计算机科学 ›› 2022, Vol. 49 ›› Issue (8): 294-305.doi: 10.11896/jsjkx.220500069
黄松1, 杜金虎1, 王兴亚1,2, 孙金磊1
HUANG Song1, DU Jin-hu1, WANG Xing-ya1,2, SUN Jin-lei1
摘要: 运行在区块链平台之上的智能合约,完成了不同参与者之间协议的达成和自动执行,同时也管理了大量的数字资产,智能合约漏洞的频繁爆出,造成了难以估量的经济损失。模糊测试是一种有效的动态漏洞检测技术,已经被应用于智能合约安全研究。文中分析了现有综述工作对智能合约模糊测试的总结不足的问题,并提出了智能合约模糊测试的基本框架;以目前智能合约安全研究中最广泛的以太坊智能合约为例,介绍了与智能合约紧密相关的账户机制和交易结构,总结了智能合约区别于传统程序的特点;阐述了智能合约的漏洞,并对这些智能合约模糊测试技术覆盖的漏洞进行了比较;进一步地,从单交易和交易序列两个方面对已有智能合约模糊测试技术的输入生成进行了分析;从函数层面、交易层面和交易序列层面对测试输入变异进行了总结;对已有智能合约模糊测试技术的测试预言使用进行了简述;另外,还总结了智能合约模糊测试的技术评价指标。最后,提出了当前智能合约模糊测试技术研究面临的问题,并对未来的研究方向进行了展望。
中图分类号:
[1]NICK S.The Idea of Smart Contract[EB/OL].https://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/idea.html. [2]NAKAMOTO S.Bitcoin:A peer-to-peer electronic cash system[EB/OL]. https://bitcoin.org/bitcoin.pdf. [3]SUNYAEV A.Distributed ledger technology[M]//InternetComputing.Cham:Springer,2020:265-299. [4]TAPSCOTT A,TAPSCOTT D.How blockchain is changing finance[J].Harvard Business Review,2017,1(9):2-5. [5]MIN T,WANG H,GUO Y,et al.Blockchain games:A survey[C]//2019 IEEE Conference on Games(CoG).IEEE,2019:1-8. [6]REYNA A,MARTÍN C,CHEN J,et al.On blockchain and its integration with IoT.Challenges and opportunities[J].Future Generation Computer Systems,2018,88:173-190. [7]RAIKWAR M,MAZUMDAR S,RUJ S,et al.A blockchainframework for insurance processes[C]//2018 9th IFIP International Conference on New Technologies,Mobility and Security(NTMS).IEEE,2018:1-4. [8]WOOD G.Ethereum:A secure decentralised generalised transa-ction ledger[J].Ethereum Project Yellow Paper,2014,151(2014):1-32. [9]Etherscan.Total Ether Supply[EB/OL].https://cn.etherscan.com/stat/supply. [10]CSDN.The reason for the Ethereum fork:the famous The DAO event [EB/OL].https://blog.csdn.net/mrRqAEr7ci9s2v0/article/details/84949088. [11]Zhihu.Analysis of Parity MultiSig Wallet Freezing[EB/OL].https://zhuanlan.zhihu.com/p/31000130?from_voters_page=true. [12]LI J,ZHAO B,ZHANG C.Fuzzing:a survey[J].Cybersecurity,2018,1(1):1-13. [13]KAKSONEN R,LAAKSO M,TAKANEN A.Software security assessment through specification mutations and fault injection[M]//Communications and Multimedia Security Issues of the New Century.Boston:Springer,2001:173-183. [14]SCHUMILO S,ASCHERMANN C,GAWLIK R,et al.kafl:Hardware-assisted feedback fuzzing for {OS} kernels[C]//26th {USENIX} Security Symposium({USENIX} Security 17).2017:167-182. [15]ZHENG Y,DAVANIAN A,YIN H,et al.FIRM-AFL:high-throughput greybox fuzzing of iot firmware via augmented process emulation[C]//28th {USENIX} Security Symposium({USENIX} Security 19).2019:1099-1114. [16]LIU B,ZHANG C,GONG G,et al.{FANS}:Fuzzing Android Native System Services via Automated Interface Analysis[C]//29th {USENIX} Security Symposium({USENIX} Security 20).2020:307-323. [17]JIANG B,LIU Y,CHAN W K.Contractfuzzer:Fuzzing smart contracts for vulnerability detection[C]//2018 33rd IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2018:259-269. [18]Consensys.Homepage of Consensys [EB/OL].https://www.consensys.net/. [19]WÜSTHOLZ V,CHRISTAKIS M.Harvey:A greybox fuzzerfor smart contracts[C]//Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering.2020:1398-1409. [20]Trail of Bits.Homepage of Trailofbits[EB/OL].https://www.trailofbits.com/. [21]GRIECO G,SONG W,CYGAN A,et al.Echidna:effective,usable,and fast fuzzing for smart contracts[C]//Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis.2020:557-560. [22]GROCE A,GRIECO G.echidna-parade:a tool for diverse multicore smart contract fuzzing[C]//Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis.2021:658-661. [23]LIU C,LIU H,CAO Z,et al.Reguard:finding reentrancy bugs in smart contracts[C]//2018 IEEE/ACM 40th International Conference on Software Engineering:Companion(ICSE-Companion).IEEE,2018:65-68. [24]HE J,BALUNOVIĆ M,AMBROLADZE N,et al.Learning tofuzz from symbolic execution with application to smart contracts[C]//Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security.2019:531-548. [25]LIAO J W,TSAI T T,HE C K,et al.Soliaudit:smart contract vulnerability assessment based on machine learning and fuzz testing[C]//2019 Sixth International Conference on Internet of Things:Systems,Management and Security(IOTSMS).IEEE,2019:458-465. [26]WANG H,LIU Y,LI Y,et al.Oracle-supported dynamic exploit generation for smart contracts[J].IEEE Transactions on Dependable and Secure Computing,2022,19(3):1795-1809. [27]ZHANG Q,WANG Y,LI J,et al.Ethploit:From fuzzing to efficient exploit generation against smart contracts[C]//2020 IEEE 27th International Conference on Software Analysis,Evolution and Reengineering(SANER).IEEE,2020:116-126. [28]NGUYEN T D,PHAM L H,SUN J,et al.sfuzz:An efficientadaptive fuzzer for solidity smart contracts[C]//Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering.2020:778-788. [29]CHOI J,KIM D,KIM S,et al.SMARTIAN:Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses[C]//2021 36th IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2021:227-239. [30]ZHOU T,LIU K,LI L,et al.SmartGift:Learning to Generate Practical Inputs for Testing Smart Contracts[C]//2021 IEEE International Conference on Software Maintenance and Evolution(ICSME).IEEE,2021:23-34. [31]ALMAKHOUR M,SLIMAN L,SAMHAT A E,et al.Verification of smart contracts:A survey[J/OL].Pervasive and Mobile Computing,2020,67:101227.https://doi.org/10.1016/j.pmcj.2020.101227. [32]TOLMACH P,LI Y,LIN S W,et al.A survey of smart contract formal specification and verification[J].ACM Computing Surveys(CSUR),2021,54(7):1-38. [33]PRAITHEESHAN P,PAN L,YU J,et al.Security analysismethods on ethereum smart contract vulnerabilities:a survey[J].arXiv:1908.08605,2019. [34]VUJIČIĆ D,JAGODIĆ D,RANDIĆ S.Blockchain technology,bitcoin,and Ethereum:A brief overview[C]//2018 17th International Symposium Infoteh-jahorina(Infoteh).IEEE,2018:1-6. [35]Ethereum.Solidity[EB/OL].https://docs.soliditylang.org/en/v0.8.13/. [36]Ben Edgington.LLL Complier Documentation[EB/OL].https://lll-docs.readthedocs.io/en/latest/lll_introduction.html. [37]Ethereum.Serpent[EB/OL].https://github.com/ethereum/se-rpent. [38]Vyperlang.Pythonic Smart Contract Language for the EVM[EB/OL].https://github.com/vyperlang/vyper. [39]CornellBlockchain.Bamboo:a morphing smart contract language[EB/OL].https://github.com/cornellblockchain/bamboo. [40]DASP.Decentralized Application Security Project(or DASP)Top 10 of 2018[EB/OL].https://www.dasp.co/#item-7. [41]NccGroup.Homepage of NccGroup[EB/OL].https://www.nccgroup.com/. [42]ATZEI N,BARTOLETTI M,CIMOLI T.A survey of attacks on ethereum smart contracts(sok)[C]//International Confe-rence on Principles of Security and Trust.Berlin:Springer,2017:164-186. [43]CHEN J,XIA X,LO D,et al.Defining smart contract defects on ethereum[J].IEEE Transactions on Software Engineering,2022,48(1):327-345. [44]ZALEWSKI M.American fuzzy lop[EB/OL].https://github.com/google/AFL. [45]CHOI J,JANG J,HAN C,et al.Grey-box concolic testing on binary code[C]//2019 IEEE/ACM 41st International Conference on Software Engineering(ICSE).IEEE,2019:736-747. [46]BARR E T,HARMAN M,MCMINN P,et al.The oracle problem in software testing:A survey[J].IEEE transactions on software engineering,2014,41(5):507-525. [47]AMMANN P,OFFUTT J.Introduction to software testing[M].Cambridge:Cambridge University Press,2016. [48]LUU L,CHU D H,OLICKEL H,et al.Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC Confe-rence on Computer and Communications Security.2016:254-269. [49]MOSSBERG M,MANZANO F,HENNENFENT E,et al.Manticore:A user-friendly symbolic execution framework for binaries and smart contracts[C]//2019 34th IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2019:1186-1189. [50]MUELLER B.Mythril-Security analysis tool for EVM bytecode[EB/OL].https://github.com/ConsenSys/mythril. [51]TOLMACH P,LI Y,LIN S W,et al.A survey of smart contract formal specification and verification[J].ACM Computing Surveys(CSUR),2021,54(7):1-38. |
[1] | 胡志濠, 潘祖烈. 基于QRNN的网络协议模糊测试用例过滤方法 Testcase Filtering Method Based on QRNN for Network Protocol Fuzzing 计算机科学, 2022, 49(5): 318-324. https://doi.org/10.11896/jsjkx.210300281 |
[2] | 李明磊, 黄晖, 陆余良, 朱凯龙. SymFuzz:一种复杂路径条件下的漏洞检测技术 SymFuzz:Vulnerability Detection Technology Under Complex Path Conditions 计算机科学, 2021, 48(5): 25-31. https://doi.org/10.11896/jsjkx.200600128 |
[3] | 李毅豪, 洪征, 林培鸿. 基于深度优先搜索的模糊测试用例生成方法 Fuzzing Test Case Generation Method Based on Depth-first Search 计算机科学, 2021, 48(12): 85-93. https://doi.org/10.11896/jsjkx.200800178 |
[4] | 赵赛, 刘昊, 王雨峰, 苏航, 燕季薇. Android组件间通信的模糊测试方法 Fuzz Testing of Android Inter-component Communication 计算机科学, 2020, 47(11A): 303-309. https://doi.org/10.11896/jsjkx.200100122 |
[5] | 李佳莉, 陈永乐, 李志, 孙利民. 基于协议状态图遍历的RTSP协议漏洞挖掘 Mining RTSP Protocol Vulnerabilities Based on Traversal of Protocol State Graph 计算机科学, 2018, 45(9): 171-176. https://doi.org/10.11896/j.issn.1002-137X.2018.09.028 |
[6] | 张亚丰,洪征,吴礼发,周振吉,孙贺. 基于状态的工控协议Fuzzing测试技术 Protocol State Based Fuzzing Method for Industrial Control Protocols 计算机科学, 2017, 44(5): 132-140. https://doi.org/10.11896/j.issn.1002-137X.2017.05.024 |
[7] | 程诚,周彦晖. 基于模糊测试和遗传算法的XSS漏洞挖掘 Findding XSS Vulnerabilities Based on Fuzzing Test and Genetic Algorithm 计算机科学, 2016, 43(Z6): 328-331. https://doi.org/10.11896/j.issn.1002-137X.2016.6A.078 |
[8] | 张雄,李舟军. 模糊测试技术研究综述 Survey of Fuzz Testing Technology 计算机科学, 2016, 43(5): 1-8. https://doi.org/10.11896/j.issn.1002-137X.2016.05.001 |
[9] | 张亚军,李舟军,廖湘科,蒋瑞成,李海峰. 自动化白盒模糊测试技术研究 Survey of Automated Whitebox Fuzz Testing 计算机科学, 2014, 41(2): 7-10. |
[10] | 侯莹,洪征,潘增,吴礼发. 基于模型的Fuzzing测试脚本自动化生成 Model Based Automatic Fuzzing Script Generation 计算机科学, 2013, 40(3): 206-209. |
[11] | 马晓东 董威 王戟 齐治昌. 程序时序属性的自动测试 计算机科学, 2004, 31(6): 132-134. |
|