| 摘要: |
| 近年来,智能合约中的漏洞检测任务已受到越来越多的关注。然而,缺少源代码和完备的检测特征限制了检测的效果。在本文中,我们提出了DC-Hunter:一种基于字节码匹配的智能合约漏洞检测方案。它可以通过已知的漏洞合约找到类似的漏洞合约,并且可以直接应用于现实世界中的智能合约,无需源码和预先定义的漏洞特征。为了让提出的方法更加切实可行,我们应用程序切片来降低无关代码的影响,通过规范化减少编译器版本带来的差异,并使用图嵌入算法来捕捉函数的结构信息,从而显著减少误报和漏报。此外,借助DC-Hunter我们揭露了一种新型的危险合约。我们发现有一些合约是伪漏洞合约,专门用于诱骗他人尝试进行攻击,从而窃取攻击者的以太币,这种合约称为"蜜罐合约"。我们实现了DC-Hunter的原型,并将其应用于现实世界的智能合约,共有183份危险的合约被报出并确认,其中包括160份漏洞合约和23份蜜罐合约。 |
| 关键词: 字节码匹配 切片 规范化 图嵌入 蜜罐 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2020.05.08 |
| Received:April 04, 2020Revised:April 30, 2020 |
| 基金项目:本课题得到国家自然科学基金(No.U1836209,No.61802413)资助。 |
|
| DC-Hunter: Detecting Dangerous Smart Contracts via Bytecode Matching |
| HAN Songming,LIANG Bin,HUANG Jianjun,SHI Wenchang |
| School of Information, Renmin University of China, Beijing 100872, China |
| Abstract: |
| In recent years, detecting vulnerabilities in smart contracts has become a critical task. However, the detection performance is subject to lack of source code and comprehensive detection signatures. In this paper we present a smart contract detection method based on bytecode matching, called DC-Hunter. It can effectively find vulnerable smart contracts by retrieving the analogues of known vulnerable contracts, and can be directly applied to the real-world smart contracts without requiring source code and predefined signatures. To make the proposed method more practicable, we utilize program slicing to mitigate the impact of irrelevant code, perform normalization to reduce the differences caused by compiler versions, and use graph embedding network to capture the structural information of functions, so that false positives and false negatives are significantly pruned. Besides, we expose a new type of dangerous contract with help of DC-Hunter. We find that there are some pseudo-vulnerable contracts specially designed for seducing people into attacking them to steal their ether, which are called honeypot contracts. We implement DC-Hunter and apply it to real-world smart contracts. 183 dangerous contracts are reported and confirmed, including 160 vulnerable ones and 23 honeypot contracts. |
| Key words: bytecode matching slicing normalization graph embedding honeypot |
