CN117688564B - A detection method, device and storage medium for smart contract event log - Google Patents

A detection method, device and storage medium for smart contract event log Download PDF

Info

Publication number
CN117688564B
CN117688564B CN202410138372.4A CN202410138372A CN117688564B CN 117688564 B CN117688564 B CN 117688564B CN 202410138372 A CN202410138372 A CN 202410138372A CN 117688564 B CN117688564 B CN 117688564B
Authority
CN
China
Prior art keywords
event
solidity
codes
code
determining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410138372.4A
Other languages
Chinese (zh)
Other versions
CN117688564A (en
Inventor
余仲星
李蓝天
梁叶剑
刘志浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong University
Original Assignee
Shandong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong University filed Critical Shandong University
Priority to CN202410138372.4A priority Critical patent/CN117688564B/en
Publication of CN117688564A publication Critical patent/CN117688564A/en
Application granted granted Critical
Publication of CN117688564B publication Critical patent/CN117688564B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Health & Medical Sciences (AREA)
  • Accounting & Taxation (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The application relates to the technical field of computers, and discloses a detection method, a device and a storage medium for an intelligent contract event log, wherein the method comprises the following steps: acquiring a target contract; compiling a target contract by adopting Solidity language; analyzing Solidity codes of the target contracts, and determining event problem states of Solidity codes; the event problem state comprises at least one of the event in Solidity code that requires an optimization variable, the event in Solidity code that uses more frequently than a frequency of use threshold, the event in Solidity code that has parameter information errors, the redundant event in Solidity code, the debug event in Solidity code that has been used, and the event in Solidity code that has call position errors; based on the event problem state, outputting reminding information. Thus, the developer can find the problem of the event in time.

Description

一种用于智能合约事件日志的检测方法、装置和存储介质A detection method, device and storage medium for smart contract event log

技术领域Technical Field

本申请涉及计算机技术领域,例如涉及一种用于智能合约事件日志的检测方法、装置和存储介质。The present application relates to the field of computer technology, and in particular to a detection method, device and storage medium for smart contract event logs.

背景技术Background technique

智能合约,是一种图灵完备程序,在以太坊虚拟机(Ethereum Virtual Machine,EVM)中以EVM字节码的形式运行。具体来说,智能合约可以采用Solidity语言(一种编程语言)进行编程,该种语言的智能合约先被编译成EVM字节码,再由EVM在区块链上执行。Smart contracts are Turing-complete programs that run in the Ethereum Virtual Machine (EVM) in the form of EVM bytecode. Specifically, smart contracts can be programmed in Solidity (a programming language), which is first compiled into EVM bytecode and then executed on the blockchain by EVM.

进一步地,在Solidity的编程过程中,可以通过事件功能来实现日志的记录。但是,当前的Solidity代码中的事件在使用时存在问题,若开发人员没有及时避免,则会导致gas费用(一种在以太坊区块链上执行特定操作时需要支付的成本)的浪费,甚至会增加合约账户的财产损失风险。Furthermore, in the Solidity programming process, logs can be recorded through the event function. However, there are problems with the use of events in the current Solidity code. If developers do not avoid them in time, it will lead to a waste of gas fees (a cost that needs to be paid when performing specific operations on the Ethereum blockchain), and even increase the risk of property loss of the contract account.

在实现本公开实施例的过程中,发现相关技术中至少存在如下问题:In the process of implementing the embodiments of the present disclosure, it is found that there are at least the following problems in the related art:

当前的Solidity代码中的事件在使用时存在问题,若开发人员没有及时避免,则会导致gas费用的浪费,甚至会增加合约账户的财产损失风险。There are problems with the use of events in the current Solidity code. If developers do not avoid them in time, it will lead to a waste of gas fees and even increase the risk of property loss of the contract account.

需要说明的是,在上述背景技术部分公开的信息仅用于加强对本申请的背景的理解,因此可以包括不构成对本领域普通技术人员已知的现有技术的信息。It should be noted that the information disclosed in the above background technology section is only used to enhance the understanding of the background of the present application, and therefore may include information that does not constitute the prior art known to ordinary technicians in the field.

发明内容Summary of the invention

为了对披露的实施例的一些方面有基本的理解,下面给出了简单的概括。所述概括不是泛泛评述,也不是要确定关键/重要组成元素或描绘这些实施例的保护范围,而是作为后面的详细说明的序言。In order to provide a basic understanding of some aspects of the disclosed embodiments, a brief summary is given below. The summary is not an extensive review, nor is it intended to identify key/critical elements or delineate the scope of protection of these embodiments, but rather serves as a prelude to the detailed description that follows.

本公开实施例提供了一种用于智能合约事件日志的检测方法、装置和存储介质,以检测当前的Solidity代码中的事件在使用时存在的问题并及时提醒,避免gas费用的浪费,降低合约账户的财产损失风险。The disclosed embodiments provide a detection method, device, and storage medium for smart contract event logs to detect problems with events in the current Solidity code when they are used and provide timely reminders, thereby avoiding waste of gas fees and reducing the risk of property loss of contract accounts.

在一些实施例中,所述用于智能合约事件日志的检测方法包括:In some embodiments, the detection method for smart contract event logs includes:

获取目标合约;所述目标合约采用Solidity语言编译;Obtain the target contract; the target contract is compiled using the Solidity language;

对所述目标合约的Solidity代码进行分析,确定所述Solidity代码的事件问题状态;所述事件问题状态包括所述Solidity代码中存在需要优化变量的事件、所述Solidity代码的事件使用频率大于使用频率阈值、所述Solidity代码中存在参数信息错误的事件、所述Solidity代码中存在冗余事件、所述Solidity代码中存在已使用的调试事件,以及所述Solidity代码中存在调用位置错误的事件中的至少一种;Analyze the Solidity code of the target contract to determine the event problem status of the Solidity code; the event problem status includes at least one of an event in which variables need to be optimized in the Solidity code, an event usage frequency of the Solidity code is greater than a usage frequency threshold, an event in which parameter information is incorrect in the Solidity code, a redundant event in the Solidity code, a used debug event in the Solidity code, and an event in which a call location error exists in the Solidity code;

基于所述事件问题状态,输出提醒信息。Based on the event problem status, a reminder message is output.

在一些实施例中,所述用于智能合约事件日志的检测装置,包括处理器和存储有程序指令的存储器,所述处理器被配置为在运行所述程序指令时,执行上述的用于智能合约事件日志的检测方法。In some embodiments, the detection device for smart contract event logs includes a processor and a memory storing program instructions, and the processor is configured to execute the above-mentioned detection method for smart contract event logs when running the program instructions.

在一些实施例中,所述存储介质,存储有程序指令,所述程序指令在运行时,执行上述的用于智能合约事件日志的检测方法。In some embodiments, the storage medium stores program instructions, and when the program instructions are run, they execute the above-mentioned detection method for smart contract event logs.

本公开实施例提供的一种用于智能合约事件日志的检测方法、装置和存储介质,可以实现以下技术效果:The present disclosure provides a method, device and storage medium for detecting smart contract event logs, which can achieve the following technical effects:

获取采用Solidity语言编译的目标合约之后,可以对目标合约的Solidity代码进行分析,确定Solidity代码的事件问题状态。其中,事件问题状态可以包括Solidity代码中存在需要优化变量的事件、Solidity代码的事件使用频率大于使用频率阈值、Solidity代码中存在参数信息错误的事件、Solidity代码中存在冗余事件、Solidity代码中存在已使用的调试事件,以及Solidity代码中存在调用位置错误的事件中的至少一种。而后,可以基于事件问题状态,输出提醒信息。如此一来,即可从上述六种事件问题状态的角度对Solidity代码进行分析,以对Solidity代码中的事件进行检测,及时发现其中存在的问题,并通过输出提醒消息的方式及时告知开发人员,从而尽可能地避免gas费用的浪费,降低合约账户的财产损失风险。After obtaining the target contract compiled in the Solidity language, the Solidity code of the target contract can be analyzed to determine the event problem status of the Solidity code. Among them, the event problem status may include events in the Solidity code that require variable optimization, events in the Solidity code that use a frequency greater than a frequency threshold, events in the Solidity code that have parameter information errors, redundant events in the Solidity code, debug events that have been used in the Solidity code, and at least one of events in the Solidity code that have call location errors. Then, reminder information can be output based on the event problem status. In this way, the Solidity code can be analyzed from the perspective of the above six event problem states to detect events in the Solidity code, promptly discover problems therein, and promptly inform developers by outputting reminder messages, thereby avoiding waste of gas fees as much as possible and reducing the risk of property loss of contract accounts.

以上的总体描述和下文中的描述仅是示例性和解释性的,不用于限制本申请。The above general description and the following description are exemplary and explanatory only and are not intended to limit the present application.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

一个或多个实施例通过与之对应的附图进行示例性说明,这些示例性说明和附图并不构成对实施例的限定,附图中具有相同参考数字标号的元件示为类似的元件,附图不构成比例限制,并且其中:One or more embodiments are exemplarily described by corresponding drawings, which do not limit the embodiments. Elements with the same reference numerals in the drawings are shown as similar elements, and the drawings do not constitute a scale limitation, and wherein:

图1是本公开实施例提供的一个用于智能合约事件日志的检测方法的示意图;FIG1 is a schematic diagram of a detection method for a smart contract event log provided by an embodiment of the present disclosure;

图2是本公开实施例提供的一个用于确定Solidity代码的事件问题状态的方法的示意图;FIG2 is a schematic diagram of a method for determining an event problem status of a Solidity code provided by an embodiment of the present disclosure;

图3是本公开实施例提供的另一个用于确定Solidity代码的事件问题状态的方法的示意图;FIG3 is a schematic diagram of another method for determining an event problem status of a Solidity code provided by an embodiment of the present disclosure;

图4是本公开实施例提供的另一个用于确定Solidity代码的事件问题状态的方法的示意图;FIG4 is a schematic diagram of another method for determining an event problem status of a Solidity code provided by an embodiment of the present disclosure;

图5是本公开实施例提供的另一个用于确定Solidity代码的事件问题状态的方法的示意图;FIG5 is a schematic diagram of another method for determining an event problem status of a Solidity code provided by an embodiment of the present disclosure;

图6是本公开实施例提供的另一个用于确定Solidity代码的事件问题状态的方法的示意图;FIG6 is a schematic diagram of another method for determining an event problem status of a Solidity code provided by an embodiment of the present disclosure;

图7是本公开实施例提供的另一个用于确定Solidity代码的事件问题状态的方法的示意图;FIG7 is a schematic diagram of another method for determining an event problem status of a Solidity code provided by an embodiment of the present disclosure;

图8是本公开实施例提供的一个用于智能合约事件日志的检测装置的示意图。FIG8 is a schematic diagram of a detection device for a smart contract event log provided in an embodiment of the present disclosure.

具体实施方式Detailed ways

为了能够更加详尽地了解本公开实施例的特点与技术内容,下面结合附图对本公开实施例的实现进行详细阐述,所附附图仅供参考说明之用,并非用来限定本公开实施例。在以下的技术描述中,为方便解释起见,通过多个细节以提供对所披露实施例的充分理解。然而,在没有这些细节的情况下,一个或多个实施例仍然可以实施。在其他情况下,为简化附图,熟知的结构和装置可以简化展示。In order to be able to understand the features and technical contents of the embodiments of the present disclosure in more detail, the implementation of the embodiments of the present disclosure is described in detail below in conjunction with the accompanying drawings. The attached drawings are for reference only and are not used to limit the embodiments of the present disclosure. In the following technical description, for the convenience of explanation, a full understanding of the disclosed embodiments is provided through multiple details. However, one or more embodiments can still be implemented without these details. In other cases, to simplify the drawings, well-known structures and devices can be simplified for display.

本公开实施例的说明书和权利要求书及上述附图中的术语“第一”“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本公开实施例的实施例。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含。The terms "first", "second", etc. in the specification and claims of the embodiments of the present disclosure and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence. It should be understood that the terms used in this way can be interchanged where appropriate, so as to describe the embodiments of the embodiments of the present disclosure described herein. In addition, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusions.

除非另有说明,术语“多个”表示两个或两个以上。Unless otherwise stated, the term "plurality" means two or more.

本公开实施例中,字符“/”表示前后对象是一种“或”的关系。例如,A/B表示:A或B。In the embodiment of the present disclosure, the character "/" indicates that the preceding and following objects are in an "or" relationship. For example, A/B indicates: A or B.

术语“和/或”是一种描述对象的关联关系,表示可以存在三种关系。例如,A和/或B,表示:A或B,或,A和B这三种关系。The term "and/or" is a description of the association relationship between objects, indicating that three relationships can exist. For example, A and/or B means: A or B, or, A and B.

术语“对应”可以指的是一种关联关系或绑定关系,A与B相对应指的是A与B之间是一种关联关系或绑定关系。The term "correspondence" may refer to an association relationship or a binding relationship. The correspondence between A and B means that there is an association relationship or a binding relationship between A and B.

本公开实施例不限定该用于智能合约事件日志的检测方法的执行主体,例如,本公开实施例的用于智能合约事件日志的检测方法可以应用于终端设备或服务器等数据处理设备。其中,终端设备是指具有无线连接功能的电子设备,在一些实施例中,终端设备例如为移动设备、电脑,或悬浮车中内置的车载设备等,或其任意组合。移动设备例如可以包括手机、智能家居设备、可穿戴设备、智能移动设备、虚拟现实设备等,或其任意组合,其中,可穿戴设备例如包括:智能手表、智能手环、计步器等。The embodiments of the present disclosure do not limit the execution subject of the detection method for smart contract event logs. For example, the detection method for smart contract event logs in the embodiments of the present disclosure can be applied to data processing devices such as terminal devices or servers. Among them, the terminal device refers to an electronic device with a wireless connection function. In some embodiments, the terminal device is, for example, a mobile device, a computer, or a vehicle-mounted device built into a hover car, or any combination thereof. Mobile devices may include, for example, mobile phones, smart home devices, wearable devices, smart mobile devices, virtual reality devices, etc., or any combination thereof, wherein wearable devices include, for example: smart watches, smart bracelets, pedometers, etc.

结合图1所示,本公开实施例提供一种用于智能合约事件日志的检测方法,包括:As shown in FIG1 , the present disclosure provides a method for detecting a smart contract event log, including:

S101,获取目标合约。S101, obtain the target contract.

其中,目标合约采用Solidity语言编译。Among them, the target contract is compiled in Solidity language.

S102,对目标合约的Solidity代码进行分析,确定Solidity代码的事件问题状态。S102, analyzing the Solidity code of the target contract to determine the event problem status of the Solidity code.

在本公开实施例中,事件问题状态包括Solidity代码中存在需要优化变量的事件、Solidity代码的事件使用频率大于使用频率阈值、Solidity代码中存在参数信息错误的事件、Solidity代码中存在冗余事件、Solidity代码中存在已使用的调试事件,以及Solidity代码中存在调用位置错误的事件中的至少一种。In the disclosed embodiment, the event problem status includes at least one of an event in which variables need to be optimized in the Solidity code, an event usage frequency of the Solidity code is greater than a usage frequency threshold, an event in which parameter information is incorrect in the Solidity code, a redundant event in the Solidity code, a used debug event in the Solidity code, and an event in which a call location error exists in the Solidity code.

S103,基于事件问题状态,输出提醒信息。S103: Output reminder information based on the event problem status.

在本公开实施例中,为了便于理解,可以分别结合附图对上述六种事件问题状态的确定过程及提醒信息的输出,进行示例性地说明。In the embodiments of the present disclosure, for ease of understanding, the determination process of the above six event problem states and the output of reminder information may be exemplarily described in conjunction with the accompanying drawings.

具体来说,结合图2所示,针对Solidity代码中存在需要优化变量的事件这一事件问题状态的确定过程,也就是步骤S102,其具体可以包括步骤21A-步骤24A:Specifically, in conjunction with FIG. 2 , the process of determining the event problem state of an event that requires variable optimization in the Solidity code, that is, step S102, may specifically include steps 21A to 24A:

步骤21A:对Solidity代码进行分词,得到分词代码。Step 21A: Segment the Solidity code to obtain segmentation code.

在实际应用中,可以以空格、换行符作为分隔符对Solidity代码进行分词,并对Solidity代码中的标点进行过滤,得到分词代码。In practical applications, the Solidity code can be segmented using spaces and line breaks as delimiters, and the punctuation marks in the Solidity code can be filtered to obtain the segmented code.

步骤22A:对分词代码进行词性标注,得到分词标注结果。Step 22A: Perform part-of-speech tagging on the word segmentation code to obtain a word segmentation tagging result.

具体来说,在本公开实施例中,可以预先设置建立语料库,并由语料库存储Solidity代码的词性类型。例如,词性类型可以包括关键字、状态变量、局部变量、事件名、函数名及类名。如此,即可依据词性类型对上述分词代码进行词性标注,得到分词标注结果。Specifically, in the embodiments of the present disclosure, a corpus can be pre-set to be established, and the corpus can store the part-of-speech types of Solidity codes. For example, the part-of-speech types can include keywords, state variables, local variables, event names, function names, and class names. In this way, the above-mentioned word segmentation codes can be tagged according to the part-of-speech types to obtain the word segmentation tagging results.

步骤23A:基于分词标注结果,从Solidity代码中确定第一事件。Step 23A: Based on the word segmentation and tagging results, determine the first event from the Solidity code.

第一事件包括状态变量;状态变量以storage类型存储。在实际应用中,由于storage类型的变量消耗的gas多于memory类型的局部变量,因此,可以基于上述分词标注结果,识别Solidity代码中涉及storage类型的状态变量的事件作为第一事件,以便于后续针对该消耗gas高的第一事件进行处理。The first event includes state variables; the state variables are stored as storage type. In practical applications, since variables of storage type consume more gas than local variables of memory type, based on the above word segmentation and annotation results, events involving state variables of storage type in Solidity code can be identified as the first event, so as to facilitate subsequent processing of the first event with high gas consumption.

步骤24A:若第一事件所在的第一函数包括局部变量,且状态变量和局部变量的值相同,则确定事件问题状态为Solidity代码中存在需要优化变量的事件。Step 24A: If the first function where the first event is located includes local variables, and the values of the state variables and the local variables are the same, it is determined that the event problem state is an event that requires variable optimization in the Solidity code.

这里,局部变量以memory类型存储。由于memory类型的局部变量消耗的gas低于storage类型的状态变量,因此,当第一函数包括局部变量,且状态变量和局部变量的值相同时,则可以确定Solidity代码中存在需要优化变量的事件,也就是第一事件中的状态变量需要被优化。Here, local variables are stored as memory type. Since memory type local variables consume less gas than storage type state variables, when the first function includes local variables and the values of the state variables and local variables are the same, it can be determined that there is an event in the Solidity code that requires variable optimization, that is, the state variables in the first event need to be optimized.

基于上述步骤21A-步骤24A,在本公开实施例中,基于事件问题状态输出的提醒信息,具体可以包括:用于指示可进行变量优化的警告信息、识别出的第一事件的状态变量的信息,以及可替换该状态变量的局部变量的信息。Based on the above steps 21A to 24A, in the embodiment of the present disclosure, the reminder information output based on the event problem status may specifically include: warning information indicating that variable optimization can be performed, information on the state variables of the identified first event, and information on local variables that can replace the state variables.

进一步地,在输出提醒消息之后,该用于智能合约事件日志的检测方法还可以包括:将第一事件中以storage类型存储的状态变量替换为以memory类型存储的局部变量。前面提到,memory类型存储的局部变量消耗的gas低于storage类型存储的状态变量,并且,由于状态变量和局部变量的值相同,因此以局部变量替换状态变量不会改变状态变量的定义和取值,也不会影响状态变量在区块链上的持久性。因此,通过变量替换可以节省数据资源。Furthermore, after outputting the reminder message, the detection method for smart contract event logs may also include: replacing the state variable stored in the first event as a storage type with a local variable stored in a memory type. As mentioned above, the gas consumed by the local variable stored in the memory type is lower than that of the state variable stored in the storage type, and since the values of the state variable and the local variable are the same, replacing the state variable with a local variable will not change the definition and value of the state variable, nor will it affect the persistence of the state variable on the blockchain. Therefore, data resources can be saved by variable replacement.

结合图3所示,针对Solidity代码的事件使用量大于使用量阈值这一事件问题状态的确定过程,也就是步骤S102,其具体可以包括步骤21B-步骤23B:As shown in FIG. 3 , the process of determining the event problem state that the event usage of the Solidity code is greater than the usage threshold, that is, step S102, may specifically include steps 21B to 23B:

步骤21B:对Solidity代码进行预处理,得到预处理代码。Step 21B: Preprocess the Solidity code to obtain preprocessed code.

在实际应用中,预处理用于去除Solidity代码中的停用部分,停用部分包括Solidity代码中的注释和/或空行。In practical applications, preprocessing is used to remove the dead parts in Solidity code, which include comments and/or blank lines in Solidity code.

步骤22B:对预处理代码进行词频分析,得到预处理代码中的事件使用量。Step 22B: Perform word frequency analysis on the preprocessing code to obtain event usage in the preprocessing code.

具体来说,在本公开实施例中,可以先计算预处理代码的总行数,再对预处理代码进行分词,并对分词后的预处理代码进行词频分析,得到事件被调用的次数。接着,基于事件被调用的次数和预处理代码的总行数,可以确定事件在每行预处理代码中的平均出现次数,作为事件使用频率。其中,由于在Solidity代码中,“emit”关键字后跟随的是事件名,因此,可以通过统计关键字“emit”的出现次数确定事件的被调用次数。另外,事件使用频率,可以通过事件的出现次数除以预处理代码的总行数得到。Specifically, in the disclosed embodiment, the total number of lines of preprocessing code can be calculated first, and then the preprocessing code can be segmented, and the word frequency analysis can be performed on the preprocessing code after segmentation to obtain the number of times the event is called. Then, based on the number of times the event is called and the total number of lines of preprocessing code, the average number of occurrences of the event in each line of preprocessing code can be determined as the frequency of event use. Among them, since the "emit" keyword is followed by the event name in the Solidity code, the number of times the event is called can be determined by counting the number of occurrences of the keyword "emit". In addition, the frequency of event use can be obtained by dividing the number of occurrences of the event by the total number of lines of preprocessing code.

步骤23B:若事件使用频率大于使用频率阈值,则确定事件问题状态为Solidity代码的事件使用频率大于使用频率阈值。Step 23B: If the event usage frequency is greater than the usage frequency threshold, it is determined that the event problem state is that the event usage frequency of the Solidity code is greater than the usage frequency threshold.

在本公开实施例中,发明人经过创造性地研究发现,事件使用频率的平均值为0.022,因此,在实际应用中,使用频率阈值的取值范围可以为0.03~0.06,优选为0.05。In the embodiments of the present disclosure, the inventors have found through creative research that the average value of the event usage frequency is 0.022. Therefore, in practical applications, the value range of the usage frequency threshold may be 0.03 to 0.06, preferably 0.05.

基于上述步骤21B-步骤23B,在本公开实施例中,基于事件问题状态输出的提醒信息,具体可以包括:用于指示事件过度使用的警告信息。尽管事件是与其它系统交互的有效实现方式,但同时它也使用了大量资源,并对合约的工作效果产生较大影响,因此,在本公开实施例中通过事件过度警告的方式,可以及时告知开发人员谨慎使用事件,从而避免资源浪费。Based on the above steps 21B to 23B, in the disclosed embodiment, the reminder information output based on the event problem status may specifically include: warning information for indicating excessive use of events. Although events are an effective way to interact with other systems, they also use a lot of resources and have a great impact on the working effect of the contract. Therefore, in the disclosed embodiment, through the event excessive warning method, developers can be informed in time to use events with caution, thereby avoiding waste of resources.

结合图4所示,针对Solidity代码中存在传入的参数信息存在错误的事件这一事件问题状态的确定过程,也就是步骤S102,其具体可以包括步骤21C-步骤24C:As shown in FIG. 4 , the process of determining the event problem state of the event that the parameter information inputted into the Solidity code is incorrect, that is, step S102, may specifically include steps 21C to 24C:

步骤21C:对Solidity代码进行静态代码分析,得到目标合约的抽象语法树。Step 21C: Perform static code analysis on the Solidity code to obtain the abstract syntax tree of the target contract.

在实际应用中,对Solidity代码进行静态代码分析的实现过程可以采用现有的或者未来可能出现的任一种静态代码分析算法,此处不做具体限定。In practical applications, the implementation process of static code analysis on Solidity code can adopt any existing or future static code analysis algorithm, which is not specifically limited here.

步骤22C:根据抽象语法树中的函数声明,确定参数数量大于或等于数量阈值的第二事件,并获取第二事件传入的参数信息。Step 22C: According to the function declaration in the abstract syntax tree, determine a second event whose number of parameters is greater than or equal to the number threshold, and obtain parameter information passed in by the second event.

这里,数量阈值可以为3,从而避免参数数量较少导致的偶然性概率。参数信息可以包括参数名和参数值。Here, the quantity threshold may be 3, so as to avoid the accidental probability caused by a small number of parameters. The parameter information may include a parameter name and a parameter value.

步骤23C:从抽象语法树中的函数中,获取与第二事件被调用时的参数数量相同的第二函数。Step 23C: From the functions in the abstract syntax tree, obtain a second function with the same number of parameters as when the second event is called.

步骤24C:若第二事件被调用时的任一参数的参数信息和第二函数的参数信息不同,且除任一参数之外的其他参数的参数信息和第二函数的参数信息相同,则确定事件问题状态为Solidity代码中存在参数信息错误的事件。Step 24C: If the parameter information of any parameter when the second event is called is different from the parameter information of the second function, and the parameter information of other parameters except any parameter is the same as the parameter information of the second function, then the event problem status is determined to be an event in which parameter information error exists in the Solidity code.

如此,通过确定出参数数量大于或等于3的第二事件,并获取第二事件传入的参数名和参数值,有助于后续尽可能地定位到具体的函数。当第二事件和第二函数的参数信息不同时,说明存在参数错误。Thus, by determining the second event with the number of parameters greater than or equal to 3 and obtaining the parameter name and parameter value passed in by the second event, it is helpful to locate the specific function as much as possible. When the parameter information of the second event and the second function is different, it indicates that there is a parameter error.

基于上述步骤21C-步骤24C,在本公开实施例中,基于事件问题状态输出的提醒信息,具体可以包括:用于指示参数信息错误的警告信息,以及第二事件和第二函数的相关信息。在调用事件时,传入的错误参数如果与定义时的参数类型一致,编译器无法发现参数信息的错误。而在智能合约部署后错误很难更改,因此,通过检测传入参数错误并警告的方式,可以及时告知开发人员,从而有助于尽可能地降低合约漏洞的风险。Based on the above steps 21C-24C, in the disclosed embodiment, the reminder information output based on the event problem status may specifically include: warning information indicating parameter information errors, and related information of the second event and the second function. When calling an event, if the incoming error parameter is consistent with the parameter type when it is defined, the compiler cannot find the error in the parameter information. After the smart contract is deployed, the error is difficult to change. Therefore, by detecting the incoming parameter error and warning, the developer can be informed in time, which helps to minimize the risk of contract vulnerabilities.

结合图5所示,针对Solidity代码中存在冗余事件这一事件问题状态的确定过程,也就是步骤S102,其具体可以包括步骤21D-步骤22D:As shown in FIG. 5 , the process of determining the event problem state of the redundant event in the Solidity code, that is, step S102, may specifically include steps 21D to 22D:

步骤21D:针对Solidity代码中被调用的第三事件,从Solidity代码包括的除第三事件之外的被调用事件中,确定包含第三事件所有参数的第四事件。Step 21D: For the third event called in the Solidity code, determine a fourth event including all parameters of the third event from the called events included in the Solidity code except the third event.

具体来说,第四事件的数量可以为1个也可以为多个。第四事件包含第三事件所有参数,可以指二者的参数相同,或,第四事件的参数包含第三事件的参数。基于此,在本公开实施例中,针对第三事件,可以在Solidity代码中查询是否存在其他被调用事件的参数包括该第三事件的参数,若存在,即可将该事件确定为第四事件。此外,由于别名分析算法是一种用于识别程序变量名称集的技术,这些名称集在程序执行期间可能会引起相同的内存位置,而内存位置相同的参数也可以视为相同参数,因此,在本公开实施例中,还可以进一步通过别名分析算法对第三事件的参数进行分析,确定内存位置相同的参数,并进一步基于内存位置相同的参数确定对应的第四事件。Specifically, the number of fourth events can be one or more. The fourth event includes all parameters of the third event, which may mean that the parameters of the two are the same, or the parameters of the fourth event include the parameters of the third event. Based on this, in the embodiment of the present disclosure, for the third event, it can be queried in the Solidity code whether there are other called events whose parameters include the parameters of the third event. If so, the event can be determined as the fourth event. In addition, since the alias analysis algorithm is a technology for identifying sets of program variable names, these name sets may cause the same memory location during program execution, and parameters with the same memory location can also be regarded as the same parameters. Therefore, in the embodiment of the present disclosure, the parameters of the third event can be further analyzed by the alias analysis algorithm to determine the parameters with the same memory location, and further determine the corresponding fourth event based on the parameters with the same memory location.

步骤22D:当第三事件的参数值和第四事件中对应的参数值相同,确定事件问题状态为Solidity代码中存在冗余事件。Step 22D: When the parameter value of the third event is the same as the corresponding parameter value in the fourth event, it is determined that the event problem state is that there are redundant events in the Solidity code.

前面提到,第四事件包含第三事件,因此,当第三事件的参数值和第四事件的参数值也相同时,可以说明对于第四事件而言,第三事件为冗余事件。As mentioned above, the fourth event includes the third event. Therefore, when the parameter value of the third event is the same as the parameter value of the fourth event, it can be explained that the third event is a redundant event for the fourth event.

基于上述步骤21D-步骤22D,在本公开实施例中,基于事件问题状态输出的提醒信息,具体可以包括:用于指示存在冗余事件的警告信息,以及第三事件和第四事件的相关信息。由于第三事件为冗余事件,其被第四事件所包含,且参数值也相同,因此,通过检测冗余事件并警告的方式,可以及时告知开发人员,从而有助于尽快取消冗余事件的调用,以减少数据资源的消耗。Based on the above steps 21D to 22D, in the embodiment of the present disclosure, the reminder information output based on the event problem state may specifically include: warning information indicating the existence of redundant events, and related information of the third event and the fourth event. Since the third event is a redundant event, it is included in the fourth event, and the parameter value is also the same. Therefore, by detecting redundant events and issuing warnings, developers can be informed in a timely manner, thereby helping to cancel the call of redundant events as soon as possible to reduce the consumption of data resources.

结合图6所示,针对Solidity代码中存在已使用的调试事件这一事件问题状态的确定过程,也就是步骤S102,其具体可以包括步骤21E-步骤22E:As shown in FIG. 6 , the process of determining the event problem state of the used debug event in the Solidity code, that is, step S102, may specifically include steps 21E to 22E:

步骤21E:对Solidity代码进行分析,确定Solidity代码中是否存在第五事件、第六事件和第七事件中的至少一个。Step 21E: Analyze the Solidity code to determine whether at least one of the fifth event, the sixth event, and the seventh event exists in the Solidity code.

其中,第五事件为空事件;第六事件为在不同位置被调用且记录相同变量的事件;第七事件为包括字符串参数的事件,且字符串参数包括预设关键词。在实际应用中,开发人员可以采用事件来进行调试,调试事件的形式,可以体现为空事件、在不同位置被调用且记录相同变量的事件,或者,包括字符串参数的事件,且字符串参数包括预设关键词,也就是第五事件、第六事件和第七事件中的至少一个。在实际应用中,预设关键词可以体现为“debugging”、“test”和“help”中的至少一个。Among them, the fifth event is an empty event; the sixth event is an event that is called at different locations and records the same variable; the seventh event is an event that includes a string parameter, and the string parameter includes a preset keyword. In actual applications, developers can use events for debugging. The form of debugging events can be reflected as an empty event, an event that is called at different locations and records the same variable, or an event that includes a string parameter, and the string parameter includes a preset keyword, that is, at least one of the fifth event, the sixth event, and the seventh event. In actual applications, the preset keyword can be reflected as at least one of "debugging", "test" and "help".

步骤22E:若Solidity代码中存在第五事件、第六事件和第七事件中的至少一个,则确定事件问题状态为Solidity代码中存在已使用的调试事件。Step 22E: If at least one of the fifth event, the sixth event, and the seventh event exists in the Solidity code, it is determined that the event problem state is that there is a used debug event in the Solidity code.

基于上述内容可知,当Solidity代码中存在第五事件、第六事件和第七事件中的至少一个,可以说明开发人员在调试Solidity代码后未删除已使用的调试事件。Based on the above content, it can be known that when at least one of the fifth event, the sixth event and the seventh event exists in the Solidity code, it can be explained that the developer did not delete the used debugging event after debugging the Solidity code.

基于上述步骤21E-步骤22E,在本公开实施例中,基于事件问题状态输出的提醒信息,具体可以包括:用于指示Solidity代码中已使用的调试事件的警告信息。开发人员在使用事件进行代码调试后,若不及时删除不再需要的调试事件,则会对代码的可读性产生负面影响,并导致多余的数据资源消耗,因此,通过检测Solidity代码中已使用的调试事件并警告的方式,可以及时告知开发人员,从而有助于开发人员尽快删除已使用的调试事件,以减少数据资源的消耗。Based on the above steps 21E-22E, in the disclosed embodiment, the reminder information output based on the event problem status may specifically include: warning information for indicating the debug events that have been used in the Solidity code. After the developer uses the event to debug the code, if the debug events that are no longer needed are not deleted in time, it will have a negative impact on the readability of the code and cause unnecessary data resource consumption. Therefore, by detecting the debug events that have been used in the Solidity code and warning, the developer can be informed in time, which helps the developer to delete the used debug events as soon as possible to reduce the consumption of data resources.

结合图7所示,针对Solidity代码中存在调用位置错误的事件这一事件问题状态的确定过程,也就是步骤S102,其具体可以包括步骤21F-24F:As shown in FIG. 7 , the process of determining the problem state of the event that there is a call location error in the Solidity code, that is, step S102, may specifically include steps 21F-24F:

步骤21F:在Solidity代码的运行过程中,获取Solidity代码的执行路径和操作码。Step 21F: During the execution of the Solidity code, obtain the execution path and operation code of the Solidity code.

在本公开实施例中,为了使Solidity代码运行,可以先使用Anvil(一种区块链运行工具)构建本地区块链的网络测试环境,并在网络测试环境中部署该目标合约。接着,可以为目标合约的函数随机生成有效的输入。具体来说,可以先编译该目标合约,生成其应用二进制接口(Application Binary Interface,ABI)对应的JSON格式文件,再通过解析该ABI文件,得到其中的函数描述和参数的数据类型,而后根据Solidity官方文档确定各数据类型的参数的输入域。In the disclosed embodiment, in order to run the Solidity code, you can first use Anvil (a blockchain running tool) to build a network test environment for the local blockchain, and deploy the target contract in the network test environment. Then, you can randomly generate valid inputs for the functions of the target contract. Specifically, you can first compile the target contract to generate a JSON format file corresponding to its Application Binary Interface (ABI), and then parse the ABI file to obtain the function description and parameter data types, and then determine the input domain of the parameters of each data type according to the Solidity official document.

举例来说,针对固定长度的数据类型的参数,例如是int、uint、bytes和固定数组类型的参数,可以在其有效的输入域内随机生成输入。For example, for parameters of fixed-length data types, such as int, uint, bytes, and fixed array types, inputs can be randomly generated within their valid input domain.

对于非固定长度的数据类型的参数,例如是string类型的参数,可以先随机生成有效范围内的正整数作为长度,再随机生成该长度的字符串作为输入。For parameters of data types with non-fixed length, such as parameters of string type, you can first randomly generate a positive integer within a valid range as the length, and then randomly generate a string of the length as input.

对于address类型的参数,则需要进行ABI函数特征分析,也就是提取ABI中声明的所有函数签名,再计算每个函数签名的函数选择器,即函数签名的前四字节的Keccak哈希(SHA-3),以确定每个公共ABI函数所使用的函数选择器。接下来,可以构建并存储一个映射,该映射以函数选择器作为键,具有相同函数选择器的所有智能合约的地址作为值。通过此映射,对于每个函数选择器,可以以搜索映射的方式找到支持该函数选择器的所有智能合约地址,并由此为智能合约的每个ABI函数的address数据类型的参数生成随机输入。For address type parameters, ABI function feature analysis is required, that is, extracting all function signatures declared in the ABI, and then calculating the function selector of each function signature, that is, the Keccak hash (SHA-3) of the first four bytes of the function signature, to determine the function selector used by each public ABI function. Next, a mapping can be constructed and stored, which uses the function selector as the key and the addresses of all smart contracts with the same function selector as the value. Through this mapping, for each function selector, all smart contract addresses that support the function selector can be found by searching the mapping, and thereby generating random inputs for parameters of the address data type for each ABI function of the smart contract.

步骤22F:在Solidity代码中的第八事件被调用后,通过执行路径和操作码,检测第八事件传入的变量是否被重新赋值。Step 22F: After the eighth event in the Solidity code is called, detect whether the variable passed in by the eighth event is reassigned through the execution path and operation code.

这里,第八事件即为Solidity代码中的任一事件。在本公开实施例中,可以采用程序打桩技术,使用分支覆盖探针和条件覆盖探针来获取执行路径,并监测该目标合约在EVM上执行时的操作码,以在第八事件被调用后,检测第八事件传入的变量是否被重新赋值。Here, the eighth event is any event in the Solidity code. In the disclosed embodiment, the program stubbing technology can be used to obtain the execution path using branch coverage probes and condition coverage probes, and the opcodes of the target contract when it is executed on the EVM can be monitored to detect whether the variables passed in by the eighth event are reassigned after the eighth event is called.

步骤23F:若第八事件传入的变量被重新赋值,则检测Solidity代码中是否存在用于记录第八事件的重新赋值结果的第九事件。Step 23F: If the variable passed in by the eighth event is reassigned, check whether there is a ninth event in the Solidity code for recording the reassignment result of the eighth event.

在实际应用中,事件通常是在完成某项操作之后被调用,例如是用来记录交易、赋值或授权等信息。基于此,通过检测第九事件,也就是用于记录被重新赋值的变量的事件,可以判断出事件是否在对应操作被执行之后再次调用。In actual applications, events are usually called after a certain operation is completed, for example, to record transaction, assignment or authorization information. Based on this, by detecting the ninth event, that is, the event used to record the reassigned variable, it can be determined whether the event is called again after the corresponding operation is executed.

步骤24F:若Solidity代码中不存在第九事件,则确定事件问题状态为Solidity代码中存在调用位置错误的事件。Step 24F: If the ninth event does not exist in the Solidity code, it is determined that the event problem state is an event with a call location error in the Solidity code.

若不存在第九事件,则可以说明第八事件在被调用后,虽然被重新赋值但未被再次调用,也就是其调用位置错误。If the ninth event does not exist, it means that after the eighth event is called, it is reassigned but not called again, that is, its calling position is wrong.

基于上述步骤21F-步骤24F,在本公开实施例中,基于事件问题状态输出的提醒信息,具体可以包括:用于指示Solidity代码中存在调用位置错误的警告信息。如此,通过检测事件的调用位置错误并警告的方式,可以及时告知开发人员,从而有助于尽可能地降低合约漏洞的风险。Based on the above steps 21F to 24F, in the disclosed embodiment, the reminder information output based on the event problem status may specifically include: warning information indicating that there is a call location error in the Solidity code. In this way, by detecting the call location error of the event and issuing a warning, the developer can be informed in a timely manner, thereby helping to minimize the risk of contract vulnerabilities.

采用本公开实施例提供的一种用于智能合约事件日志的检测方法,获取采用Solidity语言编译的目标合约之后,可以对目标合约的Solidity代码进行分析,确定Solidity代码的事件问题状态。其中,事件问题状态可以包括Solidity代码中存在需要优化变量的事件、Solidity代码的事件使用频率大于使用频率阈值、Solidity代码中存在参数信息错误的事件、Solidity代码中存在冗余事件、Solidity代码中存在已使用的调试事件,以及Solidity代码中存在调用位置错误的事件中的至少一种。而后,可以基于事件问题状态,输出提醒信息。如此一来,即可从上述六种事件问题状态的角度对Solidity代码进行分析,以对Solidity代码中的事件进行检测,及时发现其中存在的问题,并通过输出提醒消息的方式及时告知开发人员,从而尽可能地避免数据资源的浪费,降低合约账户的财产损失风险。A detection method for smart contract event log provided by an embodiment of the present disclosure is adopted. After obtaining the target contract compiled by the Solidity language, the Solidity code of the target contract can be analyzed to determine the event problem status of the Solidity code. Among them, the event problem status may include events in the Solidity code that require variable optimization, events in the Solidity code that use frequency is greater than the use frequency threshold, events in the Solidity code that have parameter information errors, redundant events in the Solidity code, debug events that have been used in the Solidity code, and at least one of events in which there is a call location error in the Solidity code. Then, a reminder message can be output based on the event problem status. In this way, the Solidity code can be analyzed from the perspective of the above six event problem states to detect events in the Solidity code, promptly discover problems therein, and promptly inform the developer by outputting a reminder message, thereby avoiding the waste of data resources as much as possible and reducing the risk of property loss of the contract account.

结合图8所示,本公开实施例提供一种用于智能合约事件日志的检测装置300,包括处理器(processor)304和存储器(memory)301。可选地,该装置还可以包括通信接口(Communication Interface)302和总线303。其中,处理器304、通信接口302、存储器301可以通过总线303完成相互间的通信。通信接口302可以用于信息传输。处理器304可以调用存储器301中的逻辑指令,以执行上述实施例的用于智能合约事件日志的检测方法。As shown in FIG8 , the embodiment of the present disclosure provides a detection device 300 for a smart contract event log, including a processor 304 and a memory 301. Optionally, the device may also include a communication interface 302 and a bus 303. The processor 304, the communication interface 302, and the memory 301 may communicate with each other through the bus 303. The communication interface 302 may be used for information transmission. The processor 304 may call the logic instructions in the memory 301 to execute the detection method for the smart contract event log of the above embodiment.

此外,上述的存储器301中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。In addition, the logic instructions in the memory 301 described above can be implemented in the form of software functional units and can be stored in a computer-readable storage medium when sold or used as an independent product.

存储器301作为一种计算机可读存储介质,可用于存储软件程序、计算机可执行程序,如本公开实施例中的方法对应的程序指令/模块。处理器304通过运行存储在存储器301中的程序指令/模块,从而执行功能应用以及数据处理,即实现上述实施例中用于智能合约事件日志的检测方法。The memory 301 is a computer-readable storage medium that can be used to store software programs and computer executable programs, such as program instructions/modules corresponding to the method in the embodiment of the present disclosure. The processor 304 executes the functional application and data processing by running the program instructions/modules stored in the memory 301, that is, the detection method for the smart contract event log in the above embodiment is implemented.

存储器301可包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序;存储数据区可存储根据终端设备的使用所创建的数据等。此外,存储器301可以包括高速随机存取存储器,还可以包括非易失性存储器。The memory 301 may include a program storage area and a data storage area, wherein the program storage area may store an operating system and an application required for at least one function; the data storage area may store data created according to the use of the terminal device, etc. In addition, the memory 301 may include a high-speed random access memory and may also include a non-volatile memory.

本公开实施例提供了一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行上述用于智能合约事件日志的检测方法。An embodiment of the present disclosure provides a computer-readable storage medium storing computer-executable instructions, wherein the computer-executable instructions are configured to execute the above-mentioned detection method for smart contract event logs.

上述的计算机可读存储介质可以是暂态计算机可读存储介质,也可以是非暂态计算机可读存储介质。The computer-readable storage medium mentioned above may be a transient computer-readable storage medium or a non-transitory computer-readable storage medium.

本公开实施例的技术方案可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括一个或多个指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本公开实施例所述方法的全部或部分步骤。而前述的存储介质可以是非暂态存储介质,包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等多种可以存储程序代码的介质,也可以是暂态存储介质。The technical solution of the embodiment of the present disclosure can be embodied in the form of a software product, which is stored in a storage medium and includes one or more instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the method described in the embodiment of the present disclosure. The aforementioned storage medium may be a non-transient storage medium, including: a USB flash drive, a mobile hard disk, a read-only memory (ROM, Read-Only Memory), a random access memory (RAM, Random Access Memory), a disk or an optical disk, and other media that can store program codes, or a transient storage medium.

以上描述和附图充分地示出了本公开的实施例,以使本领域的技术人员能够实践它们。其他实施例可以包括结构的、逻辑的、电气的、过程的以及其他的改变。实施例仅代表可能的变化。除非明确要求,否则单独的部件和功能是可选的,并且操作的顺序可以变化。一些实施例的部分和特征可以被包括在或替换其他实施例的部分和特征。而且,本申请中使用的用词仅用于描述实施例并且不用于限制权利要求。如在实施例以及权利要求的描述中使用的,除非上下文清楚地表明,否则单数形式的“一个”(a)、“一个”(an)和“所述”(the)旨在同样包括复数形式。类似地,如在本申请中所使用的术语“和/或”是指包含一个或一个以上相关联的列出的任何以及所有可能的组合。另外,当用于本申请中时,术语“包括”(comprise)及其变型“包括”(comprises)和/或包括(comprising)等指陈述的特征、整体、步骤、操作、元素,和/或组件的存在,但不排除一个或一个以上其他特征、整体、步骤、操作、元素、组件和/或这些的分组的存在或添加。在没有更多限制的情况下,由语句“包括一个…”限定的要素,并不排除在包括所述要素的过程、方法或者设备中还存在另外的相同要素。本文中,每个实施例重点说明的可以是与其他实施例的不同之处,各个实施例之间相同相似部分可以互相参见。对于实施例公开的方法、产品等而言,如果其与实施例公开的方法部分相对应,那么相关之处可以参见方法部分的描述。The above description and the accompanying drawings fully illustrate the embodiments of the present disclosure so that those skilled in the art can practice them. Other embodiments may include structural, logical, electrical, process and other changes. The embodiments represent only possible changes. Unless explicitly required, individual components and functions are optional, and the order of operations may vary. Parts and features of some embodiments may be included in or replace parts and features of other embodiments. Moreover, the words used in this application are only used to describe the embodiments and are not used to limit the claims. As used in the description of the embodiments and the claims, unless the context clearly indicates otherwise, the singular forms "a", "an" and "the" are intended to include plural forms as well. Similarly, the term "and/or" as used in this application refers to any and all possible combinations of one or more associated listings. In addition, when used in this application, the term "comprise" and its variants "comprises" and/or including (comprising) refer to the presence of stated features, wholes, steps, operations, elements, and/or components, but do not exclude the presence or addition of one or more other features, wholes, steps, operations, elements, components and/or these groups. In the absence of further restrictions, the elements defined by the sentence "comprising a ..." do not exclude the existence of other identical elements in the process, method or device comprising the elements. In this article, each embodiment may focus on the differences from other embodiments, and the same or similar parts between the embodiments may refer to each other. For the methods, products, etc. disclosed in the embodiments, if they correspond to the method part disclosed in the embodiments, then the relevant parts can refer to the description of the method part.

本领域技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件,或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,可以取决于技术方案的特定应用和设计约束条件。所述技术人员可以对每个特定的应用来使用不同方法以实现所描述的功能,但是这种实现不应认为超出本公开实施例的范围。所述技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art will appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software may depend on the specific application and design constraints of the technical solution. The technicians may use different methods to implement the described functions for each specific application, but such implementations should not be considered to exceed the scope of the embodiments of the present disclosure. The technicians may clearly understand that, for the convenience and simplicity of description, the specific working processes of the systems, devices and units described above can refer to the corresponding processes in the aforementioned method embodiments, and will not be repeated here.

本文所披露的实施例中,所揭露的方法、产品(包括但不限于装置、设备等),可以通过其他的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,可以仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另外,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其他的形式。所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例。另外,在本公开实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In the embodiments disclosed herein, the disclosed methods and products (including but not limited to devices, equipment, etc.) can be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the units can be only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. In addition, the coupling or direct coupling or communication connection between each other shown or discussed can be through some interfaces, indirect coupling or communication connection of devices or units, which can be electrical, mechanical or other forms. The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to implement this embodiment. In addition, each functional unit in the embodiment of the present disclosure may be integrated in a processing unit, or each unit may exist physically separately, or two or more units may be integrated in one unit.

附图中的流程图和框图显示了根据本公开实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段或代码的一部分,所述模块、程序段或代码的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。在有些作为替换的实现中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个连续的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这可以依所涉及的功能而定。在附图中的流程图和框图所对应的描述中,不同的方框所对应的操作或步骤也可以以不同于描述中所披露的顺序发生,有时不同的操作或步骤之间不存在特定的顺序。例如,两个连续的操作或步骤实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这可以依所涉及的功能而定。框图和/或流程图中的每个方框,以及框图和/或流程图中的方框的组合,可以用执行规定的功能或动作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。The flowcharts and block diagrams in the accompanying drawings show the possible architecture, functions and operations of the system, method and computer program product according to the embodiments of the present disclosure. In this regard, each box in the flowchart or block diagram can represent a module, a program segment or a part of a code, and the module, program segment or a part of the code contains one or more executable instructions for implementing the specified logical function. In some alternative implementations, the functions marked in the box can also occur in an order different from that marked in the accompanying drawings. For example, two consecutive boxes can actually be executed substantially in parallel, and they can sometimes be executed in the opposite order, which can depend on the functions involved. In the descriptions corresponding to the flowcharts and block diagrams in the accompanying drawings, the operations or steps corresponding to different boxes can also occur in an order different from that disclosed in the description, and sometimes there is no specific order between different operations or steps. For example, two consecutive operations or steps can actually be executed substantially in parallel, and they can sometimes be executed in the opposite order, which can depend on the functions involved. Each box in the block diagram and/or flowchart, and the combination of boxes in the block diagram and/or flowchart, can be implemented with a dedicated hardware-based system that performs a specified function or action, or can be implemented with a combination of dedicated hardware and computer instructions.

Claims (9)

1. A method for detecting an intelligent contract event log, comprising:
Acquiring a target contract; compiling the target contract by adopting Solidity language;
analyzing Solidity codes of the target contracts and determining event problem states of the Solidity codes; the event problem state comprises at least one of an event in the Solidity code that requires an optimization variable, an event in the Solidity code that uses more frequently than a frequency of use threshold, an event in the Solidity code that has parameter information errors, a redundant event in the Solidity code, a used debug event in the Solidity code, and an event in the Solidity code that has call position errors;
outputting reminding information based on the event problem state;
Wherein the analyzing Solidity codes of the target contracts to determine event issue status of the Solidity codes comprises:
performing word segmentation on the Solidity codes to obtain word segmentation codes;
part of speech tagging is carried out on the word segmentation codes, and word segmentation tagging results are obtained;
Determining a first event from the Solidity codes based on the word segmentation annotation result; the parameters when the first event is invoked include a state variable; the state variables are stored in a storage type;
if the first function where the first event is located includes a local variable and the values of the state variable and the local variable are the same, determining that the event problem state is that an event requiring an optimized variable exists in the Solidity codes; the local variables are stored in a memory type.
2. The method of claim 1, wherein the analyzing Solidity codes of the target contracts to determine event issue status of the Solidity codes further comprises:
preprocessing the Solidity codes to obtain preprocessed codes; the preprocessing is used to remove inactive portions in the Solidity code, including notes and/or empty rows in the Solidity code;
word frequency analysis is carried out on the preprocessing codes, so that event use frequency in the preprocessing codes is obtained;
And if the event using frequency is larger than the using frequency threshold value, determining that the event problem state is that the event using frequency of Solidity codes is larger than the using frequency threshold value.
3. The method of claim 1, wherein the analyzing Solidity codes of the target contracts to determine event issue status of the Solidity codes further comprises:
performing static code analysis on the Solidity codes to obtain an abstract syntax tree of the target contract;
Determining a second event with the parameter number larger than or equal to a number threshold according to the function statement in the abstract syntax tree, and acquiring parameter information transmitted by the second event;
Determining Solidity a second function in the code that is the same as the number of parameters when the second event is invoked based on the abstract syntax tree;
And if the parameter information of any parameter when the second event is called is different from the parameter information of the second function, and the parameter information of other parameters except for any parameter is the same as the parameter information of the second function, determining that the event problem state is the event with parameter information errors in the Solidity codes.
4. The method of claim 1, wherein the analyzing Solidity codes of the target contracts to determine event issue status of the Solidity codes further comprises:
For a third event called in Solidity codes, determining a fourth event containing all parameters of the third event from called events except the third event included in the Solidity codes;
And when the parameter value of the third event is the same as the corresponding parameter value in the fourth event, determining that the event problem state is that a redundant event exists in the Solidity codes.
5. The method of claim 1, wherein the analyzing Solidity codes of the target contracts to determine event issue status of the Solidity codes further comprises:
analyzing the Solidity code to determine if at least one of a fifth event, a sixth event, and a seventh event is present in the Solidity code; the fifth event is an empty event; the sixth event is an event which is called at a different position and records the same variable; the seventh event is an event comprising a character string parameter, and the character string parameter comprises a preset keyword;
If at least one of a fifth event, a sixth event, and a seventh event exists in the Solidity code, determining that the event issue state is that the used debug event exists in the Solidity code.
6. The method of claim 1, wherein the analyzing Solidity codes of the target contracts to determine event issue status of the Solidity codes further comprises:
Acquiring an execution path and an operation code of the Solidity code in the running process of the Solidity code;
After the eighth event in Solidity codes is called, detecting whether variables transmitted by the eighth event are reassigned or not through the execution path and the operation code;
If the variable transmitted by the eighth event is reassigned, detecting whether a ninth event for recording reassignment results of the eighth event exists in the Solidity codes;
And if the ninth event does not exist in the Solidity codes, determining that the event problem state is the event with the calling position error in the Solidity codes.
7. The method according to claim 1, wherein after outputting the alert information based on the event question status, the method further comprises:
and replacing the state variable stored in the storage type in the first event with the local variable stored in the memory type.
8. A detection apparatus for a smart contract event log, comprising a processor and a memory storing program instructions, wherein the processor is configured, when executing the program instructions, to perform the detection method for a smart contract event log as claimed in any one of claims 1 to 7.
9. A storage medium storing program instructions which, when executed, perform the method for detecting a smart contract event log according to any one of claims 1 to 7.
CN202410138372.4A 2024-02-01 2024-02-01 A detection method, device and storage medium for smart contract event log Active CN117688564B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410138372.4A CN117688564B (en) 2024-02-01 2024-02-01 A detection method, device and storage medium for smart contract event log

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410138372.4A CN117688564B (en) 2024-02-01 2024-02-01 A detection method, device and storage medium for smart contract event log

Publications (2)

Publication Number Publication Date
CN117688564A CN117688564A (en) 2024-03-12
CN117688564B true CN117688564B (en) 2024-05-03

Family

ID=90135646

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410138372.4A Active CN117688564B (en) 2024-02-01 2024-02-01 A detection method, device and storage medium for smart contract event log

Country Status (1)

Country Link
CN (1) CN117688564B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102012991A (en) * 2010-11-09 2011-04-13 北京神舟航天软件技术有限公司 Static analysis-based checking method of safety rules of C language
CN102831004A (en) * 2012-07-13 2012-12-19 天津国芯科技有限公司 Method for optimizing compiling based on C*core processor and compiler
CN109684838A (en) * 2018-11-23 2019-04-26 电子科技大学 A kind of static code auditing system and method for ether mill intelligence contract
CN110096338A (en) * 2019-05-10 2019-08-06 百度在线网络技术(北京)有限公司 Intelligent contract executes method, apparatus, equipment and medium
KR20200094618A (en) * 2019-01-30 2020-08-07 주식회사 린아레나 Method for auditing source code using smart contract similarity analysis and apparatus thereof
CN115022026A (en) * 2022-05-31 2022-09-06 电子科技大学 Block chain intelligent contract threat detection device and method
CN115794103A (en) * 2022-10-25 2023-03-14 网易(杭州)网络有限公司 Variable compiling method and device, electronic equipment and readable storage medium
CN116028495A (en) * 2022-12-28 2023-04-28 山石网科通信技术股份有限公司 Smart contract detection method and device
CN116166747A (en) * 2023-01-10 2023-05-26 杭州溪塔科技有限公司 Block chain intelligent contract data processing method and device
CN116185805A (en) * 2021-11-26 2023-05-30 北京有竹居网络技术有限公司 Code detection method, device, equipment and storage medium
CN116841906A (en) * 2023-07-26 2023-10-03 山石网科通信技术股份有限公司 Intelligent contract detection method and device and electronic equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9612937B2 (en) * 2012-09-05 2017-04-04 Microsoft Technology Licensing, Llc Determining relevant events in source code analysis

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102012991A (en) * 2010-11-09 2011-04-13 北京神舟航天软件技术有限公司 Static analysis-based checking method of safety rules of C language
CN102831004A (en) * 2012-07-13 2012-12-19 天津国芯科技有限公司 Method for optimizing compiling based on C*core processor and compiler
CN109684838A (en) * 2018-11-23 2019-04-26 电子科技大学 A kind of static code auditing system and method for ether mill intelligence contract
KR20200094618A (en) * 2019-01-30 2020-08-07 주식회사 린아레나 Method for auditing source code using smart contract similarity analysis and apparatus thereof
CN110096338A (en) * 2019-05-10 2019-08-06 百度在线网络技术(北京)有限公司 Intelligent contract executes method, apparatus, equipment and medium
CN116185805A (en) * 2021-11-26 2023-05-30 北京有竹居网络技术有限公司 Code detection method, device, equipment and storage medium
CN115022026A (en) * 2022-05-31 2022-09-06 电子科技大学 Block chain intelligent contract threat detection device and method
CN115794103A (en) * 2022-10-25 2023-03-14 网易(杭州)网络有限公司 Variable compiling method and device, electronic equipment and readable storage medium
CN116028495A (en) * 2022-12-28 2023-04-28 山石网科通信技术股份有限公司 Smart contract detection method and device
CN116166747A (en) * 2023-01-10 2023-05-26 杭州溪塔科技有限公司 Block chain intelligent contract data processing method and device
CN116841906A (en) * 2023-07-26 2023-10-03 山石网科通信技术股份有限公司 Intelligent contract detection method and device and electronic equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
郑忠斌 ; 王朝栋 ; 蔡佳浩 ; .智能合约的安全研究现状与检测方法分析综述.信息安全与通信保密.2020,(第07期),全文. *

Also Published As

Publication number Publication date
CN117688564A (en) 2024-03-12

Similar Documents

Publication Publication Date Title
CN110716866A (en) Code quality scanning method and device, computer equipment and storage medium
CN111240772A (en) Data processing method and device based on block chain and storage medium
CN112148343A (en) Rule issuing method and device and terminal equipment
CN116108453A (en) Logical vulnerability detection method, device, equipment and storage medium
Mateos et al. Detecting WSDL bad practices in code–first Web Services
CN103109293A (en) A user behavior processing system and method
CN115756490A (en) Method, device, equipment, storage medium and product for improving android compiling efficiency
CN113721916B (en) Compilation method, device, device and readable storage medium of an operating system
CN112419057A (en) Method, device, equipment and storage medium for generating and storing logs of intelligent contracts
CN106681852A (en) Method and device for adjusting browser compatibility
CN113721928A (en) Binary analysis-based dynamic library clipping method
CN113419738A (en) Interface document generation method and device and interface management equipment
CN113672512A (en) Code inspection rule generating method, code inspection method, device and medium
CN111427578B (en) Data conversion method, device and equipment
CN116841906A (en) Intelligent contract detection method and device and electronic equipment
US11868465B2 (en) Binary image stack cookie protection
CN117688564B (en) A detection method, device and storage medium for smart contract event log
CN111381989A (en) Microservice link generation method, microservice link generation device, server and storage medium
CN115033489A (en) Code resource detection method and device, electronic equipment and storage medium
CN106407104A (en) Method and system used for detecting defects related to memory space release
CN113467815A (en) Application repair method and device for hot update, terminal equipment and storage medium
CN113742116A (en) Abnormity positioning method, abnormity positioning device, abnormity positioning equipment and storage medium
US8819645B2 (en) Application analysis device
CN118445198A (en) A method, device, terminal device and storage medium for determining air space
CN117539761A (en) Test case supplementing method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant