be issued are checked and repaired one by one according to a plurality of preset security logic description rules.

Based on the foregoing repair method, a second executable program of the repaired smart contract may be obtained, and after the second executable program is obtained, step S130 is executed to issue the second executable program to the blockchain network.

The issuing platform device sends the repaired second executable program to the corresponding plurality of node devices according to the configuration of the node devices in the block chain network in advance, so that each node device executes the second executable program based on a consensus mechanism and the like to fulfill an intelligent contract.

The block chain network is a decentralized network, the network comprises a plurality of node devices, and each node device provides network service together. The node devices in the blockchain network may be located in a single computer device, or in physical devices or virtual devices used in a cloud-based architecture service system. The single computer device may be located in a private room or in a leased stand located in a public room. The form and the set geographical position of the physical device or the virtual device are not limited. For example, multiple node devices may be located on different virtual devices of the same physical server and managed separately by administrative authority. The service system of the cloud architecture comprises a public cloud service end and a private cloud service end, wherein the public or private cloud service end comprises SaaS, PaaS, IaaS and the like. The private cloud service end comprises an Array cloud computing service platform, an Amazon cloud computing service platform, a Baidu cloud computing platform, a Tencent cloud computing platform and the like. The virtual device may be one of devices in which an entity server virtualizes a single stand-alone device into multiple logical devices through a virtualization technology, and the logical devices are used by multiple user processes simultaneously.

To ensure that known security vulnerabilities are eliminated from the second executable program that is issued and that no new security vulnerabilities or logic errors are generated after the fix, the method may further include the step of validating the second executable program based on a trusted portion of the currently executing logic in the first executable program, before performing step S130.

Wherein the trusted portion is a portion of the first executable program to implement the smart contract functionality and does not include the security breach. The verifying step may be performed before the translating step or after the translating step. For example, the control relationship and the data relationship of the intelligent contract function implemented in the second executable program are verified by using the control relationship and the data relationship of the intelligent contract function implemented in the first executable program, and when the verification is passed, step S130 is executed to issue the repaired second executable program onto the block chain. As another example, the rewritten intermediate code is verified based on a trusted portion of the current execution logic before performing the translating step, and step S130 is performed if the portion of the functionality of the intelligent contract implemented in the rewritten intermediate code matches the portion of the functionality of the intelligent contract implemented in the intermediate code of the first executable program.

Referring to fig. 4, fig. 4 is a schematic structural diagram of a distribution system of an intelligent contract according to an embodiment of the present application, and as shown in the drawing, the distribution system 20 includes: an analysis module 21, a repair module 22, and a distribution module 23. The parsing module 21 is configured to parse a first executable program of an intelligent contract to be issued to obtain a current execution logic of the first executable program.

Here, the parsing module 21 obtains a first executable program of a smart contract to be issued, and parses the obtained first executable program to facilitate logic of an internal execution process, logic of calling an external resource, and a data processing process generated when the external resource is called in the first executable program. The external resource call includes, but is not limited to, at least one of: invoking a processing result of the external intelligent contract, invoking data stored by the external contract, invoking the external intelligent contract, and the like.

In one embodiment, parsing module 21 parses the first executable program of the intelligent contract to be issued by disassembling the first executable program to obtain the control relationship and the data relationship describing the execution process of the intelligent contract. The disassembly is the process of converting machine language to assembly language code, i.e., the disassembly may convert a first executable program to an assembly execution sequence. The manner and/or tools of disassembling the first executable program may also be different for intelligent contracts written in different kinds of high-level programming languages. For example, where the high level programming language is identity, the disassembly tool used in disassembling the corresponding first executable program includes: evmdis, porosity, Etherspray, etc.

The control relation refers to the sequence of execution sequence among instructions in the assembly execution sequence, and in the same execution sequence, the subsequently executed instructions depend on the previously executed instructions. The data relationship is the transfer of data between instructions, an instruction using a certain data depending on the instruction defining the data. The control and data relationships are used to describe the current execution logic of the first executable program, and the control and data relationships also contain logical relationships that are generated based on invoking resources of an external node. I.e., the currently executing logic contains logical relationships that are generated based on invoking resources of the external node. The current execution logic is described by means of a block diagram. For example, FIG. 3 is a block diagram of the execution logic of an intelligent contract, where solid lines represent control relationships between instructions and dashed lines represent data relationships between instructions. The control relationships may be described by a control flow graph and the data relationships may be described by a data flow graph. The control flow graph is exemplified by a directed graph, for example, graph G ═ (N, E, neighbor) —, where N is a set of nodes, and each instruction of the assembly execution sequence corresponds to a node in the graph; edge set E { (N1, N2) | N1, N2 ∈ N and N1 executes, possibly N2 immediately; the entry and exit nodes of the assembly execution sequence are the neighbor and neighbor, respectively. The data flow diagram refers to a logic flow direction and a logic transformation process of data in an assembly execution sequence from a data transfer perspective, and can describe a storage mode, a reading mode and a processing mode of the assembly execution sequence on the data. In a specific embodiment, the parsing module 21 simulates, according to the order of the instructions in the assembly execution sequence obtained by disassembling, the function of the instructions in the API, and the like, a control relationship including stopping executing the instructions in the assembly execution sequence, transferring the control relationship of executing the instructions in the assembly execution sequence, and sequentially executing the control relationship of the instructions in the assembly execution sequence, so as to obtain a control relationship describing the intelligent contract execution process. The analysis module 21 simulates stack operation, memory operation and the like according to parameter definitions such as data structures, global variables and local variables in an assembly execution sequence obtained by disassembling so as to obtain a data relationship describing the intelligent contract execution process. And the control relation of stopping execution is used for indicating the node equipment in the block chain to stop executing the current execution sequence after the instruction is executed. The control relationship of the branch execution is used for indicating that the node device in the block chain executes the execution sequence starting from the target address after the instruction is executed. The sequentially executed control relationship is used for instructing the node devices in the block chain to sequentially execute the next in the execution sequence after the instruction is executed. A stack operation refers to the instruction pushing an operand to the stack or popping an operand from the stack. A memory operation refers to the instruction writing to memory or reading an operand from memory. The operand comprises a source of data required by an execution instruction, the operand is a field in an instruction of an assembly execution sequence, and the operand can be used for storing the operand per se, an operation address and a calculation method of the operation address in the field of the operand in the instruction. Typically an instruction contains both operators and operands. For example: in the compare instruction, an operator specifies a computer to perform a compare operation, and an operand specifies two values to be compared. Wherein the operands comprise data provided from an external calling resource. For example, the fund data corresponding to the same user account information from other intelligent contracts called externally.

In another embodiment, the parsing module 21 obtains the control relationship and the data relationship describing the execution process of the intelligent contract by using a dynamic program analysis technique based on the compiled execution sequence and combining the simulated execution as described in the previous embodiment. The dynamic program analysis technology is used for acquiring a control relation and a data relation under the actual running condition of a program by observing the state of the program in the running process. After calculating the control relationship and the data relationship of the intelligent contract based on the analysis method in the foregoing specific embodiment, the analysis module 21 may actually run each instruction of the intelligent contract based on a dynamic program analysis technique to obtain an instruction execution result, a memory usage condition, a stack usage condition, a function of the intelligent contract, and the like in the intelligent contract. The actually running intelligent contract can be a first executable program or an assembly execution sequence obtained by disassembling the first executable program. The control relationship and the data relationship of the intelligent contract obtained by estimation are confirmed and corrected based on the execution result of the instruction obtained by actually operating the program, the memory usage, the stack usage, the function of the intelligent contract, and the like.

The parsing module 21 obtains a current execution logic of a first executable program by parsing the first executable program to be issued, so that the repairing module 22 repairs security holes in the execution logic based on a preset security logic description rule to obtain a repaired second executable program. Wherein the security logic description rule includes security execution logic when executing the smart contract in dependence on invoking the resource of the external node. Wherein the invoking of the resource of the external node comprises: and the first executable program calls the blockchain node to execute the external intelligent contract and obtain a processing result of the external intelligent contract, data stored on the calling blockchain node and the like.

And based on the security vulnerabilities, popularizing the security vulnerabilities to other security vulnerabilities, and reflecting the security vulnerabilities in the control relationship and the data relationship obtained through analysis. For example, in the control structure diagram obtained by the analysis, the control flow of the first executable program is represented by a control relationship described by a point and a directed edge. For another example, in the data structure diagram obtained by the analysis, the data read-write flow of the first execution program is represented by using the data relationship described by the point and the directed edge. In order to facilitate rapid location of the security vulnerability, a security logic description rule corresponding to the security vulnerability is preset in the publishing platform device, and the security logic description rule is described as security execution logic when the intelligent contract is executed according to the resource of the external node. According to the instruction bug describing the security vulnerability, the preset security logic description rule may include at least one of the following: the state variable change instruction precedes the external call instruction, adds a check instruction for out-of-bounds operations, and adds a check instruction for external calls. Here, the security logic description rule corresponds to a description mode for parsing the execution logic of the first executable program. Taking the example that the publishing platform device parses the first executive program into a structure diagram, the security logic description rule includes a rule of a point in the structure diagram and a safe connection order and a connection mode described by a directed edge. The release platform device checks the constructed structure diagram of the first executive program by using the structure diagram rule which is provided by the security logic description rule and eliminates the security vulnerability, and when the position which does not accord with the structure diagram rule is checked, the position of the security vulnerability in the first executive program is determined. For example, the attributes of points in the structure diagram of the first executive program constructed according to the instruction rules in the security logic description rules are checked, the attributes of directed edges between corresponding points in the corresponding structure diagram are checked according to the instruction execution sequence in the security logic description rules, and when the attributes do not meet the instruction execution sequence, the position of the security hole in the corresponding structure diagram is determined, so that the position of the security hole of the first executive program is obtained.

When the location of the security vulnerability in the first executable program is determined by the repairing module 22, the security vulnerability in the intermediate code obtained by analyzing the first executable program is rewritten according to the security logic description rule, and the rewritten intermediate code is translated into the second executable program. Wherein the intermediate code is instruction code in the assembly execution sequence. Here, the fixing module 22 replaces the security holes in the control relationship and the data relationship for describing the first execution program according to the security logic description rule, and rewrites the instruction codes at the corresponding positions in the assembly execution sequence according to the positions of the replaced control relationship and data relationship. Examples of the rewrite operation include, but are not limited to: adjusting the execution sequence of the instruction codes, or adding corresponding checking instruction codes, and the like. And the release platform device translates the rewritten assembly execution sequence into a second executable program, so that the second executable program which can be executed by the node equipment on the block chain is obtained.

In some embodiments, the repairing module 22 may further update the security logic description rule, where the updating operation refers to additionally storing the corresponding security logic description rule in the publishing platform device according to an emerging new security vulnerability; and/or providing improved security logic description rules for existing security logic description rules to improve execution efficiency of the repaired executable program. For example, each instruction may consume a certain amount of unit cost (gas) during execution of the smart contract, where the unit cost (gas) is a unit for measuring the amount of computation required to execute a certain instruction and is used to calculate the amount of cost that needs to be paid to the network in order to execute a certain instruction. The new security logic description rule received by the repair module 22 is a security logic description rule that replaces the original security logic description rule to consume less unit cost (gas).

In a specific embodiment, the repairing module 22 checks a control relationship between the external resource call and the state variable update in the current execution logic, and adjusts a control sequence between the external resource call and the state variable update according to a corresponding security logic description rule based on a check result to obtain the repaired second executable program.

Here, the repair module 22 determines, according to the check result, that the control relationship is to execute the state variable update instruction after executing the external resource call instruction in the first executable program, and then adjust the state variable update instruction to be executed before the external resource call instruction according to the corresponding security logic description rule. For convenience of description, taking an example of describing a security vulnerability in source code of a smart contract as an example, actually the security vulnerability in the following example is obtained based on the parsed execution logic, the fixing module 22 detects the description of an instruction in the source code calling the within drawbalance function in the structure diagram, and an instruction (call value () function) determining fund information provided by an external resource is executed before an instruction (user balance function) updating a state variable:

in operation, the repair module 22 rewrites and translates the corresponding bytecode or intermediate code according to the execution logic of the source code to obtain the repaired second executable program.

In another embodiment, the repairing module 22 checks the data relationship generated by the external resource call in the current execution logic, and supplements a data validity checking mechanism for the called external resource according to the corresponding security logic description rule based on the checking result to obtain the repaired second executable program. The data validity checking mechanism is used for checking whether an operation result of the arithmetic operation instruction has an out-of-range operation result.

Here, the repair module 22 determines that there is no instruction in the intelligent contract for checking the operation result of the arithmetic operation instruction according to the check result, and adds the check instruction to the arithmetic operation instruction which may generate the out-of-bounds result according to the corresponding security logic description rule if the arithmetic operation instruction of the intelligent contract may generate the out-of-bounds result. For convenience of description, taking an example of describing a security vulnerability in source code of an intelligent contract, in fact, the security vulnerability in the following example is obtained based on the parsed execution logic, the repairing module 22 detects the description of an instruction in the source code calling the increaseLockTime function in the structure diagram, and determines that a variable required by an arithmetic operation instruction depends on a variable (timeToIncreate) provided by an external resource:

In yet another embodiment, the repair module 22 checks the control relationship and/or data relationship of the execution result of the called external resource in the current execution logic; and supplementing an exception handling mechanism for the execution result based on the check result and according to a corresponding safety logic description rule to obtain the repaired second executable program.

For example, the repair module 22 determines, according to the check result, that an external resource call instruction exists in the smart contract, and according to a control relationship of the external resource call instruction in the execution logic, determines that the execution logic lacks a check instruction for checking whether an exception exists in the result of the external resource call instruction, and supplements, according to a corresponding security logic description rule, an exception handling mechanism for the execution result to the result of the external resource call instruction, where the exception handling mechanism includes adding a check instruction to the execution result.

For another example, the repair module 22 determines that the external resource calling instruction exists in the smart contract according to the checking result, and determines that a checking instruction for checking whether an exception exists in the result of the external resource calling instruction exists in the execution logic and the execution result of the first executable program depends on the execution result of the called external resource according to a control relationship used by the external resource calling instruction in the execution logic and a data relationship used by the current execution logic for the execution result of the called external resource instruction. Supplementing the result of the external resource calling instruction with an exception handling mechanism for the execution result according to a corresponding security logic description rule, wherein the exception handling mechanism comprises an instruction for adding a check instruction to the execution result.

For another example, the repair module 22 determines that an external resource calling instruction exists in the smart contract according to the checking result, and determines that a checking instruction for checking whether an exception exists in the result of the external resource calling instruction in the execution logic and the execution result of the first executable program does not depend on the execution result of the called external resource according to a control relationship used by the external resource calling instruction in the execution logic and a data relationship used by the current execution logic for the execution result of the called external resource instruction. Supplementing the result of the external resource calling instruction with an exception handling mechanism for the execution result according to a corresponding security logic description rule, wherein the exception handling mechanism comprises an instruction for adding a check instruction to the execution result.

For convenience of description, taking an example of describing a security vulnerability in source code of an intelligent contract as an example, actually the security vulnerability in the following example is obtained based on the parsed execution logic, the repairing module 22 detects the description of an instruction in the source code calling sendtewinner function in the structure diagram, and determines whether there is an exception for the execution result of the instruction for providing funding information for external resources (send () function) and there is no corresponding checking instruction:

To eliminate the security hole, the repairing module 22 may add a check instruction to the external resource calling instruction based on the corresponding security logic description rule to obtain a repaired intelligent contract (source code) as follows:

in operation, the repair module 22 rewrites and translates the corresponding bytecode or intermediate code according to the execution logic of the source code to obtain the repaired second executable program. It should be noted that the repair manners provided by the above examples may be used in combination, for example, the control relationship and the data relationship of the first executable program to be issued are checked and repaired one by one according to a plurality of preset security logic description rules.

The second executable program of the repaired smart contract may be obtained based on the repair method performed by the previous repair module 22. The issuing module 23 is configured to issue the second executable program to a blockchain network.

Here, the issuing system 20 of the intelligent contract sends the repaired second executable program to the corresponding plurality of node devices according to the configuration of the node devices in the previous blockchain network, so that each node device executes the second executable program based on, for example, a consensus mechanism, and the like, to fulfill the intelligent contract.

Referring to fig. 5, fig. 5 is a schematic diagram of a network architecture of an intelligent contract distribution system and a blockchain network according to the present application, and an implementation process of the distribution method using the network architecture provided in fig. 5 is as follows: the publishing system obtains a first executable program submitted by the client. For example, the publishing system obtains a first executable program uploaded by a user via a WEB browser. And the analysis module of the issuing system analyzes the acquired first executable program to obtain the current execution logic of the first executable program. And the repairing module repairs the security loopholes in the execution logic based on a preset security logic description rule to obtain a repaired second executable program. And after obtaining the repaired second executable program, the repairing module also verifies the second executable program based on the credible part in the current execution logic in the first executable program. The publishing module publishes the repaired second executable program to each node device of the block chain network so that each node device can provide network services together based on the second executable program.

The present application also discloses a computer-readable storage medium having stored thereon at least one computer program that participates in executing the publication method when called. The distribution method is the same as or similar to the aforementioned distribution method, and is not described herein again. It should be noted that, through the above description of the embodiments, those skilled in the art can clearly understand that part or all of the present application can be implemented by software and combined with necessary general hardware platform. Based on this understanding, the technical solutions of the present application may be embodied in the form of software products, which essentially or partially contribute to the prior art.

In the embodiments provided herein, the computer-readable storage medium may include read-only memory, random-access memory, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, flash memory, U-disk, removable hard disk, or any other medium that can be used to store desired program code in the form of instructions or data structures and that can be accessed by a computer. Also, any connection is properly termed a computer-readable medium. For example, if the instructions are transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. It should be understood, however, that computer-readable-writable storage media and data storage media do not include connections, carrier waves, signals, or other transitory media, but are intended to be non-transitory, tangible storage media. Disk and disc, as used in this application, includes Compact Disc (CD), laser disc, optical disc, Digital Versatile Disc (DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers.

The distribution method described in the present application may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. The steps of the methods disclosed herein may be embodied in processor-executable software modules, which may be located on a tangible, non-transitory computer-readable and writable storage medium. Tangible, non-transitory computer readable and writable storage media may be any available media that can be accessed by a computer.

The above embodiments are merely illustrative of the principles and utilities of the present application and are not intended to limit the application. Any person skilled in the art can modify or change the above-described embodiments without departing from the spirit and scope of the present application. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical concepts disclosed in the present application shall be covered by the claims of the present application.

Claims

1. A method for issuing an intelligent contract, comprising the steps of:

analyzing a first executable program of an intelligent contract to be issued to obtain the current execution logic of the first executable program;

repairing the security loophole in the execution logic based on a preset security logic description rule to obtain a repaired second executable program; wherein the security logic description rule comprises security execution logic when executing an intelligent contract in accordance with invoking a resource of an external node;

the second executable program is published into a blockchain network.

2. The method of issuing a smart contract according to claim 1, wherein the step of parsing a first executable program of a smart contract to be issued to obtain current execution logic of the first executable program comprises:

disassembling the first executable program to obtain control relationships and data relationships describing the intelligent contract execution process;

wherein the control relationship and data relationship are used to describe the currently executing logic and include logical relationships generated based on invoking resources of an external node.

3. The method of issuing intelligent contracts according to claim 2, characterized in that the current execution logic is described by a structure diagram.

4. The method of issuing intelligent contracts according to claim 1, characterized in that the security vulnerabilities include at least one of: the state variable change instruction is located after the external call instruction, lacks a check instruction for out-of-bounds operations, and lacks a check instruction for external calls.

5. The method for issuing the intelligent contract according to claim 1, wherein the step of repairing the security vulnerability in the current execution logic based on the preset security logic description rule to obtain the repaired second executable program comprises:

checking the control relation between external resource calling and state variable updating in the current execution logic;

and adjusting the control sequence between the external resource calling and the state variable updating based on the checking result and according to the corresponding security logic description rule to obtain the repaired second executable program.

6. The method for issuing the intelligent contract according to claim 1, wherein the step of repairing the security vulnerability in the current execution logic based on the preset security logic description rule to obtain the repaired second executable program comprises:

checking a data relationship in the current execution logic that is generated based on an external resource call;

and supplementing a data validity checking mechanism for the called external resource based on the checking result and according to the corresponding security logic description rule to obtain the repaired second executable program.

7. The method for issuing the intelligent contract according to claim 1, wherein the step of repairing the security vulnerability in the current execution logic based on the preset security logic description rule to obtain the repaired second executable program comprises:

checking a control relation and/or a data relation of the execution result of the called external resource in the current execution logic;

and supplementing an exception handling mechanism for the execution result based on the check result and according to a corresponding safety logic description rule to obtain the repaired second executable program.

8. The method of issuing intelligent contracts according to claim 1, further comprising the steps of, before the step of issuing: validating the second executable program based on a trusted portion of the current execution logic.

9. The method for issuing an intelligent contract according to any one of claims 1 to 8, wherein the step of repairing the security vulnerability in the current execution logic based on the preset security logic description rule to obtain a repaired second executable program comprises:

rewriting security vulnerabilities in intermediate codes obtained by analyzing the first executable program according to the security logic description rules;

the rewritten intermediate code is translated into a second executable program.

10. The method of issuing intelligent contracts according to claim 9, further comprising, before performing the step of translating, the steps of: verifying the rewritten intermediate code based on the trusted portion of the current execution logic.

11. The method of issuing an intelligent contract according to claim 1, further comprising: and updating the security logic description rule.

12. An intelligent contract issuing platform device, comprising:

the interface device is used for receiving a first executable program of the intelligent contract and issuing a second executable program repaired by the first executable program to the blockchain network;

storage means for storing at least one program;

processing means, connected to the storage means and the interface means, for calling and executing the at least one program to coordinate the interface means and the storage means to execute the issuing method of the intelligent contract according to any one of claims 1-11.

13. A computer-readable storage medium characterized by storing at least one program which, when invoked, executes a method of issuing a smart contract according to any one of claims 1-11.

14. A system for issuing intelligent contracts, comprising:

the analysis module is used for analyzing a first executable program of an intelligent contract to be issued so as to obtain the current execution logic of the first executable program;

the repairing module is used for repairing the security loophole in the execution logic based on a preset security logic description rule to obtain a repaired second executable program; wherein the security logic description rule comprises security execution logic when executing an intelligent contract in accordance with invoking a resource of an external node;

and the issuing module is used for issuing the second executable program to the blockchain network.