智能合约安全综述

doi:10.11959/j.issn.2096-109x.2020030

网络与信息安全学报 ›› 2020, Vol. 6 ›› Issue (3): 1-13.doi: 10.11959/j.issn.2096-109x.2020030

• 综述 • 下一篇

智能合约安全综述

孟博(),刘加兵,刘琴,王潇潇,郑旭睿,王德军

中南民族大学计算机科学学院，湖北武汉 430074

修回日期:2019-12-19 出版日期:2020-06-01 发布日期:2020-07-01
作者简介:孟博（1974- ），男，河北石家庄人，博士，中南民族大学教授，主要研究方向为区块链、安全协议和形式化方法|刘加兵（1994- ），男，湖北黄石人，中南民族大学硕士生，主要研究方向为区块链智能合约、协议分析|刘琴（1990- ），女，湖北黄冈人，中南民族大学硕士生，主要研究方向为智能合约代码与法律合约的一致性|王潇潇（1996- ），女，安徽宿州人，中南民族大学硕士生，主要研究方向为区块链共识机制|郑旭睿（1996- ），男，湖北武汉人，中南民族大学硕士生，主要研究方向为区块链自我主权认证|王德军（1974- ），男，湖北荆门人，博士，中南民族大学副教授，主要研究方向为安全协议和形式化方法
基金资助:
国家自然科学基金(61272497);湖北省自然科学基金(BZY18001);中央高校攻关计划专项基金(CZT20013)

Survey of smart contract security

Bo MENG(),Jiabing LIU,Qin LIU,Xiaoxiao WANG,Xurui ZHENG,Dejun WANG

School of Computer Science,South-Central University for Nationalities,Wuhan 430074,China

Revised:2019-12-19 Online:2020-06-01 Published:2020-07-01
Supported by:
The National Natural Science Foundation of China(61272497);The Natural Science Foundation of Hubei Province(BZY18001);The Key Research Funds for the Central Universities(CZT20013)

摘要/Abstract

摘要：

区块链为构建社会价值传递和信任机制提供了一种新的技术。区块链的快速发展促进了智能合约与人工智能、大数据、物联网等技术的深入融合，其安全性受到重点关注。近几年，区块链与智能合约安全研究取得了较大进展，基于区块链智能合约，对智能合约的运行机制、链上安全和链外安全的最新相关研究成果进行归类、分析、比较、总结和讨论，并展望了智能合约安全性的研究方向和趋势。

关键词: 区块链, 智能合约, 链上安全, 链外安全, 安全性分析

Abstract:

Blockchain provides a new technology for building transmission and trust mechanism of social ralue.The rapid development of blockchain has promoted the deep integration of smart contract with artificial Intelligence,big data and internet of things,so its security has attracted attention.In recent years,researches on security of blockchain and smart contract have made great progress.Thus,based on smart contract on the blockchain,the related works on security of operating mechanism,on-chain smart contract security and off-chain security were classified,analyzed,compared,summarized and discussed.The hot issues of smart contract security in the future were forecasted.

Key words: blockchain, smart contract, on-chain security, off-chain security, security analysis

中图分类号:

TP393

孟博,刘加兵,刘琴,王潇潇,郑旭睿,王德军. 智能合约安全综述[J]. 网络与信息安全学报, 2020, 6(3): 1-13.

Bo MENG,Jiabing LIU,Qin LIU,Xiaoxiao WANG,Xurui ZHENG,Dejun WANG. Survey of smart contract security[J]. Chinese Journal of Network and Information Security, 2020, 6(3): 1-13.

图/表 6

图1

表1

图2

图3

图4

图5

参考文献 55

[1]	WIKIPEDIA. Smart contract[EB].
[2]	SZABO N . Formalizing and securing relationships on public networks[J]. First Monday, 1997,2(9).
[3]	OUADDAH A , ABOU E A , AIT O A . Fair-access:a new blockchain-based access control framework for the Internet of things[J]. Security and Communication Networks, 2016,9(18): 5943-5964.
[4]	ZHENG Z , XIE S , DAI H ,et al. An overview of blockchain technology:architecture,consensus,and future trends[C]// 2017 IEEE International Congress on Big Data. 2017: 557-564.
[5]	LI X , JIANG P , CHEN T ,et al. A survey on the security of blockchain systems[J]. Future Generation Computer Systems, 2017,10(8): 274-287.
[6]	YLI-HUUMO J , KO D , CHOI S ,et al. Where is current research on blockchain technology —a systematic review[J]. PloS one, 2016,11(10).
[7]	ZHENG Z , XIE S , DAI H N ,et al. Blockchain challenges and opportunities:a survey[J]. International Journal of Web and Grid Services, 2018,14(4): 352-375.
[8]	DINH T A , WANG J , CHEN G ,et al. Blockbench:a framework for analyzing private blockchains[C]// The 2017 ACM International Conference on Management of Data. New York:ACM, 2017: 1085-1100.
[9]	BARTOLETTI M , POMPIANU L . An empirical analysis of smart contracts:platforms,applications,and design patterns[C]// International Conference on Financial Cryptography and Data Security. Berlin:Springer, 2017: 494-509.
[10]	ZHENG Z , XIE S , DAI H N ,et al. Blockchain challenges and opportunities:a survey[J]. International Journal of Web and Grid Services, 2018,14(4): 352-375.
[11]	WOOD G . Ethereum:a secure decentralised generalised transaction ledger[J]. Ethereum Project Yellow Paper, 2014,151: 1-32.
[12]	BOGNER A , CHANSON M , MEEUW A . A decentralised sharing app running a smart contract on the ethereum block-chain[C]// The 6th International Conference on the Internet of Things. New York:ACM, 2016: 177-178.
[13]	ANDROULAKI E , BARGER A , BORTNIKOV V ,et al. Hyperledger Fabric:a distributed operating system for permissioned block-chains[C]// The Thirteenth EuroSys Conference. New York:ACM, 2018:30.
[14]	CACHIN C , . Architecture of the hyperledger blockchain fabric[C]// Workshop on Distributed Cryptocurrencies and Consen-susLed- gers. 2016,310.
[15]	WANG S , YUAN Y , WANG X ,et al. An overview of smart contract:architecture,applications,and future trends[C]// 2018 IEEE Intelligent Vehicles Symposium (IV). 2018: 108-113.
[16]	LI J , TANG J , ZHANG J ,et al. Eos:expertise oriented search using social networks[C]// The 16th international conference on World Wide Web. 2007: 1271-1272.
[17]	KALRA S , GOEL S , DHAWAN M ,et al. Zeus:analyzing safety of smart contracts[C]// The 25th Annual Network and Distributed System Security Symposium. 2018: 18-21.
[18]	SáNCHEZ D C . Raziel:private and verifiable smart contracts on blockchains[J]. arXiv preprint,arXiv:1807.09484, 2018
[19]	DARGAYE Z , KIRCHNER F , TUCCI-PIERGIOVANNI S .et al Towards secure and trusted-by-design smart contracts[C]// The 29th Francophone Days of Application Languages. 2018: 7-18.
[20]	KOSBA A , MILLER A , SHI E ,et al. Hawk:the blockchain model of cryptography and privacy-preserving smart contracts[C]// 2016 IEEE symposium on security and privacy (SP). 2016: 839-858.
[21]	W?HRER M , ZDUN U . Smart contracts:security patterns in the Ethereum ecosystem and solidity[C]// 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE). 2018: 2-8.
[22]	付梦琳, 吴礼发, 洪征 ,等. 智能合约安全漏洞挖掘技术研究[J]. 计算机应用, 2019,39(7): 1959-1966.
	FU M L , WU L F , HONG Z ,et al. Research on smart contract security vulnerability mining technology[J]. Journal of Computer Applications, 2019,39(7): 1959-1966.
[23]	NATOLI C , GRAMOLI V . The blockchain anomaly[J]. arXiv preprint,arXiv:1605.05438, 2016
[24]	ATZEI N , BARTOLETTI M , CIMOLI T . A survey of attacks on Ethereum smart contracts (SOK)[C]// Principles of Security and Trust. 2017: 164-186.
[25]	TONELLI R , DESTEFANIS G , MARCHESI M ,et al. Smart contracts software metrics:a first study[J]. arXiv preprint,arXiv:1802.01517, 2018
[26]	GRISHCHENKO I , MAFFEI M , SCHNEIDEWIND C . A semantic framework for the security analysis of Ethereum smart contracts[C]// International Conference on Principles of Security and Trust. Berlin:Springer, 2018: 243-269
[27]	FRANTZ C K , NOWOSTAWSKI M . From institutions to code:towards automated generation of smart contracts[C]// 2016 IEEE 1st International Workshops on Foundations and Applications of SelfSystems (FASW). 2016: 210-215.
[28]	CLACK C D , BAKSHI V A , BRAINE L . Smart contract templates:foundations,design landscape and research directions[J]. arXivpre-print,arXiv:1608.00771, 2016
[29]	沈鑫, 裴庆祺, 刘雪峰 . 区块链技术综述[J]. 网络与信息安全学报, 2016,2(11): 11-20.
	SHEN X , PEI Q Q , LIU X F . Survey of block chain[J]. Chinese Journal of Network and Information Security, 2016,2(11): 11-20.
[30]	周学峰, 赵梓皓 . 解析计算法律学[J]. 北京：中国计算机学会通讯, 2017: 43-51.
	ZHOU X F , ZHAO Z H . Analysis of computational law[J]. Beijing:Communications of the CCF, 2017: 43-51
[31]	NECULA G . Proof-carrying code[J]. Encyclopedia of Cryptography ＆ Security, 1996,141(1): 106-119.
[32]	THOMAS D , PAUL G , MAURICE H ,et al. Proof-carrying smart contracts[J]. Stevens Institute of Technology, 2018, 325-338.
[33]	LUU L , CHU D H , OLICKEL H ,et al. Making smart contracts smarter[C]// The 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016: 254-269.
[34]	BHARGAVAN K , DELIGNAT-LAVAUD A FOURNET C ,et al. Formal verification of smart contracts:short paper[C]// The 2016 ACM Workshop on Programming Languages and Analysis for Security. New York:ACM, 2016: 91-96.
[35]	BAI X , CHENG Z , DUAN Z ,et al. Formal modeling and verification of smart contracts[C]// The 7th International Conference on Software and Computer Applications. Washington:ACM, 2018: 322-326.
[36]	章峰, 史博轩, 蒋文保 . 区块链关键技术及应用研究综述[J]. 网络与信息安全学报, 2018,4(4): 22-29.
	ZHANG F , SHI B X , JIANG W B . Review of key technology and its application of blockchain[J]. Chinese Journal of Network and Information Security, 2018,4(4): 22-29.
[37]	薛锐, 吴迎, 刘牧华 ,等. 可验证计算研究进展[J]. 中国科学:信息科学, 2015,45(11): 1370-1388.
	XUE R , WU Y , LIU M H ,et al. Progress in verifiable computing[J]. China Science:Information Science, 2015,45(11): 1370-1388.
[38]	HARZ D . Trust and verifiable computation for smart contracts in permissionless blockchains[D]. KTH,School of Information and Communication Technology, 2017.
[39]	TEUTSCH J,REITWIE?NER C . A scalable verification solution for blockchains[EB].
[40]	ZYSKIND G . Efficient secure computation enabled by blockchain technology[D]. Massachusetts:Massachusetts Institute of Technology, 2016.
[41]	AS S , . Enabling data markets using smart contracts and multi-party computation[C]// Business Information Systems Workshops:BIS 2018 International Workshops. Berlin:Springer, 2019:258.
[42]	NEIDHARDT N , KOHLER C , NUTTGENS M . Cloud service billing and service level agreement monitoring based on blockchain[C]// EMISA. 2018: 65-69.
[43]	MOLINA-JIMENEZ C , SOLAIMAN E , SFYRAKIS I ,et al. On and off-blockchain enforcement of smart contracts[C]// European Conference on Parallel Processing. 2018: 342-354.
[44]	XU X , PAUTASSO C , ZHU L ,et al. The blockchain as a software connector[C]// 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA). 2016: 182-191.
[45]	EBERHARDT J , TAI S . On or off the blockchain? Insights on off-chaining computation and data[C]// European Conference on Service-Oriented and Cloud Computing. 2017: 3-15.
[46]	ZHANG F , CECCHETTI E , CROMAN K ,et al. Town crier:an authenticated data feed for smart contracts[C]// The 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016: 270-282.
[47]	ADLER J , BERRYHILL R , VENERIS A ,et al. Astraea:a decentralized blockchain oracle[C]// 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communica-tions (GreenCom) and IEEE Cyber,Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). 2018: 1145-1152.
[48]	VOYIATZIS A G , WEIPPL E . Whom you gonna trust? a longi-tudinal study on TLS notary services[C]// Data and Applications Security and Privacy XXX:30th Annual IFIP WG 11.3 Conference. 2016: 18-20.
[49]	RITZDORF H , WüST K , GERVAIS A ,et al. TLS-N:non-repudiation over TLS enabling ubiquitous content signing for disintermediation[J]. IACR ePrint Report, 2017,578.
[50]	JAKOBSSON M , LEIGHTON T , MICALI S ,et al. Fractal Merkle tree representation and traversal[C]// Cryptographers’ Track at the RSA Conference. 2003: 314-326.
[51]	XUE J , XU C , ZHANG Y ,et al. DStore:a distributed cloud storage system based on smart contracts and blockchain[C]// International Conference on Algorithms and Architectures for Parallel Processing. 2018: 385-401.
[52]	GUARNIZO J , SZALACHOWSKI P . PDFS:practical data feed service for smart contracts[J]. arXiv preprint,arXiv:1808.06641, 2018
[53]	XU X , PAUTASSO C , ZHU L ,et al. The blockchain as a software connector[C]// 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA). 2016: 182-191.
[54]	BANERJEE A , . Blockchain technology:supply chain insights from ERP[M]// Advances in Computers. 2018: 69-98.
[55]	FABIANO N , . The internet of things ecosystem:the blockchain and privacy issues the challenge for a global privacy standard[C]// 2017 International Conference on Internet of Things for the Global Community (IoTGC). 2017: 1-7.

智能合约平台名称	链类型	吞吐量/笔交易·秒^-1	交易延迟/s	合约语言	隐私保护
Ethereum	公有链	约100	约15	Solidity	不支持
Hyperledger Fabric	联盟链	约100	约1	Go/Java/Node.js	支持
EOS	公有链	约10 000	0.5	C++	不支持

智能合约安全综述

Survey of smart contract security

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 6

参考文献 55

相关文章 15

Metrics

推荐阅读 0

[1]	曹琪, 阮树骅, 陈兴蜀, 兰晓, 张红霞, 金泓键. Hyperledger Fabric平台的国密算法嵌入研究[J]. 网络与信息安全学报, 2021, 7(1): 65-75.
[2]	陈晓姣, 林宪正, 俞能海. 比特币区块链的数据压缩[J]. 网络与信息安全学报, 2021, 7(1): 76-83.
[3]	张涛, 伍前红, 唐宗勋. 基于比特币区块链的隐蔽信息传输研究[J]. 网络与信息安全学报, 2021, 7(1): 84-92.
[4]	蔡振华,林嘉韵,刘芳. 区块链存储：技术与挑战[J]. 网络与信息安全学报, 2020, 6(5): 11-20.
[5]	程穗,林宪正,俞能海. 基于刚性内存的区块链协议改进[J]. 网络与信息安全学报, 2020, 6(5): 21-26.
[6]	王昊,吴天昊,朱孔林,张琳. 交叉口场景下基于区块链技术的匿名车辆身份认证方案[J]. 网络与信息安全学报, 2020, 6(5): 27-35.
[7]	张勖,马欣. 基于区块链的轻量化移动自组网认证方案[J]. 网络与信息安全学报, 2020, 6(4): 14-22.
[8]	乔康,汤红波,游伟,李海涛. 高效安全的可审计盲混币服务方案[J]. 网络与信息安全学报, 2020, 6(4): 23-36.
[9]	钱思杰,陈立全,王诗卉. 基于改进PBFT算法的PKI跨域认证方案[J]. 网络与信息安全学报, 2020, 6(4): 37-44.
[10]	乔康,游伟,王领伟,汤红波. 基于区块链的5G物联网数据共享方案[J]. 网络与信息安全学报, 2020, 6(4): 45-55.
[11]	李芬,李瑾,仵松颀,张森林,陆月明. 基于智能合约的多微电网市场化交易模型及算法[J]. 网络与信息安全学报, 2020, 6(4): 56-66.
[12]	李少卓,王娜,杜学绘. 按需披露的区块链隐私保护机制[J]. 网络与信息安全学报, 2020, 6(3): 19-29.
[13]	余春堂,韩志耕,李致远,王良民. 基于区块链的众包物流分级多层智能服务交易监管架构[J]. 网络与信息安全学报, 2020, 6(3): 50-58.
[14]	王仁生,吴天昊,张琳,朱孔林. 基于区块链的智能网联车队协同轨迹预测系统[J]. 网络与信息安全学报, 2020, 6(3): 78-87.
[15]	邱云翔,张红霞,曹琪,章建聪,陈兴蜀,金泓键. 基于CP-ABE算法的区块链数据访问控制方案[J]. 网络与信息安全学报, 2020, 6(3): 88-98.