首页 | 本学科首页   官方微博 | 高级检索  
     

基于Ethereum智能合约的安全策略分析
引用本文:张登记,赵相福,陈中育,童向荣. 基于Ethereum智能合约的安全策略分析[J]. 应用科学学报, 2021, 39(1): 151-163. DOI: 10.3969/j.issn.0255-8297.2021.01.013
作者姓名:张登记  赵相福  陈中育  童向荣
作者单位:1. 浙江师范大学 数学与计算机科学学院, 浙江 金华 321004;2. 烟台大学 计算机与控制工程学院, 山东 烟台 264005
基金项目:国家自然科学基金(No.61972360)资助
摘    要:智能合约是代码和数据的集合,一旦部署便无法更改,且其自身持有金融属性,若出现安全漏洞问题将会造成巨大损失,可见编写出安全可靠的智能合约是至关重要的.为此,基于Ethereum平台研究并分析智能合约的安全漏洞,总结了几种易见的安全漏洞,包括可重入漏洞、整数溢出漏洞、拒绝服务(denial of service,DoS)漏...

关 键 词:区块链  以太坊  智能合约  漏洞分析  预防策略
收稿时间:2020-11-12

Analysis of Security Strategies for Smart Contracts Based on Ethereum
ZHANG Dengji,ZHAO Xiangfu,CHEN Zhongyu,TONG Xiangrong. Analysis of Security Strategies for Smart Contracts Based on Ethereum[J]. Journal of Applied Sciences, 2021, 39(1): 151-163. DOI: 10.3969/j.issn.0255-8297.2021.01.013
Authors:ZHANG Dengji  ZHAO Xiangfu  CHEN Zhongyu  TONG Xiangrong
Affiliation:1. College of Mathematics and Computer Science, Zhejiang Normal University, Jinhua 321004, Zhejiang, China;2. School of Computer and Control Engineering, Yantai University, Yantai 264005, Shandong, China
Abstract:A smart contract is a collection of code and data. Once a smart contract is deployed, it cannot be changed. Smart contracts have financial properties, thus, it would cause huge losses if there were vulnerabilities in smart contracts. Therefore, it is essential to write safe and reliable smart contracts. Based on the Ethereum platform, related security of smart contracts is analyzed, and several common vulnerabilities are summarized, including reentrancy vulnerabilities, integer overflow vulnerabilities, deny of service (DoS) vulnerabilities, timestamp dependence vulnerabilities, and transaction-ordering dependence vulnerabilities. We made theoretical analysis in detail and scenario recurrence on these vulnerabilities, proposed corresponding preventive security strategies, and verified the effectiveness of these strategies. Finally, we analyzed and compared several popular tools for detecting smart contract vulnerabilities.
Keywords:blockchain  Ethereum  smart contract  vulnerability analysis  prevention strategy  
点击此处可从《应用科学学报》浏览原始摘要信息
点击此处可从《应用科学学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号