计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (9): 117-122.doi: 10.11896/jsjkx.220800104

• 计算机软件 • 上一篇    下一篇

基于深度学习和信息反馈的智能合约模糊测试方法

赵明敏, 杨秋辉, 洪玫, 蔡创   

  1. 四川大学计算机学院 成都 610065
  • 收稿日期:2022-08-10 修回日期:2022-11-21 出版日期:2023-09-15 发布日期:2023-09-01
  • 通讯作者: 杨秋辉(yangqiuhui@scu.edu.cn)
  • 作者简介:(1807452597@qq.com)
  • 基金资助:
    四川省自然科学基金(23NSFSC3752);四川大学专职博士后研发基金(2022SCU12077)

Smart Contract Fuzzing Based on Deep Learning and Information Feedback

ZHAO Mingmin, YANG Qiuhui, HONG Mei, CAI Chuang   

  1. School of Computer Science,Sichuan University,Chengdu 610065,China
  • Received:2022-08-10 Revised:2022-11-21 Online:2023-09-15 Published:2023-09-01
  • About author:ZHAO Mingmin,born in 1999,postgraduate,is a student member of China Computer Federation.Her main research interests include software quality assurance and testing.
    YANG Qiuhui,born in 1970,Ph.D,associate professor.Her main research interests include software automation testing,and software project management.
  • Supported by:
    Natural Science Foundation of Sichuan Province,China(23NSFSC3752) and Sichuan University Postdoctoral Science Research Foundation(2022SCU12077).

PDF (PC)

3836

摘要: 主流区块链平台以太坊上频繁发现由不安全编程引起的智能合约安全漏洞。为了提高模糊测试对合约代码的覆盖率,以更全面地检测安全漏洞,提出了一种智能合约模糊测试方法。首先构造智能合约交易序列数据集,再基于深度学习构建智能合约交易生成模型以生成模糊测试初始种子;然后根据覆盖率和分支距离信息,对智能合约进行信息反馈引导的模糊测试,提出了特定的测试用例染色体编码方式,并设计实现了相应的交叉和变异算子。所提方法能有效覆盖智能合约的深层次状态以及严格条件守卫的分支代码。在500个智能合约上进行实验,结果表明,所提方法的代码覆盖率为93.73%,漏洞检测率为 93.93%,与ILF,sFuzz,Echidna方法相比,所提方法的代码覆盖率提高了3.80%~25.49%,漏洞检测率提高了4.64%~24.02%。所提方法有助于提升以太坊智能合约安全测试的有效性,具有参考价值。

关键词: 以太坊智能合约, 安全测试, 深度学习, 模糊测试, 信息反馈引导

Abstract: Vulnerabilities of smart contracts caused by insecure programming have been frequently discovered on the mainstream blockchain platform Ethereum.In order to improve the coverage of contracts by fuzzing and detect security vulnerabilities more comprehensively,this paper proposes a smart contract fuzzing.First,constructing Ethereum smart contract transaction sequence data set,then building smart contract generation model based on deep learning to generate initial seeds for fuzzing.Then,accor-ding to the information of coverage and branch distance,conduct information feedback-guided fuzzing on smart contracts,a speci-fic chromosome encoding method for test cases is proposed,and corresponding crossover operators and mutation operators are designed and implemented.The method can effectively cover the deep state of smart contracts and branch code guarded by strict conditions.Experiments on 500 smart contracts show that the code coverage rate of this method is 93.73%,and the vulnerability detection rate is 93.93%.Compare with the ILF,sFuzz,and Echidna methods,the code coverage rate of this method increases by 3.80%~25.49%,the vulnerability detection rate increases by 4.64%~24.02%.This method helps to improve the effectiveness of Ethereum smart contract security testing and is worthy of reference for the industry.

Key words: Ethereum smart contracts, Security testing, Deep learning, Fuzzing, Information feedback guidance

中图分类号: 

  • TP311.5
[1]TIAN G H,HU Y H,CHEN X F.Research progress of Block Chain System Attack and defense technology [J].Journal of Software,2021,32(5):1495-1525.
[2]HU T Y,LI Z C,LI B X,et al.Contract security and privacy se-curity of smart contracts [J].Chinese Journal of Computers,2021,44(12):2485-2514.
[3]MILLER B P,FREDRIKSEN L,SO B.An Empirical Study of the Reliability of UNIX Utilities[J].Communications of the ACM,1990,33(12):32-44.
[4]TIKHOMIROV S,VOSKRESENSKAYA E,IVANITSKIY I,et al.SmartCheck:Static Analysis of Ethereum Smart Contracts[C]//Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain.New York:Association for Computing Machinery,2018:9-16.
[5]LIU H,LIU C,ZHAO W,et al.S-Gram:Towards Semantic-Aware Security Auditing for Ethereum Smart Contracts[C]//Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering.Montpellier:ACM,2018:814-819.
[6]GRECH N,KONG M,JURISEVIC A,et al.MadMax:Surviving out-of-Gas Conditions in Ethereum Smart Contracts[J].Proceedings of the ACM on Programming Languages,2018,2(OOPSLA):116:1-116:27.
[7]YE J,MA M,LIN Y,et al.Clairvoyance:Cross-Contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts[C]//Proceedings of the ACM/IEEE 42nd International Confe-rence on Software Engineering:Companion Proceedings.New York:Association for Computing Machinery,2020:274-275.
[8]LUU L,CHU D H,OLICKEL H,et al.Making Smart Contracts Smarter[C]//Proceedings of the 2016 ACM SIGSAC Confe-rence on Computer and Communications Security.Vienna:ACM,2016:254-269.
[9]NIKOLIĆI,KOLLURI A,SERGEY I,et al.Finding The Gree-dy,Prodigal,and Suicidal Contracts at Scale[C]//Proceedings of the 34th Annual Computer Security Applications Conference.San Juan:ACM,2018:653-663.
[10]TORRES C F,SCHÜTTE J,STATE R.Osiris:Hunting for Integer Bugs in Ethereum Smart Contracts[C]//Proceedings of the 34th Annual Computer Security Applications Conference.New York:ACM,2018:664-676.
[11]HUANG S,DU J H,WANG X Y,et al.A survey of fuzzy testing technology for Ethereum Smart Contract [J].Computer Science,2022,49(8):294-305.
[12]JIANG B,LIU Y,CHAN W K.ContractFuzzer:Fuzzing Smart Contracts for Vulnerability Detection[C]//Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering.Montpellier:ACM,2018:259-269.
[13]HE J,BALUNOVIĆM,AMBROLADZE N,et al.Learning toFuzz from Symbolic Execution with Application to Smart Contracts[C]//Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security.New York:ACM,2019:531-548.
[14]GRIECO G,SONG W,CYGAN A,et al.Echidna:Effective,Usa-ble,and Fast Fuzzing for Smart Contracts[C]//Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis.New York:ACM,2020:557-560.
[15]GROCE A,GRIECO G.Echidna-Parade:A Tool for DiverseMulticore Smart Contract Fuzzing[C]//Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis.New York:ACM,2021:658-661.
[16]NGUYEN T D,PHAM L H,SUN J,et al.SFuzz:An Efficient Adaptive Fuzzer for Solidity Smart Contracts[C]//Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering.New York:ACM,2020:778-788.
[17]ZALEWSKI M.American Fuzzy Lop[EB/OL].[2022-01-15].https://lcamtuf.coredump.cx/afl/.
[18]WÜSTHOLZ V,CHRISTAKIS M.Harvey:A Greybox Fuzzer for Smart Contracts[C]//Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering.New York:ACM,2020:1398-1409.
[19]CADAR C,DUNBAR D,ENGLER D R,et al.Klee:Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs[C]//Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation.California:ACM,2008:209-224.
[20]ILYA S,ORIOL V,QUOC V L,et al.Sequence to sequence learning with neural networks[C]//Proceedings of the 27th International Conference on Neural Information Processing Systems(NIPS'14).Montreal:MIT Press,2014:3104-3112.
[21]BAO X A,XIONG Z J,ZHANG W,et al.A Path Test Case Generation Method Based on Improved Genetic Algorithm [J].Computer Science,2018,45(8):174-178,190.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发