Abstract

Fabric is currently the most popular consortium chain platform with a modular architecture that provides high security, elasticity, flexibility and scalability. Smart contracts realize the automatic execution of transactions and the operation of reconciliation data. The Fabric platform supports general programming languages ​​to write smart contracts. However, in the development process of smart contracts, due to insufficient understanding of the underlying operating logic of smart contracts, developers are prone to introduce some risky operations, resulting in a mismatch between the execution logic of smart contracts and business logic, resulting in a lot of losses. The read-after-write risk is a relatively complex and common security risk in smart contracts. Currently, many detection tools cannot detect this risk. There is an urgent need for a solution that can quickly and accurately detect the read-after-write risk in smart contracts. This paper proposes a static analysis smart contract read-after-write risk detection method based on key methods and call chains. The scheme extracts key method patterns on the abstract syntax tree, identifies and locates key methods with risks, greatly reduces the interference of useless nodes on detection, and realizes rapid detection. By constructing the key method call chain, the real call scene is restored according to the call type and attribute of the key method. After experimental verification, compared with the current popular smart contract risk detection tool Revive^CC, the tool proposed in this paper has higher detection accuracy and can more accurately locate the read-after-write risk in smart contracts.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.