一种支持内嵌数据处理的合约漏洞修复方案

doi:10.19665/j.issn1001-2400.20230208

西安电子科技大学学报 ›› 2024, Vol. 51 ›› Issue (1): 178-186.doi: 10.19665/j.issn1001-2400.20230208

一种支持内嵌数据处理的合约漏洞修复方案

彭泳翔¹(), 刘志全¹^,²(), 王立波¹(), 吴永东¹(), 马建峰¹^,³(), 陈宁²()

1.暨南大学信息科学技术学院,广东广州 510632
2.广东省网络与信息安全漏洞研究重点实验室,广东广州 510643
3.西安电子科技大学网络与信息安全学院,陕西西安 710071

收稿日期:2022-11-02 出版日期:2024-01-20 发布日期:2023-10-16
通讯作者: 刘志全(1989—),男,副研究员,E-mail:zqliu@vip.qq.com
作者简介:彭泳翔(1998—),男,暨南大学硕士研究生,E-mail:greapi@foxmail.com;
王立波(1988—),男,讲师,E-mail:wanglibo12b@mails.ucas.edu.cn;
吴永东(1970—),男,教授,E-mail:wuyd007@vip.qq.com;
马建峰(1963—),男,教授,E-mail:jfma@mail.xidian.edu.cn;
陈宁(1984—),女,工程师,E-mail:chenn@gditsec.org.cn
基金资助:
国家自然科学基金(62032025);国家自然科学基金(61932011);国家自然科学基金(62272195);广东省网络与信息安全漏洞研究重点实验室项目(2020B1212060081);广东省重点研发计划(2020B0101090002);广东省基础与应用基础研究基金(2022A1515010299);广东省基础与应用基础研究基金(2020A1515110364);广州市科技计划项目(202201010421);中央高校基本科研业务费专项资金(21622402)

Contract vulnerability repair scheme supporting inline data processing

PENG Yongxiang¹(), LIU Zhiquan¹^,²(), WANG Libo¹(), WU Yongdong¹(), MA Jianfeng¹^,³(), CHEN Ning²()

1. College of Information Science and Technology,Jinan University,Guangzhou 510632,China
2. Guangdong Provincial Key Laboratory of Cyber and Information Security Vulnerability Research,Guangzhou 510643,China
3. School of Cyber Engineering,XidianUniversity,Xi’an 710071,China

Received:2022-11-02 Online:2024-01-20 Published:2023-10-16

摘要/Abstract

摘要：

智能合约是一段部署在区块链上的程序,为分布式交易提供了可能。然而,由于智能合约携带的金融属性及部署后不可改变的特性,使其成为黑客攻击的目标。因此,为保证合约的安全性,需对漏洞合约进行修复。然而,现有合约漏洞修复方案存在修复成功率低、无法处理复杂合约等问题,为此提出一种支持内嵌数据处理的合约漏洞修复方案。该方案首先研究并形式化以太坊虚拟机动态装载机制,并基于内存拷贝指令构建内嵌数据定位算法,解析并反编译智能合约字节码结构;接着基于蹦床机制对智能合约字节码进行重写,并修正因重写而产生的内嵌数据地址偏移;最终实现智能合约的漏洞修复。基于所提方案实现原型工具SCRepair,部署于本地测试网络Ganache以对其进行性能测试,并与现有漏洞修复工具EVMPatch和Smartshield进行比较。实验结果表明,相比于EVMPatch,SCRepair的合约字节码重写成功率提升了约26.9%,并有着更好的执行重写稳定性,受编译器版本的较影响小;相比于Smartshield,SCRepair能够更好地处理复杂合约。

关键词: 区块链, 智能合约, 字节码重写, 反编译, 蹦床

Abstract:

Smart contracts are programs deployed on the blockchain that enable distributed transactions.However,due to the financial attributes and immutable characteristics of smart contracts,they become targets of hacker attacks.Therefore,to ensure the security of contracts,it is necessary to repair vulnerable contracts.However,existing contract vulnerability repair schemes have problems such as low repair success rate and inability to handle complex contracts.To this end,a contract vulnerability repair scheme supporting inline data processing is proposed in this paper.The proposed scheme first studies and formalizes the dynamic loading mechanism of the Ethereum virtual machine,and constructs an inline data location algorithm based on memory copy instructions to parse and decompile the smart contract bytecode structure;then the smart contract bytecode is rewritten based on the trampoline mechanism,and the inline data address offset caused by rewriting is corrected,and finally the smart contract vulnerability repair is implemented.A prototype tool named SCRepair is implemented based on the proposed scheme,which is deployed on the local test network Ganache for performance testing,and compared with existing vulnerability repair tools EVMPatch and Smartshield.Experimental results show that the SCRepair improves the bytecode rewrite success rate by 26.9% when compared with the EVMPatch.Besides,the SCRepair has a better rewrite execution stability,and is less affected by the compiler version;the SCRepair can handle complex contracts better when compared with the Smartshield.

Key words: blockchain, smart contract, bytecode rewriting, decompilation, trampoline

中图分类号:

TP309

彭泳翔, 刘志全, 王立波, 吴永东, 马建峰, 陈宁. 一种支持内嵌数据处理的合约漏洞修复方案[J]. 西安电子科技大学学报, 2024, 51(1): 178-186.

PENG Yongxiang, LIU Zhiquan, WANG Libo, WU Yongdong, MA Jianfeng, CHEN Ning. Contract vulnerability repair scheme supporting inline data processing[J]. Journal of Xidian University, 2024, 51(1): 178-186.

图/表 1

参考文献 14

[1]	王慧, 王励成, 柏雪, 等. 区块链隐私保护和扩容关键技术研究[J]. 西安电子科技大学学报, 2020, 47(5):28-39.
	WANG Hui, WANG Licheng, BAI Xue, et al. Research on Key Technology of Blockchain Privacy Protection and Scalability[J]. Journal of Xidian University, 2020, 47(5):28-39.
[2]	LUU L, CHU D H, OLICKEL H, el al. Making Smart Contracts Smarter[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2016:254-269.
[3]	LIU C, LIU H, CAO Z, et al. ReGuard:Finding Reentrancy Bugs in Smart Contracts[C]//2018 IEEE/ACM 40th International Conference on Software Engineering:Companion(ICSE-Companion). Piscataway: IEEE, 2018:65-68.
[4]	TSANKOV P, DAN A, DRACHSLER-COHEN D, et al. Securify:Practical Security Analysis of Smart Contracts[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2018:67-82.
[5]	AZZOPARDI S, ELLUL J, PACE G J. Monitoring Smart Contracts:Contractlarva and Open Challenges Beyond[C]//International Conference on Runtime Verification. Heidelberg:Springer, 2018:113-137.
[6]	MA F, FU Y, REN M, et al. EVM*:From Offline Detection to Online Reinforcement for Ethereum Virtual Machine[C]// 2019 IEEE 26th International Conference on Software Analysis,Evolution and Reengineering(SANER). Piscataway: IEEE, 2019:554-558.
[7]	WANG X, HE J, XIE Z, et al. ContractGuard:Defend Ethereum Smart Contracts with Embedded Intrusion Detection[J]. IEEE Transactions on Services Computing, 2019, 13(2):314-328.
[8]	AYOADE G, BAUMAN E, KHAN L, et al. Smart Contract Defense through Bytecode Rewriting[C]//2019 IEEE International Conference on Blockchain(Blockchain). Piscataway: IEEE, 2019:384-389.
[9]	ZHANG Y, MA S, LI J, et al. Smartshield:Automatic Smart Contract Protection Made Easy[C]// 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering(SANER). Piscataway: IEEE, 2020:23-34.
[10]	RODLER M, LI W, KARAME G O, et al. EVMPatch:Timely and Automated Patching of Ethereum Smart Contracts[C]//30th USENIX Security Symposium(USENIX Security 21). Berkely: USENIX, 2021:1289-1306.
[11]	WENZL M, MERZDOVNIK G, ULLRICH J, et al. From Hack to Elaborate Technique-A Survey on Binary Rewriting[J]. ACM Computing Surveys(CSUR), 2019, 52(3):1-37.
[12]	DUCK G J, GAO X, ROYCHOUDHURY A. Binary Rewriting without Control Flow Recovery[C]//Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation. New York: ACM, 2020:151-163.
[13]	CHEN T, LI Z, ZHANG Y, et al. A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts[C]//2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement(ESEM). Piscataway: IEEE, 2019:1-11.
[14]	FRANK J, ASCHENMANN C, HOLZE T. ETHBMC:A Bounded Model Checker for Smart Contracts[C]//29th USENIX Security Symposium(USENIX Security 20). Berkely: USENIX, 2020:2757-2774.

[1]	郭庆, 田有亮. 支持受控共享的医疗数据隐私保护方案[J]. 西安电子科技大学学报, 2024, 51(1): 165-176.
[2]	周浩,马建峰,刘志全,王立波,吴永东,范文杰. 车联网中区块链辅助的紧急消息信任评估方案[J]. 西安电子科技大学学报, 2023, 50(4): 148-156.
[3]	刘远振, 杨颜博, 张嘉伟, 李宝山, 马建峰. 一种抗分布式机器学习恶意节点的区块链方案[J]. 西安电子科技大学学报, 2023, 50(2): 178-187.
[4]	任艳丽,翟梦娟,胡明琪. 支持恶意惩罚的公平可编辑区块链方案[J]. 西安电子科技大学学报, 2023, 50(1): 203-212.
[5]	何雨,田有亮,万良,杨力. 支持结果验证的多服务器动态可搜索加密方案[J]. 西安电子科技大学学报, 2022, 49(5): 189-200.
[6]	张海波,卞霞,徐勇军,向晟町,贺晓帆. 区块链辅助的VANET中车辆声誉管理方法[J]. 西安电子科技大学学报, 2022, 49(4): 49-59.
[7]	曾辉祥,习宁,谢晴晴,吕静,崔志浩,马建峰. 抗属性篡改的去中心化密文数据安全共享[J]. 西安电子科技大学学报, 2022, 49(2): 135-145.
[8]	潘森杉,徐腊梅. DorChain:利用休眠币提高交易验证效率[J]. 西安电子科技大学学报, 2022, 49(2): 182-189.
[9]	李雪莲,张夏川,高军涛,向登梅. 支持属性和代理重加密的区块链数据共享方案[J]. 西安电子科技大学学报, 2022, 49(1): 1-16.
[10]	杜瑞忠,王一,田俊峰. 一种支持动态可验证的密文检索方案[J]. 西安电子科技大学学报, 2022, 49(1): 35-46.
[11]	杨颜博,张嘉伟,马建峰. 一种使用区块链保护车联网数据隐私的方法[J]. 西安电子科技大学学报, 2021, 48(3): 21-30.
[12]	李金泽,王中豪,李孟恒,覃团发. 一种划分小区域的区块链频谱共享管理方法[J]. 西安电子科技大学学报, 2020, 47(6): 122-130.
[13]	司成祥,高峰,祝烈煌,巩国鹏,张璨,陈卓,李锐光. 一种支持动态标签的区块链数据隐蔽传输机制[J]. 西安电子科技大学学报, 2020, 47(5): 94-102.
[14]	陈思吉,翟社平,汪一景. 一种基于环签名的区块链隐私保护算法[J]. 西安电子科技大学学报, 2020, 47(5): 86-93.
[15]	谢奕希,吉立新. 一种区块链驱动的生物启发式威胁检测方法[J]. 西安电子科技大学学报, 2020, 47(5): 70-76.

一种支持内嵌数据处理的合约漏洞修复方案

Contract vulnerability repair scheme supporting inline data processing

RichHTML

PDF (PC)

赞

可视化

摘要/Abstract

引用本文

使用本文

图/表 1

参考文献 14

相关文章 15

Metrics

本文评价

推荐阅读 0