以太坊智能合約安全之研究

The study on Ethereum smart contract security

林詠章(Iuon-Chang Lin)；林久弘(Chiu-Hung Lin)

區塊鏈 ； 以太坊 ； 智能合約 ； Solidity ； Blockchain ； Ethereum ； smart contract ； Solidity

資訊安全通訊

24卷3期（2018 / 07 / 01）

16 - 33

繁體中文

區塊鏈技術是以點對點網路為基礎，將資料分散於網路中的每個節點，同時也不需要任何第三方的控管與維護，諸多的特性帶起了虛擬貨幣「比特幣」的發展，成為了全球幣值最高的貨幣，後續也帶起了以智能合約為特點的以太坊平台，其特殊的貨幣「以太幣」成為市值僅次於比特幣的虛擬貨幣，由於智能合約的廣泛應用，使以太坊的使用者逐漸增加，然而在撰寫智能合約中，程式語言「Solidity」因為其特殊的規則與語法，導致眾多已部署的合約都含有許多漏洞及陷阱，這也成為了攻擊者的攻擊目標，如著名的「The DAO事件」，因此，本論文整理了現今智能合約中常見的漏洞及陷阱，以合約模擬過程並提出解決或避免方式，讓撰寫合約者能有效地避免合約遭受攻擊。

Blockchain technology is based on peer-to-peer network. It distributes data to every node in the network, and does not require any third-party control and maintenance. These features make the virtual currency ＂Bitcoin＂ popular which become the currency with the highest currency value in the world. It has also make the Ethereum platform featuring smart contracts popular too. It's special currency ＂Ether＂ becomes the virtual currency with the market value that is second only to the bitcoin. Due to the various application of smart contracts, the users of Ethereum has gradually increased. However, in writing smart contracts, the programming language ＂Solidity＂ has many loopholes and traps due to its special rules and grammar, so it has become the target of attackers, such as the famous ＂The DAO＂. Therefore, this paper survey the vulnerabilities and pitfalls in today’s smart contracts, and use the contract simulation process and propose solutions or avoidance methods to make the programmer avoid contract damage effectively.

1. Afanasev, M. Y.,Fedosov, Y. V.,Krylova, A. A.,Shorokhov, S. A.(2018).An application of blockchain and smart contracts for machine-to-machine communications in cyberphysical production systems.2018 IEEE Industrial Cyber-Physical Systems (ICPS)
2. Atzei, N.,Bartoletti, M.,Cimoli, T.(2017).A survey of attacks on ethereum smart contracts (sok).International Conference on Principles of Security and Trust
3. Bragagnolo, S.,Rocha, H.,Denker, M.,Ducasse, S.(2018).SmartInspect: solidity smart contract inspector.2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE)
4. Buterin, V.(2014).V. Buterin, “A next-generation smart contract and decentralized application platform,” Ethereum white paper, 2014..
5. Chen, Y. H.,Chen, S. H.,Lin, I. C.(2018).Blockchain based smart contract for bidding system.2018 IEEE International Conference on Applied System Invention (ICASI)
6. Dannen, C.(2017).Introducing Ethereum and Solidity.Berkeley:Apress.
7. Hildenbrandt, E.,Saxena, M.,Zhu, X.,Rodrigues, N.,Daian, P.,Guth, D.,Rosu, G.(2017).,未出版
8. Hirai, Y.(2017).Defining the ethereum virtual machine for interactive theorem provers.International Conference on Financial Cryptography and Data Security,Cham:
9. Judmayer, A.,Stifter, N.,Krombholz, K.,Weippl, E.(2017).Blocks and Chains: Introduction to Bitcoin, Cryptocurrencies, and Their Consensus Mechanisms.Synthesis Lectures on Information Security, Privacy, & Trust,9(1),911-123.
10. Kao, D. Y.,Hsiao, S. C.(2018).The dynamic analysis of WannaCry ransomware.2018 20th International Conference on Advanced Communication Technology (ICACT)
11. Mohurle, S.,Patil, M.(2017).A brief study of wannacry threat: Ransomware attack 2017.International Journal of Advanced Research in Computer Science,8(5)
12. S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” 2008.
13. Sudhan, A.,Nene, M. J.(2017).Employability of blockchain technology in defence applications.2017 International Conference on Intelligent Sustainable Systems (ICISS)
14. Tse, D.,Zhang, B.,Yang, Y.,Cheng, C.,Mu, H.(2017).Blockchain application in food supply information security.2017 IEEE International Conference on Industrial Engineering and Engineering Management (IEEM)
15. Wood, G.(2014).Ethereum project yellow paperEthereum project yellow paper,未出版
16. Zhou, E.,Hua, S.,Pi, B.,Sun, J.,Nomura, Y.,Yamashita, K.,Kurihara, H.(2018).Security Assurance for Smart Contract.2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS)

1. 黃朝琮(2019)。首次代幣發行之架構及相關問題探討。臺北大學法學論叢，111，1-94。
2. 林玫君(2019)。區塊鏈智能合約的契約法問題。中正大學法學集刊，63，127-183。