信息网络安全 ›› 2022, Vol. 22 ›› Issue (8): 1-7.doi: 10.3969/j.issn.1671-1122.2022.08.001

• 等级保护 • 上一篇    下一篇

基于局部图匹配的智能合约重入漏洞检测方法

张玉健1,2(), 刘代富1, 童飞1,2   

  1. 1.东南大学网络空间安全学院,南京 211189
    2.江苏省泛在网络安全工程研究中心,南京 211189
  • 收稿日期:2022-04-11 出版日期:2022-08-10 发布日期:2022-09-15
  • 通讯作者: 张玉健 E-mail:yjzhang@seu.edu.cn
  • 作者简介:张玉健(1984—),男,江苏,讲师,博士,主要研究方向为区块链和系统安全。|刘代富(1996—),男,四川,硕士研究生,主要研究方向为区块链和漏洞检测|童飞(1987—),男,安徽,副教授,博士,主要研究方向为物联网及安全
  • 基金资助:
    国家自然科学基金(61971131);江苏省自然科学基金(BK20190346)

Reentrancy Vulnerability Detection in Smart Contracts Based on Local Graph Matching

ZHANG Yujian1,2(), LIU Daifu1, TONG Fei1,2   

  1. 1. School of Cyber Science and Engineering, Southeast University, Nanjing 211189, China
    2. Jiangsu Province Engineering Research Center of Security for Ubiquitous Network, Nanjing 211189, China
  • Received:2022-04-11 Online:2022-08-10 Published:2022-09-15
  • Contact: ZHANG Yujian E-mail:yjzhang@seu.edu.cn

摘要:

针对以太坊中智能合约遭受重入漏洞攻击的问题,文章提出一种基于局部图匹配的智能合约重入漏洞检测方法。该方法首先将智能合约源代码转化为包含基本结构信息的抽象语法树,并根据重入漏洞的特点裁剪抽象语法树;然后从抽象语法树中提取更加丰富的控制流和数据流,进而生成包含语法和语义信息的局部抽象语义图数据。文章利用图匹配神经网络对局部抽象语义图进行模型训练和测试,使用开源智能合约漏洞样本数据集生成测试数据并对方案进行评估。实验结果表明,该方法能够有效检测智能合约中的重入漏洞。

关键词: 智能合约, 图匹配神经网络, 重入漏洞, 抽象语义图

Abstract:

Aiming at the reentrancy vulnerability detection in smart contracts, this paper presents a code vulnerability detection method based on graph matching neural network, which realizes a function-level code vulnerability detection. Firstly, the smart contract source code is compiled into abstract syntax tree(AST), which is pruned according to the characteristics of reentrance vulnerabilities. Then, the control flow graph and data flow graph containing richer structural information are extracted from the abstract syntax tree, and then the local abstract semantic graph(ASG) data containing syntax and semantic information is generated. Furthermore, the graph matching neural network is used to train and test the local graph. Finally, an open-source vulnerability sample data set is used to evaluate the proposed method. Experimental results show that the proposed method effectively improves the ability of detecting reentrancy vulnerability.

Key words: smart contract, graph matching neural network, reentrancy vulnerability, abstract semantic graph

中图分类号: