CN113448870A - Intelligent contract reentry defect detection method based on dynamic execution information analysis - Google Patents
Intelligent contract reentry defect detection method based on dynamic execution information analysis Download PDFInfo
- Publication number
- CN113448870A CN113448870A CN202110815065.1A CN202110815065A CN113448870A CN 113448870 A CN113448870 A CN 113448870A CN 202110815065 A CN202110815065 A CN 202110815065A CN 113448870 A CN113448870 A CN 113448870A
- Authority
- CN
- China
- Prior art keywords
- contract
- function
- reentry
- tested
- execution information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000007547 defect Effects 0.000 title claims abstract description 37
- 238000004458 analytical method Methods 0.000 title claims abstract description 23
- 238000001514 detection method Methods 0.000 title abstract description 17
- 238000012360 testing method Methods 0.000 claims abstract description 12
- 238000007781 pre-processing Methods 0.000 claims abstract description 5
- 230000006870 function Effects 0.000 claims description 80
- 238000000034 method Methods 0.000 claims description 27
- 239000003795 chemical substances by application Substances 0.000 claims description 19
- 238000012546 transfer Methods 0.000 claims description 11
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 claims description 4
- 238000004364 calculation method Methods 0.000 claims description 4
- 239000003999 initiator Substances 0.000 claims description 3
- 238000012795 verification Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000014759 maintenance of location Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000004880 explosion Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 231100001261 hazardous Toxicity 0.000 description 1
- 238000013178 mathematical model Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention relates to an Ethernet intelligent contract reentry defect detection method based on dynamic execution information analysis, which comprises the following steps: step 1) preprocessing a contract to be tested; step 2), constructing an attack contract; step 3) deploying the contract to be tested and the attack contract; step 4), randomly generating executable transactions; step 5) collecting dynamic execution information; step 6), analyzing the dynamic execution information and detecting harmful reentrancy; and 7) repeating the steps 4) -6), if harmful reentry is detected, the contract has reentry defects, and if the execution time executionTime is larger than the test time limit t, the contract is safe. The technical scheme improves the automation degree of the re-entry defect detection, and has high accuracy, low false alarm rate and high code coverage rate.
Description
Technical Field
The invention relates to a detection method, in particular to an intelligent contract reentry defect detection method based on dynamic execution information analysis, and belongs to the field of intelligent contract defect detection of a block chain system.
Background
The block chain technology is concerned by all circles because of the characteristics of decentralization, persistence, anonymity, auditability and the like, is applied to various scenes such as digital currency, voting and the like, and solves the problem of excessive dependence of the digital transaction field on a trusted third party. Etherhouses are one of the most used blockchain platforms today, and support developers to write intelligent contracts to achieve various purposes. However, due to the characteristics of the etherhouse virtual machine and the complexity of the solid language used to write the intelligent contracts, defects often exist in the intelligent contracts. Reentry defects are one of the most complex and most hazardous defects, once the DAO event, resulted in a loss of over 6000 million dollars and forced the ether house to make hard splits.
At present, the existing re-entry defect detection methods mainly include: pattern matching, symbolic execution, taint analysis, formal verification, and the like. The pattern matching method comprises the steps of extracting contract source code information by using an abstract syntax tree, storing syntax and semantic information of the contract source code in an intermediate form of xml, own and the like, constructing a defect pattern by using a corresponding query statement, searching whether a reentry defect exists in the source code or not, wherein the code representation form of the reentry defect is very complicated, the artificially constructed defect pattern is difficult to cover all possibilities, and the false alarm rate is high. The symbolic execution method uses symbols to replace variables to simulate execution contracts, explores all paths possibly executed by the contracts to find reentry defects, faces two problems of path explosion and path reachability analysis, and most of the existing tools do not consider the path reachability, so that the false alarm rate is high. The taint analysis judges whether the data is repeatedly modified by using a taint marking mode for the key data so as to judge whether a reentry defect exists, but most of the existing tools carry out taint analysis by reproducing the existing transaction of a public chain or manually transmitting the transaction on a test chain, and the reentry defect detection of the contracts which are not linked up is difficult to carry out automatically. The formal verification method verifies the characteristic attribute of the contract by using a mathematical model, and has high difficulty, difficult automation of the modeling process and great labor investment. Therefore, an automatic intelligent contract reentry defect detection method with low false alarm rate is needed.
Disclosure of Invention
The invention provides an Ethernet intelligent contract reentry defect detection method based on dynamic execution information analysis, which aims at the problems in the prior art.
In order to achieve the above object, the technical solution of the present invention is as follows, a method for detecting a defect of reentry of an intelligent house contract based on dynamic execution information analysis, the method comprising the steps of:
step 1) preprocessing a contract to be tested;
and compiling the contract to be tested to obtain the byte code Bytecode and the binary interface information ABI of the contract. Analyzing the binary interface information to obtain the function prototype functional protocol type of each function of the contract to be testediAnd constructing a candidate function functional Candidate according to the function prototypei={Function_namei,Function_selectori,Function_parametersiWhere Function _ nameiFunction _ selector as Function nameiFunction _ parameters as Function selectorsiIs the set of parameter types required by the function. The calculation formula of the function selector is as follows:
Function_selector=bytes4(keccak256(functionPrototype))
candidate functions are added to the function candidate pool functional candidatepool.
Step 2), constructing an attack contract;
reentry refers to: during the execution of a transaction, contract A makes external calls to invoke functions in contract B, which in turn invokes the procedures of the functions in contract A.
And constructing an attack contract Agent. The Agent has the following functions: and the Agent calls a function modified by payable in the contract to be tested and transfers the account, the Agent calls any function in the testconnect, and the Agent reenters any function of the contract to be tested through the fallback function.
Step 3) deploying the contract to be tested and the attack contract;
sending a transaction, deploying a contract to be tested and an attack contract into a test chain, and acquiring a contract address testConnectAddr and an attack contract address AgentAddr to be tested;
step 4), randomly generating executable transactions;
randomly selecting a candidate function functional Candidate in a candidate pool functional Candidate PooliAnd functional Candidatej(i and j may be equal), as the first called target first and the re-entered target retention, respectively, according to the parameter type Function _ parameters in the candidate Function, randomly generating a legal parameter value paraValue to constitute an executable transaction.
Step 5) collecting dynamic execution information;
acquiring dynamic execution information stepInfo executed by each step in the EtherFang virtual machine in the executable transaction generated in the step 4)iThe method includes the steps of { opcode, stack, storage, callerAddr }, where opcode is an instruction executed by the EVM, stack is a variable value in a current stack, storage is a variable value in a current store, callerAddr is an initiator address of a call, and callerAddr is a target address of a call.
Step 6) detecting harmful reentrance;
and constructing a contract calling chain callList according to the information of the callerAddr and the calleAddr acquired in the step 5), wherein the node represents an address on the contract calling chain, and the edge represents a calling relation. If the contract address to be tested appears twice in the contract calling chain, reentry occurs. If the reentry occurs, judging whether the transfer operation is carried out or the variable value of the same address in the storage is modified for many times after the reentry, if the operation is carried out, the reentry is harmful, otherwise, the reentry is safe.
And 7) repeating the steps 4) to 6), if harmful reentry is detected, the contract has reentry defects, and if the execution time executionTime is greater than the test time limit t, the contract is safe.
As a refinement of the invention, the detection of harmful reentrants described in step 6) has the following steps:
(1) and constructing a contract calling chain callList according to the callerrAddr and the calleAddr information acquired in the step 5), wherein the node represents an address on the contract calling chain, the edge represents a calling relation, and whether reentry occurs is judged based on the callList. Specifically, as follows, the following description will be given,
1) acquiring callerAddr and calleAddr of stepInfo from the execution log;
2) judging whether the contract calling chain callList is empty or not, if so, executing the step 3), and otherwise, executing the step 4);
3) adding the callerAddr and the calleAddr to the callList, and returning to the step 1);
4) judging whether the callerAddr is the same as the address stored by the callList chain tail node, if so, executing the step 5), and if not, executing the step 6);
5) add callereAddr to callList, go to step 7)
6) Deleting the chain tail node, and returning to 2) to continue executing;
7) judging whether the contract address to be detected appears twice in the chain, if so, detecting the reentry, otherwise, returning to the step 1)
(2) When the reentry is detected, judging whether to carry out transfer operation or modify variable values of the same address in the storage for multiple times after the reentry, if the operation is carried out, then the reentry is harmful, otherwise, the reentry is safe, the judgment is specifically as follows,
1) transfer operation: StepInfoiOf (5), stepInfoi.opcode=CALL,stepInfoi.stack[2]>0;
2) Modifying variable values of the same address in storage for multiple times: StepInfoi.opcode=stepInfoj.opcode=SSTORE,stepInfoi.stack[0]=stepInfoj.stack[0],i≠j。
Compared with the prior art, the invention has the advantages that 1) the technical scheme improves the automation degree of the re-entry defect detection, in the method, the deployment of the contract to be detected, the random generation and execution of the transaction and the collection and analysis of the dynamic execution information are all completed by the program in a full-automatic way, compared with the prior stain analysis and formal verification method, the automation degree of the detection is greatly improved, and the labor cost is reduced; 2) the technical scheme has high accuracy and low false alarm rate, and the method divides the detection of the reentry defect into two steps of finding the reentry and judging whether the reentry is harmful or not, thereby screening out legal and purposeful reentry and reducing false alarms. In addition, the method analyzes whether harmful reentry occurs or not based on the dynamic execution information, once found, the reentry defect can be triggered certainly, the problem of an inaccessible path does not exist, and compared with symbolic execution, the method greatly improves the accuracy rate and reduces the false alarm rate. Compared with the traditional mode matching based on the source code, the method has the advantages that based on the analysis of the dynamic information such as the opcode, the complexity of compiling the source code does not need to be considered, the difficulty of feature extraction is greatly reduced, and the accuracy is improved; 3) the scheme has high code coverage rate. The method adopts dynamic execution information analysis, all functions in the contract to be tested are in a candidate pool, and the generation of parameter values also adopts a random strategy completely. In case the time limit of one detection is long enough, all possible execution paths can be covered, and thus the code coverage is high.
Drawings
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a diagram of contract codes under test;
FIG. 3 is an attack contract code diagram;
FIG. 4 is a candidate pool of contracts under test;
FIG. 5 is dynamic information for a one-step execution;
FIG. 6 is a contract invocation chain;
fig. 7 is an execution record judged to be harmful to reentry.
The specific implementation mode is as follows:
for the purpose of enhancing an understanding of the present invention, the present embodiment will be described in detail below with reference to the accompanying drawings.
Example 1: referring to fig. 1, a method for detecting defects of an intelligent entrance to an ethernet bay based on dynamic execution information analysis, the method comprising the steps of:
step 1) preprocessing a contract to be tested;
and compiling the contract to be tested to obtain the byte code Bytecode and the binary interface information ABI of the contract. Analyzing the binary interface information to obtain the function prototype functional protocol type of each function of the contract to be testediAnd constructing a candidate function functional Candidate according to the function prototypei={Function_namei,Function_selectori,Function_parametersiWhere Function _ nameiFunction _ selector as Function nameiFunction selector, Function \ uparametersiIs the set of parameter types required by the function. The calculation formula of the function selector is as follows:
Function_selector=bytes4(keccak256(functlonPrototype))
candidate functions are added to the function candidate pool functional candidatepool.
Step 2), constructing an attack contract;
and constructing an attack contract Agent. The Agent has the following functions: and the Agent calls a function modified by payable in the contract to be tested and transfers the account, the Agent calls any function in the testconnect, and the Agent reenters any function of the contract to be tested through the fallback function.
Step 3) deploying the contract to be tested and the attack contract;
sending a transaction, deploying a contract to be tested and an attack contract into a test chain, and acquiring a contract address testConnectAddr and an attack contract address AgentAddr to be tested;
step 4), randomly generating executable transactions;
randomly selecting a candidate function functional Candidate in a candidate pool functional Candidate PooliAnd functional Candidatej(i and j may be equal), as the first called target first and the re-entered target retention, respectively, according to the parameter type Function _ parameters in the candidate Function, randomly generating a legal parameter value paraValue to constitute an executable transaction.
Step 5) collecting dynamic execution information;
acquiring dynamic execution information stepInfo executed by each step in the EtherFang virtual machine in the executable transaction generated in the step 4)iThe method includes the steps of { opcode, stack, storage, callerAddr }, where opcode is an instruction executed by the EVM, stack is a variable value in a current stack, storage is a variable value in a current store, callerAddr is an initiator address of a call, and callerAddr is a target address of a call.
Step 6) detecting harmful reentrance;
and constructing a contract calling chain callList according to the information of the callerAddr and the calleAddr acquired in the step 5), wherein the node represents an address on the contract calling chain, and the edge represents a calling relation. If the contract address to be tested appears twice in the contract calling chain, reentry occurs. If the reentry occurs, judging whether the transfer operation is carried out or the variable value of the same address in the storage is modified for many times after the reentry, if the operation is carried out, the reentry is harmful, otherwise, the reentry is safe.
And 7) repeating the steps 4) to 6), if harmful reentry is detected, the contract has reentry defects, and if the execution time executionTime is greater than the test time limit t, the contract is safe.
The specific embodiment is as follows: referring to fig. 1-7, an intelligent contract reentry defect detection method based on dynamically performed information analysis, the method comprising the steps of:
the contract to be tested is about the DAO contract shown in fig. 2.
Step 1) preprocessing a contract to be tested;
and compiling the contract to be tested to obtain the byte code Bytecode and the binary interface information ABI of the contract. Analyzing the binary interface information to obtain the function prototype functional protocol type of each function of the contract to be testediThe results are as follows:
functionPrototypedonate=donate(address);
functionPrototypewithdraw=withdraw(uint256);
constructing candidate Function _ candidate according to Function prototypei={Function_namei,Function_selectori,Function_parametersiWhere Function _ nameiFunction _ selector as Function nameiFunction _ parameters as Function selectorsiIs the set of parameter types required by the function. The calculation formula of the function selector is as follows:
Function_selector=bytes4(keccaak256(functionPrototype));
the function selector calculates the following:
Function_selectordonate=bytes4(keccak256(functionPrototypedonate))=00362a95
Function_selectorwithdraw=bytes4(keccak256(functionPrototypewithdraw))=2e1a7d4d
the candidate functions constructed were as follows:
Function_candidate1={Function_name1:{donate},Function_selector1:{00362a95},Function_parameter1:{address}}
Function_candidate2={Function_name2:{withdraw},Function_selector2:{2e1a7d4d},Function_parameter2:{uint}}
the candidate pool functional candidatepool is shown in fig. 4.
Step 2), constructing an attack contract;
the construction of the attack contract Agent is shown in fig. 3. The Agent calls a function modified by payable in the contract to be tested through a callPayable function and transfers the account, the Agent calls any function in the testconnect through an attack function, and the Agent reenters any function of the contract to be tested through a fallback function.
Step 3) deploying the contract to be tested and the attack contract;
sending a transaction, deploying a contract to be tested and an attack contract into a test chain, and acquiring a contract address to be tested and an attack contract address, wherein the result is as follows:
testedContractAddr=0x95423402D61eEFe885E74B30A05673C6af4da571
AgentAddr=0xed82f158F6c2426dD1ca8B2557faf988946D4e0A
step 4), randomly generating executable transactions;
randomly selecting a candidate function functional Candidate in a candidate pool functional Candidate PooliAnd functional Candidatej(i, j may be equal), which are the target first and target reentered for the first call, respectively, the results are as follows:
first=candidate2
reentrancy=candidate2
the randomly generated parameter value paraValue constitutes an executable transaction according to the parameter type Function _ parameters in the candidate Function candidate, and the result of randomly generating paraValue is as follows:
paraValuefirst=1
paraValuereentrancy=123
step 5) collecting dynamic execution information;
acquiring dynamic execution information stepInfo executed by each step in the EtherFang virtual machine in the executable transaction generated in the step 4)i= opcode, stack, storage, callerAddr, callereaddr }. FIG. 5 is an example of dynamic execution information for a one-step execution, where:
opcode=EQ
stack={0xf8b2cb4f,0xf8b2cb4f,0xdb0fb107}
storage=null
callerAddr=0x95423402D61eEFe885E74B30A05673C6af4da571
calleeAddr=0xed82f158F6c2426dD1ca8B2557faf988946D4e0A
step 6) detecting harmful reentrance;
and constructing a contract calling chain callList according to the information of the callerAddr and the calleAddr acquired in the step 5), wherein the node represents an address on the contract calling chain, and the edge represents a calling relation. The callList constructed in this example is shown in fig. 6, where the tetedcontractaddr appears twice, and the reentry is judged to have occurred.
And analyzing dynamic execution information after the reentry occurs, and judging whether the reentry is harmful or not. The dynamic execution information shown in fig. 7 is detected, wherein opcode is CALL, and stack [2] is 0x7b >0, and the transfer operation is performed, and the re-entry is determined to be harmful.
And 7) finding harmful reentry, wherein the contract has reentry defects.
It should be noted that the above-mentioned embodiments are not intended to limit the scope of the present invention, and all equivalent modifications and substitutions based on the above-mentioned technical solutions are within the scope of the present invention as defined in the claims.
Claims (7)
1. A method for detecting the defects of the reentry of an Ether intelligent contract based on dynamic execution information analysis is characterized by comprising the following steps:
step 1) preprocessing a contract to be tested;
step 2), constructing an attack contract;
step 3) deploying the contract to be tested and the attack contract;
step 4), randomly generating executable transactions;
step 5) collecting dynamic execution information of the test case;
step 6) detecting harmful reentrance;
and 7) repeating the steps 4) to 6), if harmful reentry is detected, the contract has reentry defects, and if the execution time executionTime is greater than the test time limit t, the contract is safe.
2. The method for detecting the reentry defect of the intelligent Ethernet contracts based on the dynamic execution information analysis according to claim 1, wherein the contract to be detected is preprocessed in the step 1); compiling the contract to be tested, acquiring byte codes Bytecode and binary interface information ABI of the contract to be tested, analyzing the binary interface information, and acquiring a function prototype functional protocol type of each function of the contract to be testediAnd constructing a candidate function functional Candidate according to the function prototypei={Function_namei,Function_selectori,Function_parametersiWhere Function _ nameiFunction _ selector as Function nameiFunction _ parameters as Function selectorsiFor the set of parameter types required by the function, the calculation formula of the function selector is:
Function_selector=bytes4(keccak256(functionPrototype))
candidate functions are added to the function candidate pool functional candidatepool.
3. The method for detecting the defects of the Etherhouse intelligent contracts reentry based on the dynamic execution information analysis as claimed in claim 2, wherein the step 2) is used for constructing attack contracts; specifically, an attack contract Agent is constructed, and the Agent has the following functions: and the Agent calls a function modified by payable in the contract to be tested and transfers the account, the Agent calls any function in the testconnect, and the Agent reenters any function of the contract to be tested through the fallback function.
4. The method for detecting the defects of the Etherhouse intelligent contract reentry based on the dynamic execution information analysis according to the claim 3, characterized in that, the step 3) deploys the contracts to be detected and attack contracts; specifically, the transaction is sent, the contract to be tested and the attack contract are deployed into the test chain, and the contract address testdcontractdr and the attack contract address AgentAddr to be tested are obtained.
5. The method for detecting the defects of the Etherhouse intelligent contract reentry based on the dynamic execution information analysis according to the claim 3 or 4, characterized in that the step 4) randomly generates executable transactions; specifically, the candidate function functional Candidate in the candidate pool functional Candidate Pool is randomly selected as followsiAnd functional CandidatejAnd randomly generating legal parameter value paraValue according to the parameter type Function _ parameters in the candidate Function candidate as the target first called and the target reentered, respectively, to form the executable transaction.
6. The method for detecting the defects of the Etherhouse intelligent contract reentry based on the dynamic execution information analysis according to claim 5, characterized in that step 5) collects the dynamic execution information; specifically, the dynamic execution information stepInfo executed by each step in the etherhouse virtual machine for executable transaction generated in the step 4) is obtainediThe method includes the steps of { opcode, stack, storage, callerAddr }, where opcode is an instruction executed by the EVM, stack is a variable value in a current stack, storage is a variable value in a current store, callerAddr is an initiator address of a call, and callerAddr is a target address of a call.
7. The method for detecting the defects of the entrance to the Etherhouse intelligent contracts based on the dynamic execution information analysis as claimed in claim 6, wherein the step 6) is to detect the harmful entrance; specifically, as follows, the following description will be given,
(1) constructing a contract calling chain callList according to the callerAddr and calleAddr information acquired in the step 5), wherein the node represents an address on the contract calling chain, the edge represents a calling relation, whether reentry occurs is judged based on the callList, specifically as follows,
1) acquiring callerAddr and calleAddr of stepInfo from the execution log;
2) judging whether the contract calling chain callList is empty or not, if so, executing the step 3), otherwise, executing the step 4)
3) Adding callerAddr and callereAddr to callList, returning to step 1)
4) Judging whether the callerAddr is the same as the address stored by the callList chain tail node, if so, executing the step 5), and if not, executing the step 6);
5) add callereAddr to callList, go to step 7)
6) Deleting the chain end node, returning to 2) and continuing to execute
7) Judging whether the contract address to be detected appears twice in the chain, if so, detecting the reentry, otherwise, returning to the step 1)
(2) When the reentry is detected, judging whether to carry out transfer operation or modify variable values of the same address in the storage for multiple times after the reentry, if the operation is carried out, then the reentry is harmful, otherwise, the reentry is safe, the judgment is specifically as follows,
1) transfer operation: StepInfoiOf (5), stepInfoi.opcode=CALL,stepInfoi.stack[2]>0;
2) Modifying variable values of the same address in storage for multiple times: StepInfoi.opcode=stepInfoj.opcode=SSTORE,stepInfoi.stack[0]=stepInfoj.stack[0],i≠j。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110815065.1A CN113448870A (en) | 2021-07-19 | 2021-07-19 | Intelligent contract reentry defect detection method based on dynamic execution information analysis |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110815065.1A CN113448870A (en) | 2021-07-19 | 2021-07-19 | Intelligent contract reentry defect detection method based on dynamic execution information analysis |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113448870A true CN113448870A (en) | 2021-09-28 |
Family
ID=77816702
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110815065.1A Pending CN113448870A (en) | 2021-07-19 | 2021-07-19 | Intelligent contract reentry defect detection method based on dynamic execution information analysis |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113448870A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115292172A (en) * | 2022-08-01 | 2022-11-04 | 哈尔滨工业大学 | Method for improving intelligent contract detection coverage rate, electronic equipment and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180046780A1 (en) * | 2015-04-22 | 2018-02-15 | Antidote Technologies Ltd. | Computer implemented method for determining clinical trial suitability or relevance |
CN109800175A (en) * | 2019-02-20 | 2019-05-24 | 河海大学 | A kind of ether mill intelligence contract reentry leak detection method based on code pitching pile |
CN111563742A (en) * | 2020-05-11 | 2020-08-21 | 西安邮电大学 | Fuzzy testing method for intelligent contract transaction sequence dependence vulnerability variation |
-
2021
- 2021-07-19 CN CN202110815065.1A patent/CN113448870A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180046780A1 (en) * | 2015-04-22 | 2018-02-15 | Antidote Technologies Ltd. | Computer implemented method for determining clinical trial suitability or relevance |
CN109800175A (en) * | 2019-02-20 | 2019-05-24 | 河海大学 | A kind of ether mill intelligence contract reentry leak detection method based on code pitching pile |
CN111563742A (en) * | 2020-05-11 | 2020-08-21 | 西安邮电大学 | Fuzzy testing method for intelligent contract transaction sequence dependence vulnerability variation |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115292172A (en) * | 2022-08-01 | 2022-11-04 | 哈尔滨工业大学 | Method for improving intelligent contract detection coverage rate, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109800175B (en) | Ether house intelligent contract reentry vulnerability detection method based on code instrumentation | |
CN110427331B (en) | Method for automatically generating performance test script based on interface test tool | |
CN108694320B (en) | Method and system for measuring sensitive application dynamic under multiple security environments | |
CN106547520B (en) | Code path analysis method and device | |
CN114996126B (en) | Vulnerability detection method and system for EOSIO intelligent contracts | |
CN110737892B (en) | Detection method aiming at APC injection and related device | |
CN104866764B (en) | A kind of Android phone malware detection method based on object reference figure | |
CN115098863A (en) | Intelligent contract reentry vulnerability detection method based on static and dynamic analysis | |
CN110162474B (en) | Intelligent contract reentry vulnerability detection method based on abstract syntax tree | |
CN113468524A (en) | RASP-based machine learning model security detection method | |
CN113448870A (en) | Intelligent contract reentry defect detection method based on dynamic execution information analysis | |
JPWO2011108584A1 (en) | Application modification site search apparatus and application modification site search method | |
CN105205398A (en) | Shell checking method based on dynamic behaviors of APK (android package) packing software | |
CN117556431B (en) | Mixed software vulnerability analysis method and system | |
CN116305131B (en) | Static confusion removing method and system for script | |
CN117633808A (en) | Method, processor and machine-readable storage medium for vulnerability detection | |
CN110309656B (en) | Implicit type conversion security detection method | |
CN114282227B (en) | Safety analysis and detection method for intelligent contract of Fabric block chain system | |
Su et al. | DeFiWarder: Protecting DeFi Apps from Token Leaking Vulnerabilities | |
CN115495363A (en) | Software testing method, electronic equipment and readable storage medium | |
CN114417347A (en) | Vulnerability detection method, device, equipment, storage medium and program of application program | |
CN117614681B (en) | Method, system, equipment and storage medium for detecting re-entry vulnerability of intelligent contract | |
CN114020278A (en) | Data processing method, device, equipment and storage medium | |
CN111625463B (en) | Program state detection method and device | |
CN114048488B (en) | Vulnerability detection method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |