Modeling and Detection of Blockchain Smart Contract Attackers Based on Petri Nets

doi:10.19678/j.issn.1000-3428.0070219

Abstract

Abstract:

Smart contracts are the core of the second-generation blockchain Ethereum. They involve a large amount of cash flow but are vulnerable to hacking because of being deployed on a public chain. Therefore, potential vulnerabilities in contracts must be detected to ensure their security. However, existing detection methods have difficulty coping with the structural deception of attack codes, in-depth analysis of program logic, and mitigation of state-space explosions. To address these issues, this study first proposes a smart contract attacker modeling detection framework based on Petri nets; the framework uses abstract semantic rules and the dynamic operation characteristics of the nets to capture attack behaviors accurately and ensure high adaptability and accuracy of smart contract detection. Second, the study presents a unified detection method for multilevel vulnerabilities that combines the key features of vulnerabilities at each level to derive attack likelihoods and their potential impacts. Finally, the study presents an on-demand state-space generation mitigation mechanism for the state-space explosion problem; this mechanism improves detection efficiency and resource utilization significantly. Experimental results demonstrate that the proposed method is feasible and practical.

Key words: smart contract, Color Petri Net (CPN), attack, modeling, detection

摘要：

智能合约是第二代区块链以太坊的核心, 涉及大量资金流动, 因部署在公有链上易遭黑客攻击。因此, 检测合约潜在漏洞以确保其安全性至关重要。然而, 现有检测方法难以应对攻击代码结构性欺骗、深入解析程序逻辑、缓解状态空间爆炸等情况。为此, 构建一种基于Petri网的智能合约攻击者建模检测框架, 利用抽象语义规则和网络动态运行特性精确捕捉攻击行为, 确保智能合约检测的高适配性和高准确性。同时, 提出一种多层次漏洞统一检测方法, 结合各层次漏洞的关键特征, 推导攻击可能性及其潜在影响。针对状态空间爆炸问题, 设计一种按需生成状态空间的缓解机制, 有效提升了检测效率和资源利用率。实验结果表明, 所提检测方法具有可行性与实用性。

关键词: 智能合约, 颜色Petri网, 攻击, 建模, 检测

YANG Linfeng, HUANG Zheng, XU Yan, DING Zhijun. Modeling and Detection of Blockchain Smart Contract Attackers Based on Petri Nets[J]. Computer Engineering, 2025, 51(4): 15-26.

杨林枫, 黄政, 徐岩, 丁志军. 基于Petri网的区块链智能合约攻击者建模与检测[J]. 计算机工程, 2025, 51(4): 15-26.

/ Recommend / Download Citations

URL: https://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0070219

https://www.ecice06.com/EN/Y2025/V51/I4/15

Figures/Tables 17

Fig.1 Main steps of model detection

Fig.2 CPN model for ″attack_count+=1″ statement

Fig.3 Schematic diagram of reentrancy attack model combination

Fig.4 Schematic diagram of contracted coin-stealing attack model combination

Fig.5 Schematic diagram of miner attack model combination

Fig.6 Schematic diagram of trustor attack model combination

Fig.7 Example of CPN model of a simplified attacked contract

Fig.8 Example of CPN model of a simplified attack contract

Fig.9 Example of the combined CPN model

References 28

1	WANG S , OUYANG L W , YUAN Y , et al. Blockchain-enabled smart contracts: architecture, applications, and future trends. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 49 (11): 2266- 2277. doi: 10.1109/TSMC.2019.2895123
2	PETERS G W , PANAYI E . Understanding modern banking ledgers through blockchain technologies: future of transaction processing and smart contracts on the Internet of money. Berlin, Germany: Springer, 2016.
3	RAHIMIAN R, ESKANDARI S, CLARK J. Resolving the multiple withdrawal attack on ERC20 tokens[C]//Proceedings of the IEEE European Symposium on Security and Privacy Workshops. Washington D.C., USA: IEEE Press, 2019: 320-329.
4	DAIAN P, GOLDFEDER S, KELL T, et al. Flash boys 2.0: frontrunning in decentralized exchanges, miner extractable value, and consensus instability[C]//Proceedings of the IEEE Symposium on Security and Privacy. Washington D.C., USA: IEEE Press, 2020: 910-927.
5	ESKANDARI S , MOOSAVI S , CLARK J . SoK: transparent dishonesty: front-running attacks on blockchain. Berlin, Germany: Springer, 2020.
6	MUELLER B . Smashing Ethereum smart contracts for fun and real profit. HITB SECCONF Amsterdam, 2018, 9, 1- 10.
7	韦依姗, 曹晓梅, 王少辉, 等. 面向云存储的双重数据完整性验证方案. 小型微型计算机系统, 2024, 45 (12): 2944- 2950.
	WEI Y S , CAO X M , WANG S H , et al. Dual data integrity verification scheme for cloud storage. Journal of Chinese Computer Systems, 2024, 45 (12): 2944- 2950.
8	胡凯, 白晓敏, 高灵超, 等. 智能合约的形式化验证方法. 信息安全研究, 2016, 2 (12): 1080- 1089.
	HU K , BAI X M , GAO L C , et al. Formal verification method of smart contract. Journal of Information Security Research, 2016, 2 (12): 1080- 1089.
9	朱健, 胡凯, 张伯钧. 智能合约的形式化验证方法研究综述. 电子学报, 2021, 49 (4): 792- 804.
	ZHU J , HU K , ZHANG B J . Review on formal verification of smart contract. Acta Electronica Sinica, 2021, 49 (4): 792- 804.
10	TAKANEN A , DEMOTT J , MILLER C , et al. Fuzzing for software security testing and quality assurance. Boston, USA: Artech House, 2018.
11	LIANG H L , PEI X X , JIA X D , et al. Fuzzing: state of the art. IEEE Transactions on Reliability, 67 (3): 1199- 1218. doi: 10.1109/TR.2018.2834476
12	ZHANG X , LI Z J . Survey of fuzz testing technology. Computer Science, 2016, 43 (5): 1- 8.
13	WANG S, LIU T Y, TAN L, et al. Automatically learning semantic features for defect prediction[C]//Proceedings of the 38th International Conference on Software Engineering. New York, USA: ACM Press, 2016: 297-308.
14	MOSSBERG M, MANZANO F, HENNENFENT E, et al. Manticore: a user-friendly symbolic execution framework for binaries and smart contracts[C]//Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). Washington D.C., USA: IEEE Press, 2019: 1186-1189.
15	SHISHKIN E . Debugging smart contract's business logic using symbolic model checking. Programming and Computer Software, 2019, 45 (8): 590- 599. doi: 10.1134/S0361768819080164
16	赵伟, 张问银, 王九如, 等. 基于符号执行的智能合约漏洞检测方案. 计算机应用, 2020, 40 (4): 947- 953.
	ZHAO W , ZHANG W Y , WANG J R , et al. Smart contract vulnerability detection scheme based on symbol execution. Journal of Computer Applications, 2020, 40 (4): 947- 953.
17	WANG Y , ZHANG H . Detecting reentrancy attacks in smart contracts using colored Petri nets. Journal of Computer Security, 2020, 28 (5): 789- 804.
18	PARK D, ZHANG Y, SAXENA M, et al. A formal verification tool for Ethereum VM bytecode[C]//Proceedings of the 201826th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. New York, USA: ACM Press, 2018: 912-915.
19	ALQAHTANI S, HE X C, GAMBLE R, et al. Formal verification of functional requirements for smart contract compositions in supply chain management systems[EB/OL]. [2024-07-04]. https://www.semanticscholar.org/[JP+1]paper/Formal-Verification-of-Functional-Requirements-[JP+2]for-Alqahtani-He/45dbc30e55b883f39cf966b45f6759858d8e351f.
20	SUN T Y , YU W S . A formal verification framework for security issues of blockchain smart contracts. Electronics, 2020, 9 (2): 255. doi: 10.3390/electronics9020255
21	BHARGAVAN K, DELIGNAT-LAVAUD A, FOURNET C, et al. Formal verification of smart contracts: short paper[C]//Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security. New York, USA: ACM Press, 2016: 91-96.
22	JENSEN K . A brief introduction to coloured Petri nets. Berlin, Germany: Springer, 1997.
23	JENSEN K . Colored petri nets: basic concepts, analysis methods and practical use. Berlin, Germany: Springer, 2013: 411- 453.
24	LIU Z T, LIU J. Formal verification of blockchain smart contract based on colored Petri net models[C]//Proceedings of the IEEE 43rd Annual Computer Software and Applications Conference. Washington D.C., USA: IEEE Press, 2019: 555-560.
25	LIU J , LIU Z T . A survey on security verification of blockchain smart contracts. IEEE Access, 2019, 7, 77894- 77904. doi: 10.1109/ACCESS.2019.2921624
26	RODLER M, LI W T, KARAME G O, et al. Sereum: protecting existing smart contracts against re-entrancy attacks[C]//Proceedings of 2019 Network and Distributed System Security Symposium. San Diego, USA: [s. n. ], 2019: 164-186.
27	TSANKOV P, DAN A, DRACHSLER-COHEN D, et al. Securify: practial security analysis of smart contracts[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York, USA: ACM Press, 2018: 67-82.
28	钱鹏, 刘振广, 何钦铭, 等. 智能合约安全漏洞检测技术研究综述. 软件学报, 2022, 33 (8): 3059- 3085.
	QIAN P , LIU Z G , HE Q M , et al. Smart contract vulnerability detection technique: a survey. Journal of Software, 2022, 33 (8): 3059- 3085.

[1]	GUO Jipeng, XU Shilong, LONG Jiahao, WANG Youqing, SUN Yanfeng, YIN Baocai. Multi-view Subspace Clustering Based on Dual Cross-view Correlation Detection [J]. Computer Engineering, 2025, 51(4): 27-36.
[2]	ZHANG Anqin, DING Zhifeng. Network Anomaly Detection Integrating Dynamic Graph Embedding and Transformer Autoencoder [J]. Computer Engineering, 2025, 51(4): 47-56.
[3]	LI Shuwei, HUANG Zhengxiang, HU Yun, LIU Xing, LU Xiao, GUO Chang, WU Chengzhong, WANG Yaonan. Low-Light Salient Object Detection Based on Source-Free Domain Adaptation [J]. Computer Engineering, 2025, 51(4): 75-84.
[4]	HUANG Shuoqing, HUANG Jingui. Improved Steel Defect Detection Method Based on Enhanced Fusion of RFB and YOLOv5 Features [J]. Computer Engineering, 2025, 51(4): 249-260.
[5]	YANG Ping, ZHANG Xi. Improved DeepLabv3+ Road Surface Crack Detection Method [J]. Computer Engineering, 2025, 51(4): 261-270.
[6]	TANG Jingwen, LAI Huicheng, WANG Tongguan. Improved YOLOv8 Pedestrian Detection Algorithm for Long-Distance Situations [J]. Computer Engineering, 2025, 51(4): 303-313.
[7]	WANG Zeyu, XU Huiying, ZHU Xinzhong, HUANG Xiao, LIANG Jiajie, LI Chen. Lightweight Fry Detection Algorithm Based on Improved YOLOv8: FD-YOLO [J]. Computer Engineering, 2025, 51(4): 327-338.
[8]	CUI Jinrong, YE Weihao, ZHENG Hong, LIU Tonglai, QI Long, XU Yong. Rice Seedling Counting in Complex Environments Based on Domain-Adaptive NWD-YOLOv5 [J]. Computer Engineering, 2025, 51(3): 320-333.
[9]	SUN Ting, YANG Jie, LI Jiaxuan, WANG Yaozong. Optimization of YOLOv7 Road Sign Detection Algorithm for Low-Light Traffic Scenes [J]. Computer Engineering, 2025, 51(3): 342-351.
[10]	ZHANG Zhaoxin, HUANG Shize, ZHANG Bingjie, SHEN Tuo. Camouflaged Adversarial Example Generation Method for the Form of Motion Blur in Traffic Scenes [J]. Computer Engineering, 2025, 51(3): 45-53.
[11]	YUAN Yajian, MAO Li. A Lightweight Traffic Sign Detection Model with Enhanced Foregrounds [J]. Computer Engineering, 2025, 51(3): 54-63.
[12]	HU Qian, PI Jianyong, HU Weichao, HUANG Kun, WANG Juanmin. Dense Pedestrian Detection Algorithm Based on Improved YOLOv5 [J]. Computer Engineering, 2025, 51(3): 216-228.
[13]	WANG Xinliang, WANG Luying. Safety Helmet Detection Algorithm with Feature Enhancement in Low Light Blasting Scenes [J]. Computer Engineering, 2025, 51(3): 252-260.
[14]	WU Chaoyu, YANG Bin. Remote Sensing Image Change Detection Based on Large Kernel Re-parameter U-Net [J]. Computer Engineering, 2025, 51(3): 261-273.
[15]	GAO Rui, AN Guocheng, ZOU Danping, PEI Ling. Semi-Supervised Vehicle Detection Algorithm Based on Improved YOLOv5 [J]. Computer Engineering, 2025, 51(3): 300-309.

Please choose a citation manager

Content to export