CN117081818A - Attack transaction identification and interception method and system based on intelligent contract firewall - Google Patents
Attack transaction identification and interception method and system based on intelligent contract firewall Download PDFInfo
- Publication number
- CN117081818A CN117081818A CN202311102742.0A CN202311102742A CN117081818A CN 117081818 A CN117081818 A CN 117081818A CN 202311102742 A CN202311102742 A CN 202311102742A CN 117081818 A CN117081818 A CN 117081818A
- Authority
- CN
- China
- Prior art keywords
- transaction
- contract
- attack
- executing
- protection strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 230000002159 abnormal effect Effects 0.000 claims abstract description 34
- 238000004458 analytical method Methods 0.000 claims abstract description 33
- 230000005856 abnormality Effects 0.000 claims abstract description 15
- 238000012544 monitoring process Methods 0.000 claims abstract description 10
- 238000010586 diagram Methods 0.000 claims description 20
- 230000003068 static effect Effects 0.000 claims description 15
- 238000001514 detection method Methods 0.000 claims description 9
- 238000001914 filtration Methods 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 4
- 238000013528 artificial neural network Methods 0.000 claims description 3
- 230000008878 coupling Effects 0.000 abstract 1
- 238000010168 coupling process Methods 0.000 abstract 1
- 238000005859 coupling reaction Methods 0.000 abstract 1
- 230000006870 function Effects 0.000 description 22
- 238000012360 testing method Methods 0.000 description 5
- 238000012795 verification Methods 0.000 description 5
- 230000006399 behavior Effects 0.000 description 4
- NQLVQOSNDJXLKG-UHFFFAOYSA-N prosulfocarb Chemical compound CCCN(CCC)C(=O)SCC1=CC=CC=C1 NQLVQOSNDJXLKG-UHFFFAOYSA-N 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- RWSOTUBLDIXVET-UHFFFAOYSA-N Dihydrogen sulfide Chemical compound S RWSOTUBLDIXVET-UHFFFAOYSA-N 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an attack transaction identification and interception method and system based on an intelligent contract firewall, wherein the method comprises the steps of deploying a firewall agent contract in a transaction inlet of the intelligent contract in advance; executing firewall agent contracts when detecting that the transaction enters the protected intelligent contracts, and carrying out parameter analysis on the transaction; forwarding the transaction to different protection strategy contracts according to the parameter analysis result; detecting whether transaction abnormality exists by monitoring contract state and analyzing transaction data; if so, executing the corresponding protection strategy contract according to the abnormal result. The invention can realize the comprehensive protection of the intelligent contract chain in the uplink, improves the coverage range and accuracy of the intelligent contract security, and minimally avoids the coupling degree related to the intelligent contract business, thereby being applicable to detecting all loopholes related to reentry and price forecasting machines.
Description
Technical Field
The invention relates to the technical field of blockchains, in particular to an attack transaction identification and interception method and system based on an intelligent contract firewall.
Background
Protecting digital assets on a chain is critical to blockchain-based services. Hacking has occurred frequently in recent years to centralize the events of the application ecosystem. Reentry vulnerabilities and price predictors manipulate vulnerabilities as more common vulnerabilities on both types of chains. Existing protection techniques against reentry attacks detect potential reentry vulnerabilities, for example, by static analysis of smart contract source code; detecting a reentry attack by performing an actual execution and a simulation test on the smart contract; modeling and analyzing the intelligent contract using digital reasoning and formal verification techniques to detect vulnerabilities and logic errors; an OpenZeppelin smart contract development framework is employed to prevent reentry attacks. Protection techniques exist for price prophetic machine manipulation attacks, for example by comparing price data of different prophetic machines to detect potential manipulation attacks.
However, the protection techniques described above for reentry attacks and predictive engine manipulation attacks have several drawbacks. In the protection technology aiming at reentry attack, static analysis only can analyze static codes of contracts and cannot cover all possible dynamic behaviors; dynamic testing and simulation tools have limited coverage for complex contracts and large-scale testing, and cannot cover all possible input conditions; modeling and analysis processes of formal verification are complex, expertise and time investment are needed, and support for complex contracts and new characteristics is limited; the OpenZeppelin re-entry lock scheme requires that code be manually added in the contract to prevent re-entry attacks, increasing development costs for developers, and if multiple functions are provided with re-entry locks, increasing contract deployment costs and call costs. In a guard technique against prophetic-agent manipulation attacks, a developer may not be able to choose a reliable and efficient prophetic agent, and a single prophetic agent is also at risk of being manipulated by a hacker, thereby providing false or manipulated price data. Moreover, when multiple predictors are incorporated into an agreement, performing weighted calculation of the price of the predictors may lead to a surge in gas costs per acquisition of the price of the associated token on the chain.
The prior art mainly focuses on the protection measures before the contract is winded in the aspects of protecting the reentry attacks and the prophetic machine operation attacks, once the problems occur after the contract is winded, the problems are difficult to solve, and the capability of the prior art for monitoring and intercepting the attacks in real time is limited. Thus, there is a need for a method that can provide security protection for smart contracts that are vulnerable to on-chain.
Disclosure of Invention
Aiming at the defects of the prior art in terms of protection against reentry attacks and prophetic machine manipulation attacks, the invention aims to provide an attack transaction identification and interception method and system based on an intelligent contract firewall.
In a first aspect, an embodiment of the present invention provides an attack transaction identifying and intercepting method based on an intelligent contract firewall, including:
deploying a firewall agent contract at a transaction portal of the intelligent contract in advance;
executing the firewall agent contract when detecting that a transaction enters a protected intelligent contract, and carrying out parameter analysis on the transaction;
forwarding the transaction to different protection strategy contracts according to the parameter analysis result;
detecting whether transaction abnormality exists by monitoring contract state and analyzing transaction data;
if so, executing a corresponding protection strategy contract according to the abnormal result; the abnormal result at least comprises price manipulation, reentry attack and authority control, and the corresponding protection strategy contract at least comprises price manipulation protection strategy contract, reentry attack protection strategy contract and authority control protection strategy contract.
Preferably, the detecting whether the transaction abnormality exists by monitoring the contract state and analyzing the transaction data includes:
acquiring information of all sub-calls in the transaction call; the information of the sub-call comprises contract addresses for carrying out transaction in the recursive sub-call and the sub-call and parameter information used in the transaction;
constructing a path diagram of the sub-call according to the information of the sub-call, and obtaining a corresponding flow diagram according to the data flow and the control flow of the sub-call of the existing security attack transaction;
and obtaining the similarity of the path diagram and the flow diagram by using a graph neural network, and judging whether the transaction is abnormal or not according to the similarity.
Preferably, if the protection policy contract exists, executing the corresponding protection policy contract according to the abnormal result, including:
if the abnormal result is a reentrant attack, executing the reentrant attack protection policy contract, including:
filtering transactions in the contract call that do not contain the state variables according to the state variables in the protected intelligent contract;
and carrying out constraint solving on the control flow of the transaction through a symbol execution tool and a solver to obtain a function execution path set of the transaction under different constraint conditions, simulating a possible execution path of the transaction according to the function execution path set, and intercepting the transaction if a manipulation loop of the same state variable is found.
Preferably, if the abnormal result is a reentry attack, executing the reentry attack protection policy contract, and further including:
and locking the state variable, and intercepting the transaction if the locking fails.
Preferably, the method further comprises:
if the abnormal result is price manipulation, executing the price manipulation protection strategy contract, including:
detecting variable dependency relations in the protected intelligent contracts through a contract code static analysis tool to obtain a sensitive variable set;
searching a corresponding liquidity pool on a chain according to the sensitive variable set, detecting whether the liquidity pool is operated, and intercepting the transaction if the liquidity pool is operated.
Preferably, the detecting, by the contract code static analysis tool, the variable dependency relationship in the protected intelligent contract to obtain the sensitive variable set includes:
detecting variables in the protected smart contract that depend on the liquidity pool or the token balance using a contract code static analysis tool;
judging whether the variable is used for operating the sensitive fund, if so, determining the variable as the sensitive variable.
Preferably, the detecting whether the mobile pool is operated, if so, intercepting the transaction includes:
acquiring real-time prices of the under-chain exchanges, and integrating the latest prices of DEX on the chain to perform weighted calculation so as to obtain reference prices of predictors;
and comparing the reference price of the predictor with the price of the liquidity pool, and judging that the liquidity pool is operated if the difference exceeds a preset threshold value, and intercepting the transaction.
In a second aspect, an embodiment of the present invention further provides an attack transaction identifying and intercepting system based on an intelligent contract firewall, including:
the contract deployment module is used for deploying firewall agent contracts at the transaction entrance of the intelligent contract in advance;
the parameter analysis module is used for executing the firewall agent contract when detecting that a transaction enters the protected intelligent contract, and carrying out parameter analysis on the transaction;
the transaction forwarding module is used for forwarding the transaction to different protection strategy contracts according to the parameter analysis result;
the transaction detection module is used for detecting whether transaction abnormality exists or not by monitoring contract states and analyzing transaction data;
the protection strategy contract executing module is used for executing corresponding protection strategy contracts according to abnormal results when transaction abnormality exists; the abnormal result at least comprises price manipulation, reentry attack and authority control, and the corresponding protection strategy contract at least comprises price manipulation protection strategy contract, reentry attack protection strategy contract and authority control protection strategy contract.
Preferably, the protection policy contract execution module includes:
the reentry attack detection module is configured to execute the reentry attack protection policy contract when the abnormal result is a reentry attack, and includes:
filtering transactions in the contract call that do not contain the state variables according to the state variables in the protected intelligent contract;
and carrying out constraint solving on the control flow of the transaction through a symbol execution tool and a solver to obtain a function execution path set of the transaction under different constraint conditions, simulating a possible execution path of the transaction according to the function execution path set, and intercepting the transaction if a manipulation loop of the same state variable is found.
Preferably, the method further comprises:
a price manipulation detection module for executing the price manipulation protection policy contract when the abnormal result is price manipulation, comprising:
detecting variable dependency relations in the protected intelligent contracts through a contract code static analysis tool to obtain a sensitive variable set;
searching a corresponding liquidity pool on a chain according to the sensitive variable set, detecting whether the liquidity pool is operated, and intercepting the transaction if the liquidity pool is operated.
Compared with the prior art, the attack transaction identification and interception method and system based on the intelligent contract firewall have the beneficial effects that: by deploying firewall agent contracts and detecting transaction anomalies at the transaction portal of the intelligent contract, comprehensive protection of the intelligent contract link under the uplink is realized, and the coverage range and accuracy of intelligent contract security are improved. The firewall can identify and intercept malicious transactions related to the reentrant vulnerability without depending on specific business logic, and provides more reliable and efficient reentrant vulnerability protection. Moreover, the firewall can detect price prophetic machine abnormality and manipulation behavior and provide reliable price data, thereby reducing the burden of a developer in selecting a reliable prophetic machine and configuring price verification.
Drawings
Fig. 1 is a flow chart of an attack transaction recognition and interception method based on an intelligent contract firewall according to an embodiment of the invention.
Fig. 2 is another schematic diagram of an attack transaction recognition and interception method based on an intelligent contract firewall according to an embodiment of the invention.
FIG. 3 is a flowchart illustrating steps performed by the protection policy contract according to an embodiment of the present invention.
FIG. 4 is a schematic diagram of a reentrant attack protection policy contract according to an embodiment of the present invention.
Fig. 5 is a schematic diagram of a price manipulation protection policy contract in accordance with an embodiment of the invention.
Fig. 6 is a schematic structural diagram of an attack transaction recognition and interception system based on an intelligent contract firewall according to an embodiment of the invention.
FIG. 7 is a schematic diagram of a security policy contract execution module according to an embodiment of the invention.
Detailed Description
The following describes in further detail the embodiments of the present invention with reference to the drawings and examples. The following examples are illustrative of the invention and are not intended to limit the scope of the invention.
In the description of the present invention, it should be understood that the term "DEFI" is used in the present invention, and the decentralized finance (Decentralized Finance, DEFI for short) is an encrypted finance system that does not rely on a centralized financial institution or transaction site;
the term "DEX" is used, and the decentralized exchange (Decentralized Exchange, DEX for short) is a cryptocurrency exchange operating on a decentralized platform.
As shown in fig. 1, the embodiment of the invention provides an attack transaction identification and interception method based on an intelligent contract firewall, which comprises the following steps:
s1, deploying a firewall agent contract in advance at a transaction portal of an intelligent contract;
a firewall agent contract is deployed as an portal in the smart contract that is responsible for receiving all transactions into the protected smart contract. The smart contract firewall is similar to a traditional firewall, and is used as an entrance of a protected smart contract project, and is used for providing pluggable protection services for the deployed smart contract project.
S2, executing a firewall agent contract when detecting that a transaction enters a protected intelligent contract, and carrying out parameter analysis on the transaction;
external calls to firewall agents are inserted in functions of the protected intelligent contracts. When a transaction enters a firewall agent contract portal, it enters a parameter resolution contract for the firewall. The parameter resolution contract processes function calls and parameter information contained in the transaction data.
S3, forwarding the transaction to different protection strategy contracts according to the parameter analysis result;
and forwarding the transaction to different protection policy contracts according to the parameter analysis result and by combining the configuration rules and policies of the user.
In one embodiment, the contract project developer constructs a map of the function signature to be protected as a key address corresponding to the different security modules, and stores the map in the filter contract. When a transaction interacts with a function in a contract in the DEFI project, the closing date forwards the function signature information of the transaction to a filter contract, and the filter contract forwards the transaction to a different protection strategy contract according to the function signature information.
S4, detecting whether transaction abnormality exists or not by monitoring contract states and analyzing transaction data;
intelligent contracts are analyzed using fuzzy testing, static analysis, and Z3 solver techniques. Wherein the fuzzy test detects vulnerabilities in the contract by inputting data of an anomaly or a boundary condition. For example, security of a smart contract is detected by entering unusual parameter values or unexpected series of transactions.
The ethernet under-link framework runs an archive node, which can use the debug_trace method to obtain information of all subcommands in the transaction calls that have been sent to the memory pool but not yet up-link, where the information of the subcommands includes recursive subcommands and which contract addresses the subcommands transact with, and parameter information used in the transaction.
Constructing a path diagram of the sub-call according to the information of the sub-call, summarizing the data flow and the control flow of the sub-call of the security attacks according to the existing security attacks to obtain a corresponding flow diagram, then matching the similarity of diagram information of the transaction to be predicted and diagram information of the attack which has occurred, namely quantitatively calculating by using a diagram neural network method to obtain the similarity of the path diagram and the flow diagram, and judging whether the transaction is abnormal according to the similarity.
S5, if the protection policy contract exists, executing the corresponding protection policy contract according to the abnormal result.
If the similarity is higher than a preset threshold, judging that the transaction is abnormal. And executing corresponding protection strategy contracts according to the abnormal result, wherein the abnormal result at least comprises price manipulation, reentry attack and authority control, and the corresponding protection strategy contracts at least comprise price manipulation protection strategy contracts, reentry attack protection strategy contracts and authority control protection strategy contracts.
Further, the method for identifying and intercepting attack transaction based on the smart contract firewall in this embodiment can also refer to fig. 2.
In one embodiment, step S5, as shown in fig. 3, includes:
s501, if the abnormal result is reentrant attack, executing a reentrant attack protection policy contract;
in particular, the reentry attack protection policy contract is shown in FIG. 4, and the call relationship in the transaction includes a primary contract call and a reentry contract call. Wherein, the re-entry contract call is called to the same contract for the nth time. Transactions in the contract call that do not contain state variables are filtered based on the state variables in the protected intelligent contract. The model sol contract holds state variables in the protected smart contract. Constraint solving is carried out on the control flow of the transaction through a symbol execution tool Manticore and a Z3 solver, a function execution path set of the transaction under different constraint conditions is obtained, a possible execution path of the transaction is simulated according to the function execution path set, and if a manipulation loop of the same state variable is found, the transaction is intercepted.
Further, a state variable in the protected smart contract is locked, and if the locking fails, meaning that the state variable has been modified but not written back, the transaction is intercepted. By controlling flow analysis and state variable locking, the firewall is able to identify and intercept malicious transactions related to reentrant vulnerabilities, independent of specific business logic. The reentry attack protection policy contract is applicable to various intelligent contract projects, and provides more reliable and efficient reentry vulnerability protection.
S502, if the abnormal result is price manipulation, executing a price manipulation protection strategy contract;
price manipulation attacks result in asset valuation errors by manipulating the variables of key sensitive funds operations from which an attacker obtains illegal benefits. Characteristics of the attack include critical liquidity pool token amount anomalies and certain address token balance anomalies.
Specifically, as shown in fig. 5, the present embodiment detects, through a contract code static analysis tool slit, which variables in the protected smart contract depend on a liquidity pool or a token balance, and determines whether to use the contract in a sensitive fund operation, if so, determines that the variable is a sensitive variable, and forms a sensitive variable set V. And detecting variable dependency relations in the protected intelligent contracts by using a contract code static analysis tool slit to generate a function variable operation table R. The symbol execution tool Manticore and the Z3 solver are used for finding a function execution path set F under different constraint conditions, and a corresponding constraint condition set S is output. When the transaction occurs, filtering the transaction which does not contain the state variable in the contract call according to the state variable in the protected intelligent contract, determining one or more function call path sets F 'in the constraint condition set S according to the input parameter, acquiring corresponding function call paths according to the function call path sets F', and searching a sensitive variable set V which can be controlled according to the function variable operation table R.
Searching a corresponding mobility pool P maintained by the firewall on a chain according to the sensitive variable set V, detecting whether the mobility pool is operated, and intercepting the transaction if the mobility pool is operated, wherein the specific process is as follows:
acquiring real-time prices of the under-chain exchanges, and integrating the latest prices of DEX on the chain to perform weighted calculation so as to obtain reference prices of predictors;
and comparing the reference price of the predictor with the price of the liquidity pool, and judging that the liquidity pool is operated and intercepting the transaction if the difference exceeds a preset threshold. In this embodiment, the preset threshold value is preferably set to be 5%, and if the difference between the reference price of the predictor and the price of the fluidity pool exceeds 5%, the reference price of the predictor is preferentially used; otherwise, the price of the liquidity pool is selected to ensure the stability and reliability of price decision. Of course, the preset threshold value in this embodiment may be adaptively adjusted according to the design requirement of the firewall, if the design requirement is high, a smaller preset threshold value may be set, otherwise, the preset threshold value may be correspondingly increased.
The embodiment of the invention provides an attack transaction identification and interception method based on an intelligent contract firewall. The firewall can identify and intercept malicious transactions related to the reentrant vulnerability without depending on specific business logic, and provides more reliable and efficient reentrant vulnerability protection. Moreover, the firewall can detect price prophetic machine abnormality and manipulation behavior and provide reliable price data, thereby reducing the burden of a developer in selecting a reliable prophetic machine and configuring price verification.
As shown in fig. 6, based on the attack transaction identification and interception method, the embodiment of the invention further provides an attack transaction identification and interception system based on an intelligent contract firewall, which comprises:
the contract deployment module 1 is used for deploying firewall agent contracts at a transaction portal of the intelligent contract in advance;
the parameter analysis module 2 is used for executing a firewall agent contract when detecting that a transaction enters a protected intelligent contract, and carrying out parameter analysis on the transaction;
the transaction forwarding module 3 is used for forwarding the transaction to different protection policy contracts according to the parameter analysis result;
the transaction detection module 4 is used for detecting whether transaction abnormality exists by monitoring contract states and analyzing transaction data;
the protection policy contract executing module 5 is used for executing corresponding protection policy contracts according to abnormal results when transaction abnormality exists; the abnormal results at least comprise price manipulation, reentry attack and authority control, and the corresponding protection policy contracts at least comprise price manipulation protection policy contracts, reentry attack protection policy contracts and authority control protection policy contracts.
In a specific embodiment, the protection policy contract execution module 5, as shown in fig. 7, includes:
the reentry attack detection module 51 is configured to execute a reentry attack protection policy contract when the abnormal result is a reentry attack, and includes:
filtering transactions that do not contain state variables in the contract call according to the state variables in the protected intelligent contract;
constraint solving is carried out on the control flow of the transaction through a symbol execution tool and a solver, a function execution path set of the transaction under different constraint conditions is obtained, a possible execution path of the transaction is simulated according to the function execution path set, and if a manipulation loop for the same state variable is found, the transaction is intercepted.
A price manipulation detection module 52 for executing a price manipulation protection policy contract when the abnormal result is a price manipulation, comprising:
detecting variable dependency relations in the protected intelligent contracts through a contract code static analysis tool to obtain a sensitive variable set;
searching a corresponding liquidity pool on the chain according to the sensitive variable set, detecting whether the liquidity pool is operated, and intercepting the transaction if the liquidity pool is operated.
It should be noted that, each module in the attack transaction recognition and interception system based on the smart contract firewall may be implemented in whole or in part by software, hardware, and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules. Specific limitation regarding an attack transaction recognition and interception system based on an intelligent contract firewall refers to the limitation on an attack transaction recognition and interception method based on an intelligent contract firewall, and the two have the same functions and roles, which are not described herein.
In summary, the embodiment of the invention provides an attack transaction identification and interception method and system based on an intelligent contract firewall, which realize comprehensive protection of intelligent contract link up and down by deploying firewall agent contracts and detecting transaction anomalies at a transaction portal of an intelligent contract, thereby improving the coverage and accuracy of intelligent contract security. The firewall can identify and intercept malicious transactions related to the reentrant vulnerability without depending on specific business logic, and provides more reliable and efficient reentrant vulnerability protection. Moreover, the firewall can detect price prophetic machine abnormality and manipulation behavior and provide reliable price data, thereby reducing the burden of a developer in selecting a reliable prophetic machine and configuring price verification.
In this specification, each embodiment is described in a progressive manner, and all the embodiments are directly the same or similar parts referring to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments. It should be noted that, any combination of the technical features of the foregoing embodiments may be used, and for brevity, all of the possible combinations of the technical features of the foregoing embodiments are not described, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing is merely a preferred embodiment of the present invention, and it should be noted that modifications and substitutions can be made by those skilled in the art without departing from the technical principles of the present invention, and these modifications and substitutions should also be considered as being within the scope of the present invention.
Claims (10)
1. An attack transaction identification and interception method based on an intelligent contract firewall is characterized by comprising the following steps:
deploying a firewall agent contract at a transaction portal of the intelligent contract in advance;
executing the firewall agent contract when detecting that a transaction enters a protected intelligent contract, and carrying out parameter analysis on the transaction;
forwarding the transaction to different protection strategy contracts according to the parameter analysis result;
detecting whether transaction abnormality exists by monitoring contract state and analyzing transaction data;
if so, executing a corresponding protection strategy contract according to the abnormal result; the abnormal result at least comprises price manipulation, reentry attack and authority control, and the corresponding protection strategy contract at least comprises price manipulation protection strategy contract, reentry attack protection strategy contract and authority control protection strategy contract.
2. The attack transaction recognition and interception method according to claim 1, wherein the detecting whether the transaction abnormality exists by monitoring a contract state and parsing transaction data comprises:
acquiring information of all sub-calls in the transaction call; the information of the sub-call comprises contract addresses for carrying out transaction in the recursive sub-call and the sub-call and parameter information used in the transaction;
constructing a path diagram of the sub-call according to the information of the sub-call, and obtaining a corresponding flow diagram according to the data flow and the control flow of the sub-call of the existing security attack transaction;
and obtaining the similarity of the path diagram and the flow diagram by using a graph neural network, and judging whether the transaction is abnormal or not according to the similarity.
3. The attack transaction recognition and interception method according to claim 1, wherein said executing a corresponding protection policy contract according to an abnormal result if present comprises:
if the abnormal result is a reentrant attack, executing the reentrant attack protection policy contract, including:
filtering transactions in the contract call that do not contain the state variables according to the state variables in the protected intelligent contract;
and carrying out constraint solving on the control flow of the transaction through a symbol execution tool and a solver to obtain a function execution path set of the transaction under different constraint conditions, simulating a possible execution path of the transaction according to the function execution path set, and intercepting the transaction if a manipulation loop of the same state variable is found.
4. The attack transaction recognition and interception method according to claim 3, wherein if the abnormal result is a reentrant attack, executing the reentrant attack protection policy contract further comprises:
and locking the state variable, and intercepting the transaction if the locking fails.
5. The attack transaction recognition and interception method according to claim 3, further comprising:
if the abnormal result is price manipulation, executing the price manipulation protection strategy contract, including:
detecting variable dependency relations in the protected intelligent contracts through a contract code static analysis tool to obtain a sensitive variable set;
searching a corresponding liquidity pool on a chain according to the sensitive variable set, detecting whether the liquidity pool is operated, and intercepting the transaction if the liquidity pool is operated.
6. The attack transaction identification and interception method according to claim 5, wherein said detecting variable dependencies in a protected smart contract by a contract code static analysis tool to obtain a set of sensitive variables comprises:
detecting variables in the protected smart contract that depend on the liquidity pool or the token balance using a contract code static analysis tool;
judging whether the variable is used for operating the sensitive fund, if so, determining the variable as the sensitive variable.
7. The attack transaction recognition and interception method according to claim 5, wherein said detecting whether said liquidity pool is manipulated, if so, intercepting said transaction comprises:
acquiring real-time prices of the under-chain exchanges, and integrating the latest prices of DEX on the chain to perform weighted calculation so as to obtain reference prices of predictors;
and comparing the reference price of the predictor with the price of the liquidity pool, and judging that the liquidity pool is operated if the difference exceeds a preset threshold value, and intercepting the transaction.
8. An attack transaction recognition and interception system based on an intelligent contract firewall, comprising:
the contract deployment module is used for deploying firewall agent contracts at the transaction entrance of the intelligent contract in advance;
the parameter analysis module is used for executing the firewall agent contract when detecting that a transaction enters the protected intelligent contract, and carrying out parameter analysis on the transaction;
the transaction forwarding module is used for forwarding the transaction to different protection strategy contracts according to the parameter analysis result;
the transaction detection module is used for detecting whether transaction abnormality exists or not by monitoring contract states and analyzing transaction data;
the protection strategy contract executing module is used for executing corresponding protection strategy contracts according to abnormal results when transaction abnormality exists; the abnormal result at least comprises price manipulation, reentry attack and authority control, and the corresponding protection strategy contract at least comprises price manipulation protection strategy contract, reentry attack protection strategy contract and authority control protection strategy contract.
9. The attack transaction identification and interception system according to claim 8, wherein said protection policy contract execution module comprises:
the reentry attack detection module is configured to execute the reentry attack protection policy contract when the abnormal result is a reentry attack, and includes:
filtering transactions in the contract call that do not contain the state variables according to the state variables in the protected intelligent contract;
and carrying out constraint solving on the control flow of the transaction through a symbol execution tool and a solver to obtain a function execution path set of the transaction under different constraint conditions, simulating a possible execution path of the transaction according to the function execution path set, and intercepting the transaction if a manipulation loop of the same state variable is found.
10. The attack transaction recognition and interception system according to claim 9, further comprising:
a price manipulation detection module for executing the price manipulation protection policy contract when the abnormal result is price manipulation, comprising:
detecting variable dependency relations in the protected intelligent contracts through a contract code static analysis tool to obtain a sensitive variable set;
searching a corresponding liquidity pool on a chain according to the sensitive variable set, detecting whether the liquidity pool is operated, and intercepting the transaction if the liquidity pool is operated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311102742.0A CN117081818A (en) | 2023-08-29 | 2023-08-29 | Attack transaction identification and interception method and system based on intelligent contract firewall |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311102742.0A CN117081818A (en) | 2023-08-29 | 2023-08-29 | Attack transaction identification and interception method and system based on intelligent contract firewall |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117081818A true CN117081818A (en) | 2023-11-17 |
Family
ID=88707869
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311102742.0A Pending CN117081818A (en) | 2023-08-29 | 2023-08-29 | Attack transaction identification and interception method and system based on intelligent contract firewall |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117081818A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117522583A (en) * | 2024-01-08 | 2024-02-06 | 江苏通付盾科技有限公司 | Method for detecting contract attack transaction on chain based on balance analysis |
-
2023
- 2023-08-29 CN CN202311102742.0A patent/CN117081818A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117522583A (en) * | 2024-01-08 | 2024-02-06 | 江苏通付盾科技有限公司 | Method for detecting contract attack transaction on chain based on balance analysis |
| CN117522583B (en) * | 2024-01-08 | 2024-04-26 | 江苏通付盾科技有限公司 | Method for detecting contract attack transaction on chain based on balance analysis |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7877780B2 (en) | System and method for enforcing functionality in computer software through policies | |
| US7284274B1 (en) | System and method for identifying and eliminating vulnerabilities in computer software applications | |
| KR20220141276A (en) | Continuous vulnerability management system for digital assets based on blockchain smart contracts using sandbox and artificial intelligence | |
| US11022949B2 (en) | PLC virtual patching and automated distribution of security context | |
| SA515360536B1 (en) | Method, device, and computer program for monitoring an industrial control system | |
| US11748487B2 (en) | Detecting a potential security leak by a microservice | |
| CN112749389B (en) | Detection method and device for detecting vulnerability of intelligent contract damage sensitive data | |
| US20210357501A1 (en) | Attack estimation device, attack estimation method, and attack estimation program | |
| CN117081818A (en) | Attack transaction identification and interception method and system based on intelligent contract firewall | |
| Nabi et al. | A process of security assurance properties unification for application logic | |
| Ye et al. | Vulpedia: Detecting vulnerable ethereum smart contracts via abstracted vulnerability signatures | |
| US10089463B1 (en) | Managing security of source code | |
| Liu et al. | A smart contract vulnerability detection mechanism based on deep learning and expert rules | |
| Yu et al. | Redetect: Reentrancy vulnerability detection in smart contracts with high accuracy | |
| George et al. | A preliminary study on common programming mistakes that lead to buffer overflow vulnerability | |
| Trifonov et al. | Automation of cyber security incident handling through artificial intelligence methods | |
| CN114358934A (en) | Verification method of intelligent contract and related equipment | |
| US11238162B1 (en) | Method for systematically and objectively assessing system security risk | |
| WO2018004523A1 (en) | Plc virtual patching and automated distribution of security context | |
| Inácio et al. | Corca: An automatic program repair tool for checking and removing effectively c flaws | |
| CN113742724B (en) | Security mechanism defect detection method of network protocol software | |
| CN117891749B (en) | API application safety monitoring method, device, equipment and storage medium | |
| US20240104191A1 (en) | Method for identifying potential data exfiltration attacks in at least one software package | |
| Mohamed et al. | A control flow representation for component-based software reliability analysis | |
| Abdelrazek et al. | Towards self-securing software systems: Variability spectrum |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |