CN116841906A

CN116841906A - Intelligent contract detection method and device and electronic equipment

Info

Publication number: CN116841906A
Application number: CN202310926914.XA
Authority: CN
Inventors: 许冠行; 李文越; 何依圣
Original assignee: Hillstone Networks Co Ltd
Current assignee: Hillstone Networks Co Ltd
Priority date: 2023-07-26
Filing date: 2023-07-26
Publication date: 2023-10-03

Abstract

The application discloses a detection method and device of an intelligent contract and electronic equipment. Wherein the method comprises the following steps: acquiring a source code corresponding to the intelligent contract; analyzing the source code, and generating an abstract syntax tree corresponding to the source code according to an analysis result, wherein the abstract syntax tree comprises N target tree objects, each target tree object is used for representing a function declaration object in the source code, and N is a positive integer; detecting whether a first abnormal tree object exists in N target tree objects, wherein the first abnormal tree object is used for representing a function declaration object using a target keyword in error, and the target keyword is used for identifying the type of a declaration variable in the function declaration object; and under the condition that a first abnormal tree object exists in the N target tree objects, determining the intelligent contract as an abnormal intelligent contract with information security risks. The application solves the technical problem of low intelligent contract detection efficiency of using memory and storage keywords in error in the prior art.

Description

Intelligent contract detection method and device and electronic equipment

Technical Field

The application relates to the technical field of blockchain, in particular to a detection method and device of an intelligent contract and electronic equipment.

Background

In existing blockchain technology, smart contracts can use memory and storage keywords to specify the type of declaration variable. Wherein the variable declared using the memory key is a memory variable, and a state variable is not actually declared newly when using the storage key, and a pointer pointing to the state variable is actually generated, and the corresponding state variable can be modified by the pointer. Since the two keywords may cause risks such as data loss if used in error, it is necessary to check whether the two keywords of memory and storage in the smart contract are used correctly before the smart contract is formally online.

However, in the prior art, a developer usually manually checks whether a memory and a storage keyword are correctly used, so that not only a great deal of labor cost is wasted, but also a problem of incomplete checking is likely to occur, and further, a problem of low detection efficiency of an intelligent contract is caused.

In view of the above problems, no effective solution has been proposed at present.

Disclosure of Invention

The application provides a method and a device for detecting intelligent contracts and electronic equipment, and aims to at least solve the technical problem that intelligent contracts using memory and storage keywords for errors are low in detection efficiency in the prior art.

According to an aspect of the present application, there is provided a method for detecting an intelligent contract, including: acquiring a source code corresponding to the intelligent contract; analyzing the source code, and generating an abstract syntax tree corresponding to the source code according to an analysis result, wherein the abstract syntax tree comprises N target tree objects, each target tree object is used for representing a function declaration object in the source code, and N is a positive integer; detecting whether a first abnormal tree object exists in N target tree objects, wherein the first abnormal tree object is used for representing a function declaration object using a target keyword in error, and the target keyword is used for identifying the type of a declaration variable in the function declaration object; and under the condition that a first abnormal tree object exists in the N target tree objects, determining the intelligent contract as an abnormal intelligent contract with information security risks.

Optionally, the method for detecting an intelligent contract further includes: after analyzing the source code and generating an abstract syntax tree corresponding to the source code according to an analysis result, detecting whether second abnormal tree objects exist in N target tree objects, wherein the second abnormal tree objects are used for representing function statement objects which are not subjected to pointer initialization, the pointer initialization is used for generating pointer variables, the pointer variables are used for accessing or modifying state variables in the source code, and the state variables are used for representing data permanently stored in a block chain; and determining the intelligent contract as an abnormal intelligent contract under the condition that a second abnormal tree object exists in the N target tree objects.

Optionally, the method for detecting an intelligent contract further includes: after detecting whether a second abnormal tree object exists in the N target tree objects, determining that the intelligent contract is about an intelligent contract without information security risk under the condition that the first abnormal tree object and the second abnormal tree object do not exist in the N target tree objects.

Optionally, the method for detecting an intelligent contract further includes: obtaining a variable declaration object corresponding to the target tree object, wherein the variable declaration object at least comprises a variable declaration statement, and the variable declaration statement is used for representing a function parameter variable and a declaration variable related to the variable declaration object; determining the object type of a variable declaration object according to a variable declaration statement, wherein the object type is a first type or a second type, a declaration variable related to the variable declaration object of the first type is a state variable, the state variable is used for representing data permanently stored in a blockchain, the declaration variable related to the variable declaration object of the second type is a memory variable, the memory variable is used for representing data temporarily stored in the blockchain, the state variable is identified through a first keyword, the memory variable is identified through a second keyword, and the first keyword and the second keyword are target keywords; detecting whether a state change exists in a following function statement corresponding to a variable statement to obtain a detection result, wherein the state change characterizes that an intelligent contract modifies a variable statement object when executing a next Wen Hanshu statement; and determining whether the target tree object is the first abnormal tree object according to the object type of the variable declaration object and the detection result.

Optionally, the method for detecting an intelligent contract further includes: detecting whether the following function statement is on the left side of the assignment function statement; in the case that the following function statement is on the left side of the assignment function statement, determining that the following Wen Hanshu statement has a state change; in the case where the following function statement is not to the left of the assignment function statement, it is determined that there is no state change in the following Wen Hanshu statement.

Optionally, the method for detecting an intelligent contract further includes: determining that the target tree object is a non-first abnormal tree object under the condition that the object type of the variable declaration object is a first type and the state of the following function statement is changed; and under the condition that the object type of the variable declaration object is the first type and the following function statement does not have state change, determining that the function declaration object corresponding to the variable declaration object uses the first key word in error, and determining that the target tree object is the first abnormal tree object.

Optionally, the method for detecting an intelligent contract further includes: determining that the target tree object is a non-first abnormal tree object under the condition that the object type of the variable declaration object is a second type and no state change exists in the following function statement; detecting whether the variable declaration object is assigned to a state variable in a following function statement as a right variable of an assignment function statement in the case that the object type of the variable declaration object is a second type and the following function statement has a state change, wherein the state variable is used for representing data permanently stored on a blockchain; under the condition that a variable declaration object is assigned to a state variable as a right variable of an assignment function statement in a following function statement, determining that the target tree object is a non-first abnormal tree object; and under the condition that the variable declaration object is not assigned to the state variable as the right variable of the assignment function statement in the following function statement, determining that the function declaration object corresponding to the variable declaration object uses the second keyword in error, and determining that the target tree object is the first exception tree object.

Optionally, the method for detecting an intelligent contract further includes: obtaining a variable declaration object corresponding to the target tree object, wherein the variable declaration object at least comprises a variable declaration statement, and the variable declaration statement is used for representing a function parameter variable and a declaration variable related to the variable declaration object; traversing pointer variables in the variable declaration statement, and detecting whether the pointer variables in the variable declaration statement are initialization statements; under the condition that pointer variables in the variable declaration statement are non-initialization statements, determining that the target tree object is a non-second abnormal tree object; under the condition that pointer variables in the variable declaration statement are initialization statements, detecting whether the pointer variables in the variable declaration statement are memory variables; under the condition that pointer variables in the variable declaration statement are memory variables, determining that a function declaration object corresponding to the variable declaration object is not subjected to pointer initialization, and determining that a target tree object is a second abnormal tree object; and determining that the target tree object is a non-second abnormal tree object under the condition that the pointer variable in the variable declaration statement is a non-memory variable.

According to another aspect of the present application, there is also provided a detection apparatus for an intelligent contract, including: the acquisition unit is used for acquiring source codes corresponding to the intelligent contracts; the analysis unit is used for analyzing the source code and generating an abstract syntax tree corresponding to the source code according to an analysis result, wherein the abstract syntax tree comprises N target tree objects, each target tree object is used for representing a function declaration object in the source code, and N is a positive integer; the detection unit is used for detecting whether a first abnormal tree object exists in the N target tree objects, wherein the first abnormal tree object is used for representing a function declaration object using a target keyword in error, and the target keyword is used for identifying the type of a declaration variable in the function declaration object; and the determining unit is used for determining that the intelligent contract is an abnormal intelligent contract with information security risk under the condition that a first abnormal tree object exists in the N target tree objects.

According to another aspect of the present application, there is also provided an electronic device, wherein the electronic device includes one or more processors and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method for detecting any one of the smart contracts described above.

In the method, an abstract syntax tree corresponding to an intelligent contract source code is adopted to detect whether the intelligent contract uses a target keyword or not, the source code corresponding to the intelligent contract is firstly obtained, then the source code is analyzed, and an abstract syntax tree corresponding to the source code is generated according to an analysis result, wherein the abstract syntax tree comprises N target tree objects, each target tree object is used for representing a function declaration object in the source code, and N is a positive integer. Then, detecting whether a first abnormal tree object exists in the N target tree objects, and determining the intelligent contract as an abnormal intelligent contract with information security risk under the condition that the first abnormal tree object exists in the N target tree objects. The first exception tree object is used for representing a function declaration object using a target keyword in error, and the target keyword is used for identifying the type of a declaration variable in the function declaration object.

According to the method, the device and the system, the abstract syntax tree is generated by the source code of the intelligent contract, whether the target keywords (keywords corresponding to memory, storage and the like and used for representing the declaration variable types in the function declaration objects) are correctly used by the function declaration objects in the intelligent contract is automatically detected, so that the purpose of automatically detecting whether the target keywords are correctly used by the intelligent contract is achieved, a large amount of labor cost required by manual code checking can be saved, the problem that abnormal codes cannot be found in time due to human negligence can be avoided, the intelligent contract detection efficiency is improved, and the technical problem that the intelligent contract detection efficiency for wrongly using the memory and storage keywords in the prior art is low is solved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:

FIG. 1 is a flow chart of an alternative smart contract detection method in accordance with an embodiment of the present application;

FIG. 2 is a schematic representation of the generation of an alternative abstract syntax tree according to an embodiment of the application;

FIG. 3 is a schematic diagram of an alternative modification of state variables of a smart contract by a function according to an embodiment of the present application;

FIG. 4 is a flowchart of an alternative method of detecting a first anomaly tree object in accordance with an embodiment of the present application;

FIG. 5 is a flowchart of an alternative determination of a first anomaly tree object in accordance with an embodiment of the present application;

FIG. 6 is a flowchart of an alternative method of detecting whether a target tree object is a second anomaly tree object in accordance with an embodiment of the present application;

fig. 7 is a schematic diagram of a detection apparatus of a smart contract according to an embodiment of the present application.

Detailed Description

In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.

It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

Example 1

In accordance with an embodiment of the present application, there is provided a method embodiment in which the steps shown in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order other than that shown.

FIG. 1 is a flow chart of an alternative smart contract detection method according to an embodiment of the present application, as shown in FIG. 1, the method comprising the steps of:

step S101, source codes corresponding to intelligent contracts are acquired.

Specifically, a smart contract is a programmed code that aims to automatically execute contract terms. They are written as part of a decentralized application (DApps) on a blockchain, intended to eliminate intermediaries by maintaining reliability and transparency of contracts, and to execute automatically when contract conditions are met. Smart contracts typically run on blockchains and often developers use encryption techniques to protect the contract content and ensure that the contract is not modifiable. This means that once an intelligent contract is deployed onto the blockchain, its code will not be modifiable and can only be modified or terminated by the parties executing the contract.

Among other things, smart contracts can be applied to a variety of scenarios such as digital currency, securities, logistics, voting, and many others that require automation and decentralization. Since smart contracts can automatically execute codes, they can greatly improve transaction efficiency and reduce operation costs, thereby generating a wide range of applications in business and financial fields.

In addition, the currently most important blockchain running the smart contract is ethernet (ethernet), and the ethernet virtual machine (Ethereum Virtual Machine, EVM) is one of the core components in the ethernet blockchain, which is a virtual machine running the smart contract in the ethernet network.

Alternatively, the smart contracts are typically written using a programming language such as stability and then deployed into an ethernet network. These contracts are issued by way of transactions into the ethernet blockchain and run in the EVM. The EVM may perform intelligent contracts on different nodes to ensure decentralization and reliability of the network. The intelligent contract programming language for the Ethernet has the characteristics of object oriented, and supports common concepts of object oriented programming such as inheritance, abstract class, interface and the like. It also supports advanced features such as event handling, function reloading, etc. In the visibility, the most important object is the contact object, which can be instantiated and deployed on the ethernet blockchain, creating an executable code unit on the blockchain. The contract object may have other contents such as state variables, functions, etc.

The present application provides a detection system for an intelligent contract (hereinafter referred to as a detection system for short) as an execution subject of the detection method for an intelligent contract in this embodiment, and it should be noted that the detection system is used to automatically detect whether a code defect exists in a source code corresponding to the intelligent contract according to the detection method for an intelligent contract in this embodiment, so as to assist a developer in implementing development of the intelligent contract more efficiently.

And S102, analyzing the source code, and generating an abstract syntax tree corresponding to the source code according to the analysis result.

In step S102, the abstract syntax tree includes N target tree objects, each of which is used to characterize a function declaration object in the source code, N being a positive integer.

Alternatively, FIG. 2 is a schematic diagram of the generation of an alternative abstract syntax tree according to an embodiment of the application. As shown in fig. 2, the detection system may parse the source code of the smart contract using a syntax parser, and generate an abstract syntax tree according to a parsing result, where the abstract syntax tree includes M tree objects, and at least N target tree objects are included in the M objects. For example, as shown in fig. 2, a function unit is a target tree object, and is used to characterize a function declaration object (function object) in source code.

Step S103, detecting whether a first abnormal tree object exists in the N target tree objects.

In step S103, the first exception tree object is used to characterize a function declaration object that misuses a target key that identifies the type of declaration variable in the function declaration object.

Optionally, the target keywords include Memory keywords and storage keywords.

The following describes the respective functions of the Memory key and the storage key in conjunction with state variables and Memory variables in the blockchain to better illustrate the problem that may result from misuse of the Memory key and the storage key.

First, as shown in fig. 3, a state variable defines the state of a smart contract, i.e., data stored in the smart contract. The state variables may be any type of data supported by stability. Wherein the function defines the behavior of the smart contract, i.e. the method of manipulating the data stored in the smart contract, and thus the state variables in the contract can be read or changed by calling the function of the smart contract.

Further, state variables are data permanently stored on the blockchain that has a life cycle as long as the smart contract and can be accessed by all functions of the own contract.

In addition, there are memory variables in the smart contract in addition to state variables. Memory variables refer to data stored for temporary use during execution of a function, which is automatically deleted after the function is executed. Memory variables are typically used to store temporary values, such as calculation results or function parameters.

In defining variables, it is necessary to explicitly specify the storage locations of the variables. In most cases, the stability compiler will automatically specify the location, and when the compiler cannot determine the storage location, default values will be used, which will require the developer to specify it on his own.

The following codes are examples of optional state variables and memory variables:

the variables in the contract declaration statement are state variables, such as the stoneddata variable declared in the code example above, that are accessible to functions in all of the present contracts. If a state variable is to be modified, then the modifier of the function is not able to be view or pure, the setData function in the code fragment is public, so the function may have logic to modify the state. The variables declared in the function default to memory variables, such as data in the fragment, which are automatically deleted after the function execution is completed.

Further, memory and storage keywords may be used to specify the type of declaration variable. Specifically, the variable declared using memory is a memory variable, and using the keyword store does not actually state a state variable newly, in effect, a pointer to the state variable is generated, by which the corresponding state variable can be modified.

The following code examples:

in this code example, the function parameter_array is a memory variable that is valid within the function scope. An array of memory variable types is declared in the function statement using memory keywords. A num variable is then declared using the storage key, which points to the element of the dataArray state variable array with index 0, and modifications to num change the corresponding state variable. Finally, using the memory key to declare the num1 variable, num1 is essentially a temporary copy of the corresponding state variable, cannot modify the corresponding state variable, and is automatically deleted after the function execution is completed.

Two methods of creating pointers to state variables are described in the above examples, and this process may be referred to as pointer initialization. False pointer initialization may have serious consequences since pointers may access or modify state variables.

Specifically, the incorrect use of memory and storage keys (i.e., incorrect pointer initialization) can lead to at least three problems:

1. resulting in more gas being spent. Specifically, at least 200gas is required when using storage, and a minimum of 3gas is used by using memory, which results in waste of gas when storage should be used, and increases the risk of the transaction being rolled back due to the increased consumption of gas. Where gas refers to the computational resource overhead required to run contract code.

2. Which can lead to problems with data loss. Specifically, the data initialized by using the memory only exist in the memory of the corresponding function, and the life cycle is only in the process that the function is called, and after the execution of the function is completed, the data in the memory can be deleted. Memory cannot be used if it is desired to continue to access the corresponding variable after the function execution is completed, otherwise a problem of data loss may occur.

3. Which can lead to a problem of greater data security risk. Specifically, if the original logic of the smart contract is to modify the stored data, but a memory is used, the modified memory is actually the data in the memory, and the data in the memory is deleted along with the execution of the function, so as to generate a vulnerability. Similarly, if the smart contract is intended to read or store data in memory, but a store is used, this will modify the data in the store and also generate corresponding vulnerability points.

In summary, the pointer to store initialization points to the store in the contract and there is control over pointing to the store, so store should be used when modifying the store again. The corresponding contract pointed to by the memory-initialized pointer stores a copy of the load in memory, and if only the corresponding value is to be obtained without modification, the memory should be used. Therefore, in order to ensure stable operation of the smart contract, it is necessary to recognize in time whether the smart correctly uses memory and storage keywords.

Step S104, determining the intelligent contract as an abnormal intelligent contract with information security risk under the condition that a first abnormal tree object exists in the N target tree objects.

It is easy to understand that if the first abnormal tree object exists in the N target tree objects, it is indicated that the function declaration object exists in the smart contract, and the memory or storage keyword is not used correctly, and the above three problems are caused by misuse of the memory or storage keyword, so that the smart contract at this time is about an abnormal smart contract with information security risk.

Based on the content of the steps S101 to S104, in the present application, a manner of detecting whether the intelligent contract uses the target keyword by mistake based on the abstract syntax tree corresponding to the intelligent contract source code is adopted, the source code corresponding to the intelligent contract is first obtained, then the source code is parsed, and the abstract syntax tree corresponding to the source code is generated according to the parsing result, wherein the abstract syntax tree includes N target tree objects, each of which is used for characterizing a function declaration object in the source code, and N is a positive integer. Then, detecting whether a first abnormal tree object exists in the N target tree objects, and determining the intelligent contract as an abnormal intelligent contract with information security risk under the condition that the first abnormal tree object exists in the N target tree objects. The first exception tree object is used for representing a function declaration object using a target keyword in error, and the target keyword is used for identifying the type of a declaration variable in the function declaration object.

In an alternative embodiment, the detection system may further detect whether a second exception tree object exists in the N target tree objects, where the second exception tree object is used to characterize a function declaration object that is not pointer initialized, the pointer initialization is used to generate pointer variables that are used to access or modify state variables in the source code, and the state variables are used to characterize data that is permanently stored in the blockchain. Further, in the case where there is a second abnormal tree object among the N target tree objects, the detection system determines the smart contract as an abnormal smart contract.

Alternatively, the state variables of the ethernet are stored in an array in the order stated in the smart contract, the corresponding index is determined at compile time, and the function actually operates on this array by index when accessing and modifying the state variables. In the solubility, if the pointed-to variable is not specified at the time of initializing the structure pointer, this pointer will point to the beginning of the array, appearing in the contract as the first stated variable.

The code example shown below shows a function declaration object that is not pointer initialized:

the set function in the code segment above wants to initialize a Wallet structure pointer, but since the pointer indicates no variable, the compiler will let this pointer point to the first element of the storage array. For the case of a given code fragment, the wall. Owner points to the ower and the wall. Policy points to num2, so msg. Sender is assigned to Owner, thereby obtaining administrator rights, resulting in serious information security incidents.

Therefore, if the function statement object in the intelligent contract does not initialize the pointer, serious information security risks are faced, and the intelligent contract is determined to be the abnormal intelligent contract by detecting whether the second abnormal tree object exists in the N target tree objects or not and determining that the abnormal intelligent contract is the abnormal intelligent contract under the condition that the second abnormal tree object exists in the N target tree objects, so that the abnormal intelligent contract can be prevented from being online in time, and serious information security accidents are avoided.

In an alternative embodiment, the detection system determines that the smart contract is approximately a smart contract without information security risk in the absence of the first exception tree object and the second exception tree object from the N target tree objects.

In an alternative embodiment, to detect whether the target tree object is the first abnormal tree object, the present application provides an alternative flowchart for detecting the first abnormal tree object as shown in fig. 4, which specifically includes the following steps:

step S401, obtaining a variable declaration object corresponding to the target tree object.

In step S401, the variable declaration object includes at least a variable declaration statement for characterizing function parameter variables and declaration variables to which the variable declaration object relates.

Optionally, the object tree object is used to characterize a function declaration object (function object) in the source code, where there are sub-objects in the function declaration object: variable declaration object (variable declartion object) the variable declaration object contains the parameter variables of the function and the statements of the declaration variables in the function statements (i.e., the variable declaration statements described above).

Step S402, determining the object type of the variable declaration object according to the variable declaration statement.

In step S402, the object type is a first type or a second type, where the declaration variable related to the variable declaration object of the first type is a state variable, the state variable is used to represent data permanently stored in the blockchain, the declaration variable related to the variable declaration object of the second type is a memory variable, the memory variable is used to represent data temporarily stored in the blockchain, the state variable is identified by a first key, the memory variable is identified by a second key, and both the first key and the second key are target keys.

Optionally, the first keyword is "Storage", the second keyword is "Memory", and the roles of the first keyword and the second keyword are described in the foregoing, which is not repeated herein.

Step S403, detecting whether the state change exists in the following function statement corresponding to the variable statement to obtain a detection result.

In step S403, the state change characterizes the modification of the variable declaration object by the smart contract when executing the next Wen Hanshu statement.

Step S404, determining whether the target tree object is the first abnormal tree object according to the object type of the variable declaration object and the detection result.

Further, in step S403, the detection system may detect whether the following function statement is on the left side of the assignment function statement, where the detection system determines that there is a state change in the following Wen Hanshu statement; in the case where the following function statement is not to the left of the assignment function statement, the detection system determines that there is no state change in the following Wen Hanshu statement.

Specifically, the simplest straightforward way to determine whether a variable is modified is to determine whether it is to the left of the assignment statement. As the following code examples:

The next Wen Hanshu statement is a function statement after the variable declaration statement in the source code, for example, "wall. Owner" in the code example, the assignment function statement is "=" in the code example, and as shown in the code annotation, the next Wen Hanshu statement is explained that there is a state change in the case where the next function statement is on the left side of the assignment function statement; in the case where the following function statement is not to the left of the assignment function statement, the following Wen Hanshu statement is illustrated as having no state change.

In an alternative embodiment, in the case that the object type of the variable declaration object is the first type and there is a change in state of the following function statement, the detection system determines that the target tree object is a non-first exception tree object; and under the condition that the object type of the variable declaration object is the first type and the following function statement does not have state change, the detection system determines that the function declaration object corresponding to the variable declaration object uses the first keyword in error and determines that the target tree object is the first abnormal tree object.

Optionally, fig. 5 shows a flowchart for determining a first exception tree object according to an embodiment of the present application, as shown in fig. 5, where the object type of the variable declaration object is determined by traversing the variable declaration statement, if the declaration variable related to the variable declaration object is a state variable identified by a first key word "storage", the detection system traverses a next Wen Hanshu statement corresponding to the variable declaration statement, and if the following function statement is located on the left side of the assignment function statement (i.e., there is a state change in the following function statement), the detection system determines that the target tree object is not the first exception tree object, i.e., the variable declaration object does not use the storage key word in error. If the next Wen Hanshu statement is not located on the left side of the assignment function statement (i.e., no state change exists in the next function statement), the detection system determines that the target tree object is a first exception tree object, that is, the function statement object corresponding to the variable statement object uses the storage keyword in error, and the intelligent contract has a security hole.

In an alternative embodiment, the detection system determines the target tree object as a non-first exception tree object in the event that the object type of the variable declaration object is a second type and there is no state change in the following function statement. In the case where the object type of the variable declaration object is the second type and there is a state change in the following function statement, the detection system detects whether the variable declaration object is assigned to a state variable in the following function statement as a right-hand variable of the assignment function statement, wherein the state variable is used to characterize data permanently stored on the blockchain.

Further, in the case that the variable declaration object is assigned to the state variable as a right variable of the assignment function statement in the following function statement, the detection system determines that the target tree object is a non-first exception tree object; under the condition that the variable declaration object is not assigned to the state variable as the right variable of the assignment function statement in the following function statement, the detection system determines that the function declaration object corresponding to the variable declaration object uses the second keyword in error, and determines that the target tree object is the first exception tree object.

Alternatively, as shown in fig. 5, if the declaration variable related to the variable declaration object is a state variable identified by a second key "memory", the detection system may traverse the next Wen Hanshu statement corresponding to the variable declaration statement, and if the next Wen Hanshu statement is not located on the left side of the assignment function statement (i.e., there is no state change in the following function statement), the detection system determines that the target tree object is not the first exception tree object, i.e., the variable declaration object does not use the memory key erroneously. If the following function statement is located on the left side of the assignment function statement (i.e., there is a state change in the following function statement), the detection system detects whether the variable declaration object is assigned to the state variable as a right side variable of the assignment function statement in the following function statement, if the variable declaration object is assigned to the state variable as a right side variable of the assignment function statement in the following function statement, the detection system determines that the target tree object is not the first exception tree object, but if the variable declaration object is not assigned to the state variable as a right side variable of the assignment function statement in the following function statement, the detection system determines that the function declaration object corresponding to the variable declaration object uses the second keyword memory in error, and determines that the target tree object is the first exception tree object, and that the intelligent contract has a security hole.

Note that, there are syntax sugars of assignment statements such as self-addition and self-subtraction, and these syntax sugars require conversion of assignment function statements at the time of generation of the statement phase, for example, syntax sugar of "num++" is converted into "num=num+1".

In an alternative embodiment, fig. 6 is a flowchart of an alternative method for detecting whether a target tree object is a second abnormal tree object according to an embodiment of the present application, as shown in fig. 6, including the steps of:

step S601, a variable declaration object corresponding to the target tree object is obtained.

In step S601, the variable declaration object includes at least a variable declaration statement for characterizing function parameter variables and declaration variables to which the variable declaration object relates.

Step S602, traversing the pointer variables in the variable declaration statement, and detecting whether the pointer variables in the variable declaration statement are initialization statements.

For example, the following code example shows an uninitialized pointer variable:

in step S603, when the pointer variable in the variable declaration statement is a non-initialization statement, the target tree object is determined to be a non-second abnormal tree object.

In step S604, if the pointer variable in the variable declaration statement is the initialization statement, it is detected whether the pointer variable in the variable declaration statement is a memory variable.

Optionally, detecting whether the pointer variable in the variable declaration statement is a Memory variable may be performed by detecting whether the pointer variable is a variable identified by a Memory key, if the pointer variable is a variable identified by a Memory key, the pointer variable is a Memory variable, otherwise, the pointer variable is not a Memory variable.

In step S605, when the pointer variable in the variable declaration statement is the memory variable, it is determined that the function declaration object corresponding to the variable declaration object is not pointer initialized, and it is determined that the target tree object is the second exception tree object.

In step S606, when the pointer variable in the variable declaration statement is a non-memory variable, it is determined that the target tree object is a non-second exception tree object.

Optionally, if the pointer variable in the variable declaration statement is a Memory variable, that is, the pointer variable is a variable identified by a Memory keyword, the detection system determines that the function declaration object corresponding to the variable declaration object is not pointer-initialized, and determines that the target tree object is a second exception tree object, and the intelligent contract has a security hole. If the pointer variable in the variable declaration statement is not a Memory variable, i.e., the pointer variable is not a variable identified by a Memory key, such as a variable identified by a Storage key, then the detection system determines that the target tree object is not a second exception tree object.

Through the technical scheme of the application, a developer of the intelligent contract can use the detection system to rapidly carry out security inspection on the code written by the developer, meanwhile, compiling is not needed, and moreover, an auditor can rapidly carry out security inspection on the contract source code, so that the detection accuracy is the same as that of manual audit, and the detection efficiency is higher.

Example 2

The embodiment of the application also provides a device for detecting the intelligent contract, and the device for detecting the intelligent contract can be used for executing the method for detecting the intelligent contract provided by the embodiment 1 of the application. The following describes a detection device for intelligent contracts provided by an embodiment of the present application.

Fig. 7 is a schematic diagram of a detection apparatus of a smart contract according to an embodiment of the present application. As shown in fig. 7, the apparatus includes: an obtaining unit 701, configured to obtain a source code corresponding to an intelligent contract; the parsing unit 702 is configured to parse the source code, and generate an abstract syntax tree corresponding to the source code according to a parsing result, where the abstract syntax tree includes N target tree objects, each target tree object is used to characterize a function declaration object in the source code, and N is a positive integer; a detecting unit 703, configured to detect whether a first exception tree object exists in the N target tree objects, where the first exception tree object is used to characterize a function declaration object that uses a target keyword in error, and the target keyword is used to identify a type of declaration variable in the function declaration object; a determining unit 704, configured to determine, in a case where the first abnormal tree object exists in the N target tree objects, that the smart contract is an abnormal smart contract that has an information security risk.

Specifically, a smart contract is a programmed code that is intended to automatically execute and perform the terms of the contract. They are written as part of a decentralized application (DApps) on a blockchain, intended to eliminate intermediaries by maintaining reliability and transparency of contracts, and to execute automatically when contract conditions are met. Intelligent contracts typically run on blockchains, use encryption techniques to protect the contract contents, and ensure that the contract is unalterable. This means that once an intelligent contract is deployed onto the blockchain, its code will not be modifiable and can only be modified or terminated by the parties executing the contract.

Among other things, smart contracts can be used in a variety of scenarios such as digital currency, securities, logistics, voting, and many others that require automation and decentralization. Since smart contracts can automatically execute and execute codes, they can greatly improve transaction efficiency and reduce operation costs, thereby generating a wide range of applications in business and financial fields.

Alternatively, the smart contracts are typically written using a programming language such as stability and then deployed into an ethernet network. These contracts are transactionally issued into the ethernet blockchain and run in the EVM. The EVM may perform intelligent contracts on different nodes to ensure decentralization and reliability of the network. The intelligent contract programming language for the Ethernet has the characteristics of object oriented, and supports common concepts of object oriented programming such as inheritance, abstract class, interface and the like. It also supports advanced features such as event handling, function reloading, etc. The most important object in the solubility is the contact object, which can be instantiated and deployed on the ethernet blockchain, creating an executable code unit on the blockchain. The contract object may have other contents such as state variables, functions, etc.

Optionally, the target keywords include Memory keywords and storage keywords.

First, as shown in fig. 3, a state variable defines the state of a smart contract, i.e., data stored in the smart contract. The state variable may be any type of data supported by solubility. Wherein the function defines the behavior of the smart contract, i.e. the method of manipulating the data stored in the smart contract, and thus the state variables in the contract can be read or changed by calling the function of the smart contract.

Further, memory and storage keywords may be used to specify the type of declaration variable. The variable declared using memory is a memory variable, and using the key store does not actually state a state variable newly, in effect, a pointer to the state variable is generated, by which the corresponding state variable can be modified.

The following code examples:

/>

4. resulting in more gas being spent. Specifically, at least 200gas is needed when using storage, and a minimum of 3gas is used when storage is used, and this results in waste of gas when storage should be used, and increases the risk of transaction rollback due to the increased consumption of gas. Where gas refers to the computational resource overhead required to run contract code.

5. Which can lead to problems with data loss. Specifically, the data initialized by using the memory only exist in the memory of the corresponding function, and the life cycle is only in the process that the function is called, and after the execution of the function is completed, the data in the memory can be deleted. Memory cannot be used if it is desired to access the corresponding variable after the function execution is completed, otherwise a problem of data loss may occur.

6. Which can lead to a problem of greater data security risk. Specifically, if the original logic of the smart contract is to modify the stored data, but a memory is used, the modified memory is actually the data in the memory, and the data in the memory is deleted along with the execution of the function, so as to generate a vulnerability. Similarly, if the smart contract is intended to read or store data in memory, but a store is used, this will modify the data in the store and also generate corresponding vulnerability points.

Optionally, the smart contract detecting device further includes: a first detection unit and a first determination unit. The first detection unit is used for detecting whether a second abnormal tree object exists in the N target tree objects, wherein the second abnormal tree object is used for representing a function statement object which is not subjected to pointer initialization, the pointer initialization is used for generating a pointer variable, the pointer variable is used for accessing or modifying a state variable in a source code, and the state variable is used for representing data permanently stored in a blockchain; and the first determining unit is used for determining the intelligent contract to be an abnormal intelligent contract when the second abnormal tree object exists in the N target tree objects.

/>

The set function in the code segment above wants to initialize a Wallet structure pointer, but since the pointer indicates no variable, the compiler will let this pointer point to the first element of the storage array. For the case of a given code fragment, the wall. Owner points to the ower and the wall. Policy points to num2, so msg. Sender is assigned to Owner, thereby obtaining administrator rights, and thus causing serious information security incidents.

Optionally, the smart contract detecting device further includes: and the second determining unit is used for determining that the intelligent contract is about an intelligent contract without information security risk when the first abnormal tree object and the second abnormal tree object are not existed in the N target tree objects.

Optionally, the detection unit includes: the device comprises an acquisition subunit, a first determination subunit, a detection subunit and a second determination subunit. The variable declaration object comprises at least a variable declaration statement, wherein the variable declaration statement is used for representing function parameter variables and declaration variables related to the variable declaration object; a first determining subunit, configured to determine, according to a variable declaration statement, an object type of a variable declaration object, where the object type is a first type or a second type, a declaration variable related to the variable declaration object of the first type is a state variable, the state variable is used to represent data permanently stored in a blockchain, a declaration variable related to the variable declaration object of the second type is a memory variable, the memory variable is used to represent data temporarily stored in the blockchain, the state variable is identified by a first key, the memory variable is identified by a second key, and both the first key and the second key are target keys; the detection subunit is used for detecting whether the following function statement corresponding to the variable statement has state change or not to obtain a detection result, wherein the state change represents that the intelligent contract modifies the variable statement object when executing the following Wen Hanshu statement; and the second determining subunit is used for determining whether the target tree object is the first abnormal tree object according to the object type of the variable declaration object and the detection result.

Optionally, the detection subunit comprises: the device comprises a detection module, a first determination module and a second determination module. The detection module is used for detecting whether the following function statement is on the left side of the assignment function statement; a first determining module, configured to determine that a next Wen Hanshu statement has a state change if the next function statement is on the left side of the assignment function statement; a second determining module, configured to determine that there is no state change in the next Wen Hanshu statement if the following function statement is not on the left side of the assignment function statement.

Optionally, the second determining subunit includes: the third determination module and the fourth determination module. The third determining module is used for determining that the target tree object is a non-first abnormal tree object under the condition that the object type of the variable declaration object is a first type and the following function statement has state change; and the fourth determining module is used for determining that the function declaration object corresponding to the variable declaration object uses the first key word in error and determining that the target tree object is the first exception tree object when the object type of the variable declaration object is the first type and the following function statement does not have state change.

Optionally, the second determining subunit includes: the device comprises a fifth determining module, a first detecting module, a fifth determining module and a sixth determining module. The fifth determining module is used for determining that the target tree object is a non-first abnormal tree object under the condition that the object type of the variable declaration object is the second type and no state change exists in the following function statement; the first detection module is used for detecting whether the variable declaration object is assigned to the state variable as a right variable of the assignment function statement in the following function statement when the object type of the variable declaration object is a second type and the following function statement has state change, wherein the state variable is used for representing data permanently stored on the blockchain; a fifth determining module, configured to determine that the target tree object is a non-first abnormal tree object when the variable declaration object is assigned to the state variable as a right variable of the assignment function statement in the following function statement; and a sixth determining module, configured to determine that the function declaration object corresponding to the variable declaration object uses the second keyword in error and determine that the target tree object is the first exception tree object when the variable declaration object is not assigned to the state variable as the right variable of the assignment function statement in the following function statement.

Optionally, the first detection unit includes: the device comprises a first acquisition subunit, a first detection subunit, a third determination subunit, a second detection subunit, a fourth determination subunit and a fifth determination subunit. The first obtaining subunit is configured to obtain a variable declaration object corresponding to the target tree object, where the variable declaration object at least includes a variable declaration statement, and the variable declaration statement is used to characterize a function parameter variable and a declaration variable related to the variable declaration object; the first detection subunit is used for traversing pointer variables in the variable declaration statement and detecting whether the pointer variables in the variable declaration statement are initialization statements; a third determining subunit, configured to determine, when the pointer variable in the variable declaration statement is a non-initialization statement, that the target tree object is a non-second exception tree object; the second detection subunit is used for detecting whether the pointer variable in the variable declaration statement is a memory variable or not under the condition that the pointer variable in the variable declaration statement is an initialization statement; a fourth determining subunit, configured to determine that, when the pointer variable in the variable declaration statement is a memory variable, the function declaration object corresponding to the variable declaration object does not perform pointer initialization, and determine that the target tree object is a second exception tree object; and a fifth determining subunit, configured to determine that the target tree object is a non-second exception tree object when the pointer variable in the variable declaration statement is a non-memory variable.

Example 3

According to another aspect of the embodiments of the present application, there is also provided a computer-readable storage medium having a computer program stored therein, wherein the computer program is configured to execute the method for detecting a smart contract in embodiment 1 described above when running.

Example 4

According to another aspect of the embodiments of the present application, there is also provided an electronic device including one or more processors and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method for detecting a smart contract in embodiment 1 above.

The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.

In the foregoing embodiments of the present application, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.

In the several embodiments provided in the present application, it should be understood that the disclosed technology may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of units may be a logic function division, and there may be another division manner in actual implementation, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server or a network device, etc.) to perform all or part of the steps of the method of the various embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.

The foregoing is merely a preferred embodiment of the present application and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present application, which are intended to be comprehended within the scope of the present application.

Claims

1. A method for detecting an intelligent contract, comprising:

acquiring a source code corresponding to the intelligent contract;

analyzing the source code, and generating an abstract syntax tree corresponding to the source code according to an analysis result, wherein the abstract syntax tree comprises N target tree objects, each target tree object is used for representing a function declaration object in the source code, and N is a positive integer;

detecting whether a first abnormal tree object exists in the N target tree objects, wherein the first abnormal tree object is used for representing a function declaration object using a target keyword in error, and the target keyword is used for identifying the type of a declaration variable in the function declaration object;

and determining that the intelligent contract is an abnormal intelligent contract with information security risk under the condition that the first abnormal tree object exists in the N target tree objects.

2. The method of claim 1, wherein after parsing the source code and generating an abstract syntax tree corresponding to the source code according to the parsing result, the method further comprises:

Detecting whether a second abnormal tree object exists in the N target tree objects, wherein the second abnormal tree object is used for representing a function statement object which is not subjected to pointer initialization, the pointer initialization is used for generating a pointer variable, the pointer variable is used for accessing or modifying a state variable in the source code, and the state variable is used for representing data permanently stored in a blockchain;

and determining that the intelligent contract is about the abnormal intelligent contract if the second abnormal tree object exists in the N target tree objects.

3. The method of claim 2, wherein after detecting whether a second exception tree object is present in the N target tree objects, the method further comprises:

and determining that the intelligent contract is about an intelligent contract without the information security risk when the first abnormal tree object and the second abnormal tree object are not existing in the N target tree objects.

4. The method of claim 1, wherein detecting whether a first exception tree object is present in the N target tree objects comprises:

obtaining a variable declaration object corresponding to the target tree object, wherein the variable declaration object at least comprises a variable declaration statement, and the variable declaration statement is used for representing a function parameter variable and a declaration variable related to the variable declaration object;

Determining an object type of the variable declaration object according to the variable declaration statement, wherein the object type is a first type or a second type, a declaration variable related to the variable declaration object of the first type is a state variable, the state variable is used for representing data permanently stored in a blockchain, a declaration variable related to the variable declaration object of the second type is a memory variable, the memory variable is used for representing data temporarily stored in the blockchain, the state variable is identified by a first keyword, the memory variable is identified by a second keyword, and the first keyword and the second keyword are both the target keywords;

detecting whether a state change exists in a following function statement corresponding to the variable declaration statement to obtain a detection result, wherein the state change characterizes that the intelligent complex modifies the variable declaration object approximately when the following Wen Hanshu statement is executed;

and determining whether the target tree object is the first abnormal tree object according to the object type of the variable declaration object and the detection result.

5. The method according to claim 4, wherein detecting whether a state change exists in a context function statement corresponding to the variable declaration statement, and obtaining a detection result includes:

Detecting whether the following function statement is on the left side of the assignment function statement;

in the case that the next Wen Hanshu statement is to the left of the assignment function statement, determining that the next Wen Hanshu statement has the state change;

in the event that the following function statement is not to the left of the assignment function statement, it is determined that the following Wen Hanshu statement does not have the state change.

6. The method of claim 4, wherein determining whether the target tree object is the first exception tree object based on the object type of the variable declaration object and the detection result comprises:

determining that the target tree object is a non-first exception tree object if the object type of the variable declaration object is the first type and the next Wen Hanshu statement has the state change;

and when the object type of the variable declaration object is the first type and the next Wen Hanshu statement does not have the state change, determining that the function declaration object corresponding to the variable declaration object uses the first key in error, and determining that the target tree object is the first abnormal tree object.

7. The method of claim 4, wherein determining whether the target tree object is the first exception tree object based on the object type of the variable declaration object and the detection result comprises:

determining that the target tree object is a non-first exception tree object if the object type of the variable declaration object is the second type and the next Wen Hanshu statement does not have the state change;

detecting whether the variable declaration object is assigned to a state variable in the next Wen Hanshu statement as a right-hand variable of an assignment function statement, where the state variable is used to characterize data permanently stored on a blockchain, with the object type of the variable declaration object being the second type and the next Wen Hanshu statement having the state change;

determining that the target tree object is a non-first abnormal tree object under the condition that the variable declaration object is assigned to a state variable as a right variable of an assignment function statement in the next Wen Hanshu statement;

and under the condition that the variable declaration object is not assigned to a state variable as a right variable of an assignment function statement in the next Wen Hanshu statement, determining that a function declaration object corresponding to the variable declaration object uses the second keyword in error, and determining that the target tree object is the first abnormal tree object.

8. The method of claim 2, wherein detecting whether a second exception tree object is present in the N target tree objects comprises:

traversing pointer variables in the variable declaration statement, and detecting whether the pointer variables in the variable declaration statement are initialization statements;

determining that the target tree object is a non-second abnormal tree object under the condition that pointer variables in the variable declaration statement are non-initialization statements;

detecting whether pointer variables in the variable declaration statement are memory variables or not under the condition that the pointer variables in the variable declaration statement are the initialization statement;

under the condition that pointer variables in the variable declaration statement are the memory variables, determining that a function declaration object corresponding to the variable declaration object is not subjected to pointer initialization, and determining that the target tree object is the second abnormal tree object;

And under the condition that the pointer variable in the variable declaration statement is a non-memory variable, determining that the target tree object is a non-second abnormal tree object.

9. An intelligent contract checking apparatus, comprising:

the acquisition unit is used for acquiring source codes corresponding to the intelligent contracts;

the analysis unit is used for analyzing the source code and generating an abstract syntax tree corresponding to the source code according to an analysis result, wherein the abstract syntax tree comprises N target tree objects, each target tree object is used for representing one function statement object in the source code, and N is a positive integer;

the detection unit is used for detecting whether a first abnormal tree object exists in the N target tree objects, wherein the first abnormal tree object is used for representing a function declaration object using a target keyword in error, and the target keyword is used for identifying the type of a declaration variable in the function declaration object;

and the determining unit is used for determining that the intelligent contract is an abnormal intelligent contract with information security risk under the condition that the first abnormal tree object exists in the N target tree objects.

10. An electronic device comprising one or more processors and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of detecting a smart contract of any of claims 1-8.