Open Access  Subscription Access

區塊鏈技術是以點對點網路為基礎，將資料分散於網路中的每個節點，同時也不需要任何第三方的控管與維護，諸多的特性帶起了虛擬貨幣「比特幣」的發展，成為了全球幣值最高的貨幣，後續也帶起了以智能合約為特點的以太坊平台，其特殊的貨幣「以太幣」成為市值僅次於比特幣的虛擬貨幣，由於智能合約的廣泛應用，使以太坊的使用者逐漸增加，然而在撰寫智能合約中，程式語言「Solidity」因為其特殊的規則與語法，導致眾多已部署的合約都含有許多漏洞及陷阱，這也成為了攻擊者的攻擊目標，如著名的「The DAO事件」，因此，本論文整理了現今智能合約中常見的漏洞及陷阱，以合約模擬過程並提出解決或避免方式，讓撰寫合約者能有效地避免合約遭受攻擊。Blockchain technology is based on peer-to-peer network. It distributes data to every node in the network, and does not require any third-party control and maintenance. These features make the virtual currency ＂Bitcoin＂ popular which become the currency with the highest currency value in the world. It has also make the Ethereum platform featuring smart contracts popular too. It's special currency ＂Ether＂ becomes the virtual currency with the market value that is second only to the bitcoin. Due to the various application of smart contracts, the users of Ethereum has gradually increased. However, in writing smart contracts, the programming language ＂Solidity＂ has many loopholes and traps due to its special rules and grammar, so it has become the target of attackers, such as the famous ＂The DAO＂. Therefore, this paper survey the vulnerabilities and pitfalls in today’s smart contracts, and use the contract simulation process and propose solutions or avoidance methods to make the programmer avoid contract damage effectively.

區塊鏈; 以太坊; 智能合約; Solidity; Blockchain; Ethereum; smart contract; Solidity