智能合约漏洞检测与修复研究综述
Review of Smart Contract Vulnerability Detection and Repair Research
摘要
Abstract
The smart contract is a fundamental technology of blockchain,as it operates without the need for third-party au-thorities and can directly provide trusted customized services for users.It represents an important advancement in block-chain technology.As the application range of smart contracts continues to expand,ensuring their safe and reliable opera-tion has become a pressing issue in the field of blockchain security.A research framework for smart contract vulnerability detection and repair is proposed,analyzing and summarizing the current research progress in four key aspects:vulnerability datasets,machine learning methods,vulnerability repair techniques,and patch deployment strategies.Firstly,this paper in-vestigates machine learning-based smart contract vulnerability detection methods,comparing and summarizing 8 types of smart contract vulnerabilities,the current state of 15 open-source datasets,and the advantages and disadvantages of exist-ing models,including traditional machine learning methods,deep learning approaches,and large models.Furthermore,a strategy for constructing high-quality smart contract vulnerability datasets is proposed,combining 5 types of vulnerability detection tools and confidence learning.The 5 types of vulnerability detection tools are symbolic execution,fuzz testing,taint analysis,formal verification,and integrated frameworks.Secondly,3 categories of smart contract vulnerability repair solutions are systematically introduced:automated repair techniques,machine learning-based repair methods,and Ethere-um enhancement technologies.A comprehensive comparison of different solutions is conducted,highlighting their respec-tive advantages and limitations,along with an overview of relevant technologies that can be applied to smart contract vul-nerability repair in the future.Finally,this paper analyzes existing security challenges in smart contracts and provides in-sights into future research directions.关键词
区块链/智能合约安全/漏洞检测/漏洞修复/机器学习Key words
blockchain/smart contract security/vulnerability detection/vulnerability repair/machine learning分类
计算机与自动化引用本文复制引用
刘哲旭,李雷孝,刘东江,杜金泽,林浩,史建平..智能合约漏洞检测与修复研究综述[J].计算机科学与探索,2025,19(4):854-876,23.基金项目
国家自然科学基金(62362055) (62362055)
内蒙古自治区重点研发与成果转化计划项目(2022YFSJ0013,2023YFHH0052) (2022YFSJ0013,2023YFHH0052)
内蒙古自治区高等学校青年科技英才支持计划项目(NJYT22084) (NJYT22084)
内蒙古自然科学基金(2023MS06008) (2023MS06008)
内蒙古自治区科技成果转化专项资金项目(2020CG0073,2021CG0033) (2020CG0073,2021CG0033)
内蒙古自治区直属高校科研项目(JY20220061,JY20230119,JY20230019) (JY20220061,JY20230119,JY20230019)
鄂尔多斯市重点研发计划项目(YF20232328).This work was supported by the National Natural Science Foundation of China(62362055),the Key Research and Development and Achievement Transformation Program of Inner Mongolia Autonomous Region(2022YFSJ0013,2023YFHH0052),the Support Program for Young Scientific and Technological Talents in Higher Education Institutions of Inner Mongolia Autonomous Region(NJYT22084),the Natu-ral Science Foundation of Inner Mongolia(2023MS06008),the Special Funds for Transformation of Scientific and Technological Achieve-ments in Inner Mongolia Autonomous Region(2020CG0073,2021CG0033),the Research Projects of Universities Directly Under Inner Mongolia Autonomous Region(JY20220061,JY20230119,JY20230019),and the Key Research and Development Program of Ordos(YF20232328). (YF20232328)
