CN117688564B - Detection method, device and storage medium for intelligent contract event log - Google Patents
Detection method, device and storage medium for intelligent contract event log Download PDFInfo
- Publication number
- CN117688564B CN117688564B CN202410138372.4A CN202410138372A CN117688564B CN 117688564 B CN117688564 B CN 117688564B CN 202410138372 A CN202410138372 A CN 202410138372A CN 117688564 B CN117688564 B CN 117688564B
- Authority
- CN
- China
- Prior art keywords
- event
- solidity
- codes
- code
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003860 storage Methods 0.000 title claims abstract description 28
- 238000001514 detection method Methods 0.000 title claims abstract description 19
- 238000000034 method Methods 0.000 claims abstract description 49
- 238000005457 optimization Methods 0.000 claims abstract description 9
- 230000006870 function Effects 0.000 claims description 39
- 238000007781 pre-processing Methods 0.000 claims description 14
- 230000008569 process Effects 0.000 claims description 13
- 230000011218 segmentation Effects 0.000 claims description 11
- 238000004458 analytical method Methods 0.000 claims description 10
- 230000003068 static effect Effects 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 13
- 238000004891 communication Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000002372 labelling Methods 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 239000002699 waste material Substances 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 239000000523 sample Substances 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000005339 levitation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000003245 working effect Effects 0.000 description 1
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The application relates to the technical field of computers, and discloses a detection method, a device and a storage medium for an intelligent contract event log, wherein the method comprises the following steps: acquiring a target contract; compiling a target contract by adopting Solidity language; analyzing Solidity codes of the target contracts, and determining event problem states of Solidity codes; the event problem state comprises at least one of the event in Solidity code that requires an optimization variable, the event in Solidity code that uses more frequently than a frequency of use threshold, the event in Solidity code that has parameter information errors, the redundant event in Solidity code, the debug event in Solidity code that has been used, and the event in Solidity code that has call position errors; based on the event problem state, outputting reminding information. Thus, the developer can find the problem of the event in time.
Description
Technical Field
The present application relates to the field of computer technologies, and for example, to a method, an apparatus, and a storage medium for detecting an intelligent contract event log.
Background
The smart contract, a Turing complete program, runs in the form of EVM byte code in an Ethernet virtual machine (Ethereum Virtual Machine, EVM). Specifically, the smart contracts may be programmed in Solidity language (a programming language) that is compiled into EVM bytecodes before being executed by the EVM on the blockchain.
Further, during the programming process of Solidity, logging may be accomplished through an event function. However, the event in the current Solidity code is problematic in use, and if not avoided in time by the developer, it may result in wastage of gas fees (a cost to pay when performing a particular operation on the ethernet blockchain) and even increase the risk of property loss of the contract account.
In the process of implementing the embodiments of the present disclosure, it is found that at least the following problems exist in the related art:
The event in the current Solidity code is problematic in use, and if not avoided in time by a developer, the events can result in wastage of gas fees, and even increase the risk of property loss of the contract account.
It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the application and thus may include information that does not form the prior art that is already known to those of ordinary skill in the art.
Disclosure of Invention
The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosed embodiments. This summary is not an extensive overview, and is intended to neither identify key/critical elements nor delineate the scope of such embodiments, but is intended as a prelude to the more detailed description that follows.
The embodiment of the disclosure provides a detection method, a detection device and a storage medium for an intelligent contract event log, which are used for detecting problems existing in the event in the current Solidity codes when the event is used and reminding in time, so that the waste of gas cost is avoided, and the property loss risk of a contract account is reduced.
In some embodiments, the method for detecting an intelligent contract event log includes:
Acquiring a target contract; compiling the target contract by adopting Solidity language;
analyzing Solidity codes of the target contracts and determining event problem states of the Solidity codes; the event problem state comprises at least one of an event in the Solidity code that requires an optimization variable, an event in the Solidity code that uses more frequently than a frequency of use threshold, an event in the Solidity code that has parameter information errors, a redundant event in the Solidity code, a used debug event in the Solidity code, and an event in the Solidity code that has call position errors;
and outputting reminding information based on the event problem state.
In some embodiments, the detection device for the smart contract event log comprises a processor and a memory storing program instructions, wherein the processor is configured to execute the detection method for the smart contract event log when the program instructions are executed.
In some embodiments, the storage medium stores program instructions that, when executed, perform the above-described detection method for smart contract event logs.
The detection method, the device and the storage medium for the intelligent contract event log provided by the embodiment of the disclosure can realize the following technical effects:
After obtaining the target contract compiled in Solidity language, solidity code of the target contract may be analyzed to determine the event problem status of Solidity code. The event problem state may include at least one of an event in Solidity code that requires an optimization variable, an event in Solidity code that uses a frequency greater than a frequency of use threshold, an event in Solidity code that has a parameter information error, a redundant event in Solidity code, a debug event in Solidity code that has been used, and an event in Solidity code that has a call location error. Then, based on the event problem state, the reminder information can be output. In this way, the Solidity codes can be analyzed from the angles of the six event problem states so as to detect the events in the Solidity codes, discover the problems in the events in time, and inform the developer in time in a mode of outputting reminding information, so that the waste of gas cost is avoided as much as possible, and the property loss risk of the contract account is reduced.
The foregoing general description and the following description are exemplary and explanatory only and are not restrictive of the application.
Drawings
One or more embodiments are illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like references indicate similar elements, and in which like reference numerals refer to similar elements, and in which:
FIG. 1 is a schematic diagram of a method for detecting smart contract event logs, provided by embodiments of the present disclosure;
FIG. 2 is a schematic diagram of a method for determining the event issue status of Solidity codes provided by an embodiment of the present disclosure;
FIG. 3 is a schematic diagram of another method provided by an embodiment of the present disclosure for determining the event issue status of Solidity codes;
FIG. 4 is a schematic diagram of another method provided by an embodiment of the present disclosure for determining Solidity the event issue status of a code;
FIG. 5 is a schematic diagram of another method provided by an embodiment of the present disclosure for determining the event issue status of Solidity codes;
FIG. 6 is a schematic diagram of another method provided by an embodiment of the present disclosure for determining the event issue status of Solidity codes;
FIG. 7 is a schematic diagram of another method provided by an embodiment of the present disclosure for determining the event issue status of Solidity codes;
FIG. 8 is a schematic diagram of a detection apparatus for smart contract event logs, provided by an embodiment of the present disclosure.
Detailed Description
So that the manner in which the features and techniques of the disclosed embodiments can be understood in more detail, a more particular description of the embodiments of the disclosure, briefly summarized below, may be had by reference to the appended drawings, which are not intended to be limiting of the embodiments of the disclosure. In the following description of the technology, for purposes of explanation, numerous details are set forth in order to provide a thorough understanding of the disclosed embodiments. However, one or more embodiments may still be practiced without these details. In other instances, well-known structures and devices may be shown simplified in order to simplify the drawing.
The terms first, second and the like in the description and in the claims of the embodiments of the disclosure and in the above-described figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe embodiments of the present disclosure. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion.
The term "plurality" means two or more, unless otherwise indicated.
In the embodiment of the present disclosure, the character "/" indicates that the front and rear objects are an or relationship. For example, A/B represents: a or B.
The term "and/or" is an associative relationship that describes an object, meaning that there may be three relationships. For example, a and/or B, represent: a or B, or, A and B.
The term "corresponding" may refer to an association or binding relationship, and the correspondence between a and B refers to an association or binding relationship between a and B.
The embodiment of the present disclosure does not limit the execution subject of the detection method for an intelligent contract event log, for example, the detection method for an intelligent contract event log of the embodiment of the present disclosure may be applied to a data processing device such as a terminal device or a server. The terminal device refers to an electronic device with a wireless connection function, and in some embodiments, the terminal device is, for example, a mobile device, a computer, or an in-vehicle device built in a levitation vehicle, or any combination thereof. The mobile device may include, for example, a cell phone, smart home device, wearable device, smart mobile device, virtual reality device, etc., or any combination thereof, wherein the wearable device includes, for example: smart watches, smart bracelets, pedometers, etc.
Referring to fig. 1, an embodiment of the disclosure provides a method for detecting an intelligent contract event log, including:
S101, acquiring a target contract.
Wherein the target contract is compiled in Solidity language.
S102, analyzing Solidity codes of the target contracts and determining event problem states of Solidity codes.
In the disclosed embodiment, the event problem state includes at least one of an event in Solidity code that requires an optimization variable, an event in Solidity code that uses a frequency greater than a frequency of use threshold, an event in Solidity code that has a parameter information error, a redundant event in Solidity code, a debug event in Solidity code that has been used, and an event in Solidity code that has a call location error.
S103, outputting reminding information based on the event problem state.
In the embodiments of the present disclosure, for convenience of understanding, the determining process of the above-mentioned six event problem states and the outputting of the reminding information may be respectively described by way of example with reference to the accompanying drawings.
Specifically, as shown in fig. 2, for the determination process of the event problem state in Solidity code, that is, step S102, where there is an event requiring optimization of variables, it may specifically include steps 21A-24A:
step 21A: and performing word segmentation on Solidity codes to obtain word segmentation codes.
In practical application, the blank and the line-feed character can be used as separators to segment Solidity codes, and punctuation in Solidity codes is filtered to obtain segmented codes.
Step 22A: and marking the part of speech of the word segmentation code to obtain a word segmentation marking result.
Specifically, in the embodiments of the present disclosure, a corpus may be preset and part-of-speech types of Solidity codes may be stored by the corpus. For example, part-of-speech types may include keywords, state variables, local variables, event names, function names, and class names. Thus, the word-part labeling can be carried out on the word-part codes according to the word-part types, and the word-part labeling result is obtained.
Step 23A: based on the word segmentation annotation result, a first event is determined from Solidity codes.
The first event includes a state variable; the state variables are stored in storage type. In practical application, because the storage type variable consumes more gas than the memory type local variable, the event related to the storage type state variable in Solidity codes can be identified as the first event based on the word segmentation labeling result, so that the subsequent processing is convenient for the first event consuming gas.
Step 24A: if the first function in which the first event is located includes a local variable and the values of the state variable and the local variable are the same, determining that the event problem state is Solidity that an event requiring an optimized variable exists in the code.
Here, the local variable is stored in a memory type. Since memory type local variables consume less gas than storage type state variables, when the first function includes local variables and the values of the state variables and the local variables are the same, it can be determined Solidity that there is an event in the code that requires the optimization of the variables, i.e., the state variables in the first event need to be optimized.
Based on the above steps 21A-24A, in the embodiment of the present disclosure, the alert information output based on the event question status may specifically include: warning information indicating that variable optimization is possible, information of a state variable of the identified first event, and information of a local variable that can replace the state variable.
Further, after outputting the alert message, the method for detecting an intelligent contract event log may further include: the state variable stored in the storage type in the first event is replaced by the local variable stored in the memory type. As mentioned above, the local variables stored in the memory type consume less gas than the state variables stored in the storage type, and because the values of the state variables and the local variables are the same, replacing the state variables with the local variables does not change the definition and the value of the state variables, nor does it affect the persistence of the state variables on the blockchain. Thus, data resources can be saved by variable substitution.
Referring to fig. 3, the determining process of the event problem status, that is, step S102, for the Solidity codes that the event usage is greater than the usage threshold may specifically include steps 21B-23B:
step 21B: and preprocessing Solidity codes to obtain preprocessed codes.
In practical applications, preprocessing is used to remove deactivated portions of Solidity code, including notes and/or blank lines in Solidity code.
Step 22B: and performing word frequency analysis on the preprocessing code to obtain the event usage amount in the preprocessing code.
Specifically, in the embodiment of the present disclosure, the total number of lines of the preprocessing code may be calculated first, then the preprocessing code may be segmented, and word frequency analysis may be performed on the segmented preprocessing code to obtain the number of times that the event is invoked. Then, based on the number of times an event is called and the total number of lines of the preprocessing code, the average number of occurrences of the event in each line of the preprocessing code can be determined as the event use frequency. In Solidity codes, the "init" keyword is followed by the event name, so that the number of times of calling the event can be determined by counting the number of times of occurrence of the keyword "init". In addition, the event frequency of use may be obtained by dividing the number of occurrences of the event by the total number of lines of the preprocessing code.
Step 23B: if the event frequency is greater than the frequency threshold, determining that the event frequency of the event problem status Solidity codes is greater than the frequency threshold.
In the embodiment of the present disclosure, the inventors have creatively studied and found that the average value of the event frequency is 0.022, so that in practical application, the value range of the frequency threshold may be 0.03-0.06, and preferably 0.05.
Based on the above steps 21B-23B, in the embodiment of the present disclosure, the alert information output based on the event question status may specifically include: warning information for indicating event abuse. While an event is an effective implementation of interaction with other systems, it also uses a lot of resources and has a large impact on the working effects of the contract, so in the embodiments of the present disclosure, by means of event overwarning, developers can be informed in time to use events with caution, thereby avoiding wasting resources.
Referring to fig. 4, the determining process of the event problem state, that is, step S102, for the event that there is an error in the parameter information transmitted in Solidity codes, may specifically include steps 21C-24C:
Step 21C: and carrying out static code analysis on Solidity codes to obtain an abstract syntax tree of the target contract.
In practical applications, the implementation process of static code analysis on Solidity codes may use any static code analysis algorithm that may exist in the present or future, and is not limited in detail herein.
Step 22C: and determining a second event with the parameter number larger than or equal to the number threshold according to the function statement in the abstract syntax tree, and acquiring parameter information transmitted by the second event.
Here, the number threshold may be 3, thereby avoiding the chance probability that the number of parameters is small. The parameter information may include a parameter name and a parameter value.
Step 23C: from the functions in the abstract syntax tree, a second function is obtained having the same number of parameters as when the second event was invoked.
Step 24C: if the parameter information of any parameter and the parameter information of the second function are different when the second event is called, and the parameter information of other parameters except any parameter is the same as the parameter information of the second function, determining that the event problem state is the event with parameter information error in Solidity codes.
Therefore, the second event with the parameter number larger than or equal to 3 is determined, and the parameter names and the parameter values transmitted by the second event are acquired, so that the subsequent positioning to a specific function is facilitated as much as possible. When the parameter information of the second event and the parameter information of the second function are different, the parameter error is indicated.
Based on the above steps 21C-24C, in the embodiment of the present disclosure, the alert information output based on the event problem status may specifically include: warning information for indicating parameter information errors, and related information of the second event and the second function. When an event is called, if the input error parameters are consistent with the parameter types in definition, the compiler cannot find errors of the parameter information. The intelligent contract is difficult to change after being deployed, so that a developer can be timely informed by detecting the error of the input parameter and warning, thereby helping to reduce the risk of contract loopholes as much as possible.
Referring to fig. 5, the determining process for the event problem state in which there is a redundant event in Solidity codes, that is, step S102, may specifically include steps 21D-22D:
Step 21D: for a third event invoked in Solidity code, a fourth event is determined that contains all parameters of the third event from among the invoked events included in Solidity code other than the third event.
Specifically, the number of the fourth events may be 1 or a plurality of fourth events. The fourth event includes all parameters of the third event, which may mean that the parameters of the third event are the same, or that the parameters of the fourth event include parameters of the third event. Based on this, in the embodiment of the disclosure, for the third event, it may be queried in Solidity code whether there are other parameters of the invoked event including the parameters of the third event, and if so, the event may be determined to be the fourth event. In addition, since the alias analysis algorithm is a technique for identifying name sets of program variables, which may cause the same memory location during program execution, and the same parameters of the memory location may also be regarded as the same parameters, in the embodiment of the present disclosure, the parameters of the third event may be further analyzed by the alias analysis algorithm to determine the same parameters of the memory location, and further determine the corresponding fourth event based on the same parameters of the memory location.
Step 22D: and when the parameter value of the third event is the same as the corresponding parameter value in the fourth event, determining that the event problem state is Solidity and redundant events exist in the codes.
As mentioned above, the fourth event includes the third event, and thus, when the parameter value of the third event and the parameter value of the fourth event are also the same, it may be explained that the third event is a redundant event for the fourth event.
Based on the above steps 21D-22D, in the embodiment of the present disclosure, the alert information output based on the event issue status may specifically include: warning information indicating the existence of a redundant event, and related information of the third event and the fourth event. Because the third event is a redundant event, which is contained by the fourth event and has the same parameter value, the developer can be timely informed by detecting the redundant event and warning, thereby being beneficial to canceling the calling of the redundant event as soon as possible and reducing the consumption of data resources.
Referring to fig. 6, the determining process for the event problem status of the debug event used in Solidity codes, that is, step S102, may specifically include steps 21E-22E:
Step 21E: the Solidity code is analyzed to determine if at least one of the fifth event, the sixth event, and the seventh event is present in the Solidity code.
Wherein the fifth event is an empty event; the sixth event is an event which is called at a different position and records the same variable; the seventh event is an event including a character string parameter, and the character string parameter includes a preset keyword. In practical application, a developer can adopt an event to debug, and the debugging event can be in the form of a null event, an event which is called at different positions and records the same variable, or an event comprising a character string parameter, wherein the character string parameter comprises a preset keyword, namely at least one of a fifth event, a sixth event and a seventh event. In practical applications, the preset keywords may be embodied as at least one of "debugging", "test" and "hellp".
Step 22E: if at least one of the fifth event, the sixth event, and the seventh event exists in Solidity code, then the event issue status is determined to be that there is a used debug event in Solidity code.
Based on the above, when at least one of the fifth event, the sixth event, and the seventh event exists in Solidity codes, it can be explained that the developer does not delete the used debug event after debugging Solidity codes.
Based on the above steps 21E to 22E, in the embodiment of the present disclosure, the alert information output based on the event problem status may specifically include: warning information for indicating debug events that have been used in Solidity code. After debugging the code by using the event, if the debugging event which is not needed is not deleted in time, the code readability is negatively affected, and redundant data resource consumption is caused, so that the developer can be informed in time by detecting and warning the used debugging event in Solidity codes, thereby being beneficial to deleting the used debugging event as soon as possible and reducing the consumption of data resources.
Referring to fig. 7, the determining process for the event problem state that there is an event of calling a position error in Solidity codes, that is, step S102, may specifically include steps 21F-24F:
Step 21F: during execution of Solidity code, the execution path and the opcode of Solidity code are obtained.
In the disclosed embodiment, to run Solidity code, a network test environment for the local blockchain may be first built using Anvil (a blockchain running tool) and the target contract deployed in the network test environment. Next, valid inputs may be randomly generated for the function of the target contract. Specifically, the target contract may be compiled first to generate a JSON format file corresponding to the binary interface (Application Binary Interface, ABI) of the target contract, then the ABI file is parsed to obtain the function description and the data types of the parameters therein, and then the input fields of the parameters of each data type are determined according to the Solidity official document.
For example, parameters for a fixed length data type, such as int, uint, bytes and fixed array type parameters, may randomly generate an input within its valid input field.
For parameters of data types with non-fixed length, for example, string type parameters, positive integers in the effective range can be randomly generated as the length, and then character strings with the length can be randomly generated as input.
For the address type parameter, ABI function feature analysis is required, that is, all function signatures declared in ABI are extracted, and then a function selector of each function signature, that is, keccak hash (SHA-3) of the first four bytes of the function signature is calculated to determine the function selector used by each common ABI function. Next, a map can be constructed and stored with function selectors as keys, with addresses of all intelligent contracts with the same function selector as values. Through this mapping, for each function selector, all smart contract addresses supporting that function selector can be found in a search mapping manner, and thus a random input is generated for the parameters of the address data type of each ABI function of the smart contract.
Step 22F: after the eighth event in Solidity code is invoked, it is detected, via the execution path and the opcode, whether the variable entered by the eighth event is reassigned.
Here, the eighth event is any event in Solidity codes. In the disclosed embodiment, program piling techniques may be employed to acquire execution paths using branch coverage probes and conditional coverage probes and monitor the object for opcodes that are approximately at the time of execution at the EVM to detect whether the variable entered by the eighth event is reassigned after the eighth event is invoked.
Step 23F: if the variable entered by the eighth event is reassigned, then it is detected Solidity whether there is a ninth event in the code that records the reassignment result of the eighth event.
In practice, an event is typically invoked after an operation is completed, for example, to record information such as a transaction, assignment, or authorization. Based on this, by detecting a ninth event, that is, an event for recording the reassigned variable, it can be determined whether the event is called again after the corresponding operation is performed.
Step 24F: if the ninth event does not exist in Solidity codes, determining that the event problem state is that an event with a calling position error exists in Solidity codes.
If the ninth event does not exist, it may be stated that the eighth event is called, but is not called again, i.e. its call location is wrong, although it is reassigned.
Based on the above steps 21F-24F, in the embodiment of the present disclosure, the alert information output based on the event problem status may specifically include: and the warning information is used for indicating that the call position error exists in Solidity codes. In this way, by detecting the calling position error of the event and warning, the developer can be timely informed, so that the risk of contract loopholes can be reduced as much as possible.
By adopting the detection method for the intelligent contract event log, which is provided by the embodiment of the disclosure, after the target contract compiled by Solidity language is acquired, solidity codes of the target contract can be analyzed to determine the event problem state of Solidity codes. The event problem state may include at least one of an event in Solidity code that requires an optimization variable, an event in Solidity code that uses a frequency greater than a frequency of use threshold, an event in Solidity code that has a parameter information error, a redundant event in Solidity code, a debug event in Solidity code that has been used, and an event in Solidity code that has a call location error. Then, based on the event problem state, the reminder information can be output. In this way, the Solidity codes can be analyzed from the angles of the problem states of the six events to detect the events in the Solidity codes, find the problems in the events in time, and inform the developer in time in a mode of outputting reminding information, so that the waste of data resources is avoided as much as possible, and the property loss risk of the contract account is reduced.
As shown in connection with fig. 8, an embodiment of the present disclosure provides a detection apparatus 300 for smart contract event logs, including a processor (processor) 304 and a memory (memory) 301. Optionally, the apparatus may also include a communication interface (Communication Interface) 302 and a bus 303. The processor 304, the communication interface 302, and the memory 301 may communicate with each other through the bus 303. The communication interface 302 may be used for information transfer. The processor 304 may call logic instructions in the memory 301 to perform the detection method for the smart contract event log of the above-described embodiments.
Further, the logic instructions in the memory 301 may be implemented in the form of software functional units and stored in a computer readable storage medium when sold or used as a stand alone product.
The memory 301 is used as a computer readable storage medium for storing a software program, a computer executable program, such as program instructions/modules corresponding to the methods in the embodiments of the present disclosure. The processor 304 executes the functional applications and data processing by running the program instructions/modules stored in the memory 301, i.e. implements the detection method for smart contract event logs in the above-described embodiments.
The memory 301 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, at least one application program required for a function; the storage data area may store data created according to the use of the terminal device, etc. In addition, the memory 301 may include a high-speed random access memory, and may also include a nonvolatile memory.
Embodiments of the present disclosure provide a computer-readable storage medium storing computer-executable instructions configured to perform the above-described detection method for smart contract event logs.
The computer readable storage medium may be a transitory computer readable storage medium or a non-transitory computer readable storage medium.
Embodiments of the present disclosure may be embodied in a software product stored on a storage medium, including one or more instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of a method according to embodiments of the present disclosure. And the aforementioned storage medium may be a non-transitory storage medium including: a plurality of media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or a transitory storage medium.
The above description and the drawings illustrate embodiments of the disclosure sufficiently to enable those skilled in the art to practice them. Other embodiments may involve structural, logical, electrical, process, and other changes. The embodiments represent only possible variations. Individual components and functions are optional unless explicitly required, and the sequence of operations may vary. Portions and features of some embodiments may be included in, or substituted for, those of others. Moreover, the terminology used in the present application is for the purpose of describing embodiments only and is not intended to limit the claims. As used in the description of the embodiments and the claims, the singular forms "a," "an," and "the" (the) are intended to include the plural forms as well, unless the context clearly indicates otherwise. Similarly, the term "and/or" as used in this disclosure is meant to encompass any and all possible combinations of one or more of the associated listed. Furthermore, when used in the present disclosure, the terms "comprises," "comprising," and/or variations thereof, mean that the recited features, integers, steps, operations, elements, and/or components are present, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. Without further limitation, an element defined by the phrase "comprising one …" does not exclude the presence of other like elements in a process, method or apparatus that includes the element. In this context, each embodiment may be described with emphasis on the differences from the other embodiments, and the same similar parts between the various embodiments may be referred to each other. For the methods, products, etc. disclosed in the embodiments, if they correspond to the method sections disclosed in the embodiments, the description of the method sections may be referred to for relevance.
Those of skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. The skilled artisan may use different methods for each particular application to achieve the described functionality, but such implementation should not be considered to be beyond the scope of the embodiments of the present disclosure. It will be clearly understood by those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.
In the embodiments disclosed herein, the disclosed methods, articles of manufacture (including but not limited to devices, apparatuses, etc.) may be practiced in other ways. For example, the apparatus embodiments described above are merely illustrative, and for example, the division of the units may be merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. In addition, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form. The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to implement the present embodiment. In addition, each functional unit in the embodiments of the present disclosure may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. In the description corresponding to the flowcharts and block diagrams in the figures, operations or steps corresponding to different blocks may also occur in different orders than that disclosed in the description, and sometimes no specific order exists between different operations or steps. For example, two consecutive operations or steps may actually be performed substantially in parallel, they may sometimes be performed in reverse order, which may be dependent on the functions involved. Each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Claims (9)
1. A method for detecting an intelligent contract event log, comprising:
Acquiring a target contract; compiling the target contract by adopting Solidity language;
analyzing Solidity codes of the target contracts and determining event problem states of the Solidity codes; the event problem state comprises at least one of an event in the Solidity code that requires an optimization variable, an event in the Solidity code that uses more frequently than a frequency of use threshold, an event in the Solidity code that has parameter information errors, a redundant event in the Solidity code, a used debug event in the Solidity code, and an event in the Solidity code that has call position errors;
outputting reminding information based on the event problem state;
Wherein the analyzing Solidity codes of the target contracts to determine event issue status of the Solidity codes comprises:
performing word segmentation on the Solidity codes to obtain word segmentation codes;
part of speech tagging is carried out on the word segmentation codes, and word segmentation tagging results are obtained;
Determining a first event from the Solidity codes based on the word segmentation annotation result; the parameters when the first event is invoked include a state variable; the state variables are stored in a storage type;
if the first function where the first event is located includes a local variable and the values of the state variable and the local variable are the same, determining that the event problem state is that an event requiring an optimized variable exists in the Solidity codes; the local variables are stored in a memory type.
2. The method of claim 1, wherein the analyzing Solidity codes of the target contracts to determine event issue status of the Solidity codes further comprises:
preprocessing the Solidity codes to obtain preprocessed codes; the preprocessing is used to remove inactive portions in the Solidity code, including notes and/or empty rows in the Solidity code;
word frequency analysis is carried out on the preprocessing codes, so that event use frequency in the preprocessing codes is obtained;
And if the event using frequency is larger than the using frequency threshold value, determining that the event problem state is that the event using frequency of Solidity codes is larger than the using frequency threshold value.
3. The method of claim 1, wherein the analyzing Solidity codes of the target contracts to determine event issue status of the Solidity codes further comprises:
performing static code analysis on the Solidity codes to obtain an abstract syntax tree of the target contract;
Determining a second event with the parameter number larger than or equal to a number threshold according to the function statement in the abstract syntax tree, and acquiring parameter information transmitted by the second event;
Determining Solidity a second function in the code that is the same as the number of parameters when the second event is invoked based on the abstract syntax tree;
And if the parameter information of any parameter when the second event is called is different from the parameter information of the second function, and the parameter information of other parameters except for any parameter is the same as the parameter information of the second function, determining that the event problem state is the event with parameter information errors in the Solidity codes.
4. The method of claim 1, wherein the analyzing Solidity codes of the target contracts to determine event issue status of the Solidity codes further comprises:
For a third event called in Solidity codes, determining a fourth event containing all parameters of the third event from called events except the third event included in the Solidity codes;
And when the parameter value of the third event is the same as the corresponding parameter value in the fourth event, determining that the event problem state is that a redundant event exists in the Solidity codes.
5. The method of claim 1, wherein the analyzing Solidity codes of the target contracts to determine event issue status of the Solidity codes further comprises:
analyzing the Solidity code to determine if at least one of a fifth event, a sixth event, and a seventh event is present in the Solidity code; the fifth event is an empty event; the sixth event is an event which is called at a different position and records the same variable; the seventh event is an event comprising a character string parameter, and the character string parameter comprises a preset keyword;
If at least one of a fifth event, a sixth event, and a seventh event exists in the Solidity code, determining that the event issue state is that the used debug event exists in the Solidity code.
6. The method of claim 1, wherein the analyzing Solidity codes of the target contracts to determine event issue status of the Solidity codes further comprises:
Acquiring an execution path and an operation code of the Solidity code in the running process of the Solidity code;
After the eighth event in Solidity codes is called, detecting whether variables transmitted by the eighth event are reassigned or not through the execution path and the operation code;
If the variable transmitted by the eighth event is reassigned, detecting whether a ninth event for recording reassignment results of the eighth event exists in the Solidity codes;
And if the ninth event does not exist in the Solidity codes, determining that the event problem state is the event with the calling position error in the Solidity codes.
7. The method according to claim 1, wherein after outputting the alert information based on the event question status, the method further comprises:
and replacing the state variable stored in the storage type in the first event with the local variable stored in the memory type.
8. A detection apparatus for a smart contract event log, comprising a processor and a memory storing program instructions, wherein the processor is configured, when executing the program instructions, to perform the detection method for a smart contract event log as claimed in any one of claims 1 to 7.
9. A storage medium storing program instructions which, when executed, perform the method for detecting a smart contract event log according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410138372.4A CN117688564B (en) | 2024-02-01 | 2024-02-01 | Detection method, device and storage medium for intelligent contract event log |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410138372.4A CN117688564B (en) | 2024-02-01 | 2024-02-01 | Detection method, device and storage medium for intelligent contract event log |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117688564A CN117688564A (en) | 2024-03-12 |
| CN117688564B true CN117688564B (en) | 2024-05-03 |
Family
ID=90135646
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410138372.4A Active CN117688564B (en) | 2024-02-01 | 2024-02-01 | Detection method, device and storage medium for intelligent contract event log |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117688564B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102012991A (en) * | 2010-11-09 | 2011-04-13 | 北京神舟航天软件技术有限公司 | Static analysis-based checking method of safety rules of C language |
| CN102831004A (en) * | 2012-07-13 | 2012-12-19 | 天津国芯科技有限公司 | Method for optimizing compiling based on C*core processor and compiler |
| CN109684838A (en) * | 2018-11-23 | 2019-04-26 | 电子科技大学 | A kind of static code auditing system and method for ether mill intelligence contract |
| CN110096338A (en) * | 2019-05-10 | 2019-08-06 | 百度在线网络技术(北京)有限公司 | Intelligent contract executes method, apparatus, equipment and medium |
| KR20200094618A (en) * | 2019-01-30 | 2020-08-07 | 주식회사 린아레나 | Method for auditing source code using smart contract similarity analysis and apparatus thereof |
| CN115022026A (en) * | 2022-05-31 | 2022-09-06 | 电子科技大学 | Block chain intelligent contract threat detection device and method |
| CN115794103A (en) * | 2022-10-25 | 2023-03-14 | 网易(杭州)网络有限公司 | Variable compiling method and device, electronic equipment and readable storage medium |
| CN116028495A (en) * | 2022-12-28 | 2023-04-28 | 山石网科通信技术股份有限公司 | Intelligent contract detection method and device |
| CN116166747A (en) * | 2023-01-10 | 2023-05-26 | 杭州溪塔科技有限公司 | Block chain intelligent contract data processing method and device |
| CN116185805A (en) * | 2021-11-26 | 2023-05-30 | 北京有竹居网络技术有限公司 | Code detection method, device, equipment and storage medium |
| CN116841906A (en) * | 2023-07-26 | 2023-10-03 | 山石网科通信技术股份有限公司 | Intelligent contract detection method and device and electronic equipment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9612937B2 (en) * | 2012-09-05 | 2017-04-04 | Microsoft Technology Licensing, Llc | Determining relevant events in source code analysis |
-
2024
- 2024-02-01 CN CN202410138372.4A patent/CN117688564B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102012991A (en) * | 2010-11-09 | 2011-04-13 | 北京神舟航天软件技术有限公司 | Static analysis-based checking method of safety rules of C language |
| CN102831004A (en) * | 2012-07-13 | 2012-12-19 | 天津国芯科技有限公司 | Method for optimizing compiling based on C*core processor and compiler |
| CN109684838A (en) * | 2018-11-23 | 2019-04-26 | 电子科技大学 | A kind of static code auditing system and method for ether mill intelligence contract |
| KR20200094618A (en) * | 2019-01-30 | 2020-08-07 | 주식회사 린아레나 | Method for auditing source code using smart contract similarity analysis and apparatus thereof |
| CN110096338A (en) * | 2019-05-10 | 2019-08-06 | 百度在线网络技术(北京)有限公司 | Intelligent contract executes method, apparatus, equipment and medium |
| CN116185805A (en) * | 2021-11-26 | 2023-05-30 | 北京有竹居网络技术有限公司 | Code detection method, device, equipment and storage medium |
| CN115022026A (en) * | 2022-05-31 | 2022-09-06 | 电子科技大学 | Block chain intelligent contract threat detection device and method |
| CN115794103A (en) * | 2022-10-25 | 2023-03-14 | 网易(杭州)网络有限公司 | Variable compiling method and device, electronic equipment and readable storage medium |
| CN116028495A (en) * | 2022-12-28 | 2023-04-28 | 山石网科通信技术股份有限公司 | Intelligent contract detection method and device |
| CN116166747A (en) * | 2023-01-10 | 2023-05-26 | 杭州溪塔科技有限公司 | Block chain intelligent contract data processing method and device |
| CN116841906A (en) * | 2023-07-26 | 2023-10-03 | 山石网科通信技术股份有限公司 | Intelligent contract detection method and device and electronic equipment |
Non-Patent Citations (1)
| Title |
|---|
| 郑忠斌 ; 王朝栋 ; 蔡佳浩 ; .智能合约的安全研究现状与检测方法分析综述.信息安全与通信保密.2020,(第07期),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117688564A (en) | 2024-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kim et al. | Shared execution for efficiently testing product lines | |
| US8997065B2 (en) | Automatic modularization of source code | |
| CN101853200B (en) | High-efficiency dynamic software vulnerability exploiting method | |
| CN102054149A (en) | Method for extracting malicious code behavior characteristic | |
| CN110474900B (en) | Game protocol testing method and device | |
| CN112181430B (en) | Code change statistical method, device, electronic equipment and storage medium | |
| CN105630656A (en) | Log model based system robustness analysis method and apparatus | |
| CN110287700B (en) | iOS application security analysis method and device | |
| CN111240772A (en) | Data processing method and device based on block chain and storage medium | |
| CN114238980A (en) | Industrial control equipment vulnerability mining method, system, equipment and storage medium | |
| CN117688564B (en) | Detection method, device and storage medium for intelligent contract event log | |
| CN116841906A (en) | Intelligent contract detection method and device and electronic equipment | |
| CN114826793B (en) | ROP chain detection method, device and medium | |
| CN115840707A (en) | Flash test method, device and medium | |
| CN113703753B (en) | Method and device for product development and product development system | |
| CN114462381A (en) | Data processing method, device, equipment and storage medium | |
| CN113407989A (en) | Data desensitization method and device, electronic equipment and storage medium | |
| CN113467815A (en) | Application repair method and device for hot update, terminal equipment and storage medium | |
| CN109710538B (en) | Static detection method for state-related defects in large-scale system | |
| CN113742208A (en) | Software detection method, device, equipment and computer readable storage medium | |
| CN113742116A (en) | Abnormity positioning method, abnormity positioning device, abnormity positioning equipment and storage medium | |
| CN113721916B (en) | Compiling method, device and equipment of operating system and readable storage medium | |
| CN112115046B (en) | Software fault positioning method, device and terminal | |
| CN115640236B (en) | Script quality detection method and computing device | |
| CN118152293A (en) | Interface testing method, device, electronic equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |