summary of smart contract audit status

Posted by deaguero at 2020-03-03

What is blockchain?

Blockchain is the underlying technology of bitcoin, which is essentially a decentralized distributed ledger database based on consensus mechanism. Consensus mechanism refers to the algorithm to ensure data consistency in the distributed system; decentralization refers to the fact that all nodes participating in the blockchain are equal in power, and there is no difference between high and low. It also means that everyone can see the past blocks and transactions, which also ensures that they can not be usurped and counterfeited. Based on the above characteristics, it is concluded that the blockchain is a unified distributed ledger composed of many peer-to-peer nodes, which ensures the consistency of block data and transaction data through consensus algorithm.

Four main characteristics of blockchain

Distributed: blockchain is global, and the nodes on the system come from all over the world. There is no central node in the blockchain, and the data is stored on each node in a distributed way.

Autonomous: blockchain is a decentralized and autonomous trading system. There are two aspects: first, the nodes are equal, and each node can join and leave freely. Secondly, the operation of blockchain is to generate blocks and synchronize data without human intervention.

Contractual: on the one hand, the nodes in the blockchain are executed according to the established rules. If the rules are violated, the nodes will be abandoned; on the other hand, the smart contracts are procedural terms and rules, which are included in the transaction. The smart contracts must be executed before they can be received during transaction verification.

Traceable: the blockchain data is open and transparent, which cannot be tampered with, and there is a certain correlation between related transactions, which is easy to be traced.

Smart contract and its security

Based on the blockchain technology, many decentralized applications have been realized, among which Ethereum is one. One of the core technologies of Ethereum is smart contract, which is a computer program running on Ethereum. Its programming language is solidity, which is similar to JavaScript.

Smart contracts are digital versions of traditional contracts. Its essence is a computer program, which can be executed by itself when the conditions written in its source code are met. Due to the immovability of blockchain, the contract cannot be changed.

Smart contract deployment process:

As a computer program running on the blockchain, smart contract greatly enriches the functions of the blockchain, making the blockchain not only a distributed ledger database, but also able to complete a certain degree of business processing.

There is the concept of token (money) in smart contracts. At the same time, as a computer program, it is difficult to get rid of the bug. Once the security loopholes are exploited, it is likely to lead to disastrous consequences, such as loss of cryptocurrency, disruption of financial order, etc. According to the sampling statistics, more than 90% of deployed smart contracts are unsafe.

However, the correctness and security of smart contracts are facing huge problems. The famous Dao security vulnerability and parity multi signature wallet security vulnerability are both caused by the security issues of smart contracts, resulting in losses of $50 million, $30 million and $152 million respectively. On April 22, BEC token was stolen, and its market value was almost zero due to a security flaw in one line of code.

However, despite the seriousness of the problem, the problem of smart contract security has suddenly erupted in the past two years. Although domestic and foreign research institutions have also carried out relevant research, there is no effective scheme to detect the security of smart contracts. The security problem of smart contract is imminent.

In the paper survey of attacks on Ethereum smart contracts, many kinds of attacks are summarized. Among them, there are unknown calls, lack of gas (the "gas" consumed by smart contract calls), abnormal disorder, type conversion and other attacks.

Publication of academic papers

Take Google academic data statistics as an example. Search keywords: Ethereum, smart contract, security analysis. There are no relevant literature before 2015. In 2016, 54 papers were published, and in 2017, 115 papers were published. By 2018, 70 papers had been published in the first half of 2018. These published papers are mostly included in top journals and conferences such as NDSS and ICSE. It can be seen that "smart contract security audit" has become a research hotspot, and has a high level of scientific research and research value.

Zeus (IBM)

The formal verification method is used to analyze the security of smart contract code.

Validation process:

1. Transform the smart contract source code into an intermediate form of policy, which can be understood as a certain length of code block. This step is to transform the smart contract source code into an intermediate form to prepare for the next step of extracting predicates. The reason is that the vulnerability detection engine can not identify the source level vulnerabilities;

2. Policy is transformed into abstract language by using custom semantic transformation rules, and predicate constraints are extracted. For example, if there is a send method in the policy (the send method is the method of sending Ethernet coins in solidity), then the constraint will be added: send_value < = account_balance. The meaning of the condition is that the number of Ethernet coins sent cannot be greater than the number of remaining Ethernet coins in the account;

3. Transform abstract language into verifiable CHC (constraint clause). This step is to transform the abstract smart contract code chip into a form recognized by the verification engine;

4. Use f * framework to verify the generated CHC. F * framework is a vulnerability detection engine developed by NASA to test the safety of avionics.   

Verification process:


The system architecture is huge, because it needs to use an established verification framework f * framework, it has to carry out many formal transformations. The verification process is complex and cumbersome, and it may lead to function loss after multiple transformations.

Use fuzzy test to detect replay attack vulnerability. The idea is based on the fact that each transaction executed by a smart contract generates a state. Different transactions correspond to different states. Fuzzy test is to generate random data through random engine, which is composed of a large number of executable transactions to test the smart contract. The random engine dynamically improves the quality of the generated data through the feedback of test results to ensure that the state space of the smart contract is explored as much as possible. Based on the finite state machine, the state of each transaction is analyzed to detect whether there is replay attack.

The scheme architecture is shown as follows:

In a simple way, we use the exhaustive method to search whether there is replay attack in the state space of the smart contract. The principle is simple, easy to implement, only for replay attack, and the function is relatively single.


At present, the audit of smart contract code in blockchain field is in the initial stage. In foreign countries, Zurich Federal Institute of technology has provided audit services for preliminary Ethereum contracts:, domestic, 360 and other enterprises have also begun to pay attention to this field.

The loopholes that cause large-scale "lethality" to Ethereum mostly come from large amount fund contracts such as ICO raised funds. For such contracts, erc20 (such as openzeppelin) and erc721 are standard token contracts to help implement, but the security of such contracts needs code audit guarantee urgently. It is believed that in the future development, formal verification will play a greater role, and functional programming will also have a good scene in cooperation with formalization.

Survey of attacks on Ethereum smart contracts address:

To learn more about blockchain technology courses, click the following link:

Related reading

Six typical security applications of blockchain

Six misreading of blockchain technology and smart contract security

Yes, blockchain is really the most disruptive data security technology