Article Preview
TopIntroduction
With the rapid development of blockchain technology, smart contracts, as its core component, have been widely used in the fields of finance, supply chain management, and digital asset trading (Metz, 2021). However, the security of smart contracts has been an issue of great concern because smart contracts cannot be changed once they are deployed on the blockchain, and they may involve large amounts of money and essential business logic. Therefore, smart contract vulnerability detection has become an important topic in current research.
Although there have been some studies on smart contract vulnerabilities, the existing vulnerability detection methods still have some limitations due to the complexity of smart contracts and the specificity of blockchain. Traditional software vulnerability detection techniques are usually not directly applicable to smart contracts because the execution environment of smart contracts is very different from ordinary software (Lu et al., 2021). Therefore, new vulnerability detection methods and tools need to be developed for the characteristics of smart contracts.
In recent years, researchers have proposed a number of smart contract vulnerability detection methods based on techniques such as static analysis, dynamic analysis, and symbolic execution (Nguyen et al., 2021). These methods can help developers discover potential vulnerabilities and provide remediation suggestions before deploying smart contracts. In addition, some research has been devoted to developing smart contract vulnerability detection tools to improve the efficiency and accuracy of vulnerability detection (Alweshah et al., 2020; Nedjah et al., 2023). However, smart contract vulnerability detection still faces challenges. The complexity of smart contracts and the decentralized nature of blockchain increase the difficulty of vulnerability detection and make it challenging to ensure the completeness and accuracy of detection. Therefore, improving the efficiency and reliability of smart contract vulnerability detection is still one of the pressing issues in current research. Although the match-based approach has been proven to be effective for vulnerability detection, applying the technique to smart contracts is a challenging task (Fatemidokht et al., 2021). Two significant issues need to be addressed: First, research has shown that the match-based detection technique should be applied more to bytecode since few smart contracts are open source. However, due to the rapid development of the Solidity compiler (Kumar & Sivakumar, 2022), the same bytecode fragment can produce different bytecodes depending on the compiler version, and this diversity interferes with bytecode matching. Another problem is that different versions of compilers can compile many different instructions, resulting in missing instructions. Even if the instructions have the same semantics, different compiler versions can cause significant differences.