SlightDetection：一种以太坊智能合约安全漏洞的静态分析工具

以太坊智能合约若存在安全漏洞，则会导致无可估量的损失。为缓解该问题，提出了一种以静态程序分析技术实现代码全覆盖的智能合约漏洞检测工具SlightDetection。该工具将智能合约源代码转化为对应的抽象语法树，并翻译为XML中间表示；以几个经典漏洞的特征为例，书写自定义的XPath规则库；将XML中间表示与XPath库作为输入不断遍历XPath规则库并进行匹配，最终得到漏洞检测的报告。该文测试了3个经典合约，充分展示了SlightDetection具有更快、更准确的检测特性；对Etherscan上提供的大量智能合约进行测试并对其中100多份合约进行了手动验证，进一步证明了该工具的有效性。

SlightDetection: A Static Analysis Tool for Smart Contracts Security Vulnerabilities on Ethereum

Security vulnerabilities in Ethereum smart contracts may lead to immeasurable losses. To alleviate this problem, a smart contract vulnerability detection tool SlightDetection is proposed, which uses static program analysis technology to achieve full code coverage. The tool converts smart contract source codes into a corresponding abstract syntax tree, and translates it into an XML intermediate representation. Taking the characteristics of several classic vulnerabilities as an example, the tool writes a custom XPath rule library, and using the XML intermediate representation and the XPath library as inputs, the tool keeps traversing and matching the XPath rule base, till getting the report of vulnerability detection. This work tests 3 classic contracts, and fully demonstrates the faster and more accurate detection features of SlightDetection. The effectiveness of the tool is proved by testing a large number of smart contracts provided on Etherscan and manually verifying more than 100 of them.