Computer Science ›› 2022, Vol. 49 ›› Issue (8): 294-305.doi: 10.11896/jsjkx.220500069
• Information Security • Previous Articles Next Articles
HUANG Song1, DU Jin-hu1, WANG Xing-ya1,2, SUN Jin-lei1
CLC Number:
[1]NICK S.The Idea of Smart Contract[EB/OL].https://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/idea.html. [2]NAKAMOTO S.Bitcoin:A peer-to-peer electronic cash system[EB/OL]. https://bitcoin.org/bitcoin.pdf. [3]SUNYAEV A.Distributed ledger technology[M]//InternetComputing.Cham:Springer,2020:265-299. [4]TAPSCOTT A,TAPSCOTT D.How blockchain is changing finance[J].Harvard Business Review,2017,1(9):2-5. [5]MIN T,WANG H,GUO Y,et al.Blockchain games:A survey[C]//2019 IEEE Conference on Games(CoG).IEEE,2019:1-8. [6]REYNA A,MARTÍN C,CHEN J,et al.On blockchain and its integration with IoT.Challenges and opportunities[J].Future Generation Computer Systems,2018,88:173-190. [7]RAIKWAR M,MAZUMDAR S,RUJ S,et al.A blockchainframework for insurance processes[C]//2018 9th IFIP International Conference on New Technologies,Mobility and Security(NTMS).IEEE,2018:1-4. [8]WOOD G.Ethereum:A secure decentralised generalised transa-ction ledger[J].Ethereum Project Yellow Paper,2014,151(2014):1-32. [9]Etherscan.Total Ether Supply[EB/OL].https://cn.etherscan.com/stat/supply. [10]CSDN.The reason for the Ethereum fork:the famous The DAO event [EB/OL].https://blog.csdn.net/mrRqAEr7ci9s2v0/article/details/84949088. [11]Zhihu.Analysis of Parity MultiSig Wallet Freezing[EB/OL].https://zhuanlan.zhihu.com/p/31000130?from_voters_page=true. [12]LI J,ZHAO B,ZHANG C.Fuzzing:a survey[J].Cybersecurity,2018,1(1):1-13. [13]KAKSONEN R,LAAKSO M,TAKANEN A.Software security assessment through specification mutations and fault injection[M]//Communications and Multimedia Security Issues of the New Century.Boston:Springer,2001:173-183. [14]SCHUMILO S,ASCHERMANN C,GAWLIK R,et al.kafl:Hardware-assisted feedback fuzzing for {OS} kernels[C]//26th {USENIX} Security Symposium({USENIX} Security 17).2017:167-182. [15]ZHENG Y,DAVANIAN A,YIN H,et al.FIRM-AFL:high-throughput greybox fuzzing of iot firmware via augmented process emulation[C]//28th {USENIX} Security Symposium({USENIX} Security 19).2019:1099-1114. [16]LIU B,ZHANG C,GONG G,et al.{FANS}:Fuzzing Android Native System Services via Automated Interface Analysis[C]//29th {USENIX} Security Symposium({USENIX} Security 20).2020:307-323. [17]JIANG B,LIU Y,CHAN W K.Contractfuzzer:Fuzzing smart contracts for vulnerability detection[C]//2018 33rd IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2018:259-269. [18]Consensys.Homepage of Consensys [EB/OL].https://www.consensys.net/. [19]WÜSTHOLZ V,CHRISTAKIS M.Harvey:A greybox fuzzerfor smart contracts[C]//Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering.2020:1398-1409. [20]Trail of Bits.Homepage of Trailofbits[EB/OL].https://www.trailofbits.com/. [21]GRIECO G,SONG W,CYGAN A,et al.Echidna:effective,usable,and fast fuzzing for smart contracts[C]//Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis.2020:557-560. [22]GROCE A,GRIECO G.echidna-parade:a tool for diverse multicore smart contract fuzzing[C]//Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis.2021:658-661. [23]LIU C,LIU H,CAO Z,et al.Reguard:finding reentrancy bugs in smart contracts[C]//2018 IEEE/ACM 40th International Conference on Software Engineering:Companion(ICSE-Companion).IEEE,2018:65-68. [24]HE J,BALUNOVIĆ M,AMBROLADZE N,et al.Learning tofuzz from symbolic execution with application to smart contracts[C]//Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security.2019:531-548. [25]LIAO J W,TSAI T T,HE C K,et al.Soliaudit:smart contract vulnerability assessment based on machine learning and fuzz testing[C]//2019 Sixth International Conference on Internet of Things:Systems,Management and Security(IOTSMS).IEEE,2019:458-465. [26]WANG H,LIU Y,LI Y,et al.Oracle-supported dynamic exploit generation for smart contracts[J].IEEE Transactions on Dependable and Secure Computing,2022,19(3):1795-1809. [27]ZHANG Q,WANG Y,LI J,et al.Ethploit:From fuzzing to efficient exploit generation against smart contracts[C]//2020 IEEE 27th International Conference on Software Analysis,Evolution and Reengineering(SANER).IEEE,2020:116-126. [28]NGUYEN T D,PHAM L H,SUN J,et al.sfuzz:An efficientadaptive fuzzer for solidity smart contracts[C]//Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering.2020:778-788. [29]CHOI J,KIM D,KIM S,et al.SMARTIAN:Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses[C]//2021 36th IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2021:227-239. [30]ZHOU T,LIU K,LI L,et al.SmartGift:Learning to Generate Practical Inputs for Testing Smart Contracts[C]//2021 IEEE International Conference on Software Maintenance and Evolution(ICSME).IEEE,2021:23-34. [31]ALMAKHOUR M,SLIMAN L,SAMHAT A E,et al.Verification of smart contracts:A survey[J/OL].Pervasive and Mobile Computing,2020,67:101227.https://doi.org/10.1016/j.pmcj.2020.101227. [32]TOLMACH P,LI Y,LIN S W,et al.A survey of smart contract formal specification and verification[J].ACM Computing Surveys(CSUR),2021,54(7):1-38. [33]PRAITHEESHAN P,PAN L,YU J,et al.Security analysismethods on ethereum smart contract vulnerabilities:a survey[J].arXiv:1908.08605,2019. [34]VUJIČIĆ D,JAGODIĆ D,RANDIĆ S.Blockchain technology,bitcoin,and Ethereum:A brief overview[C]//2018 17th International Symposium Infoteh-jahorina(Infoteh).IEEE,2018:1-6. [35]Ethereum.Solidity[EB/OL].https://docs.soliditylang.org/en/v0.8.13/. [36]Ben Edgington.LLL Complier Documentation[EB/OL].https://lll-docs.readthedocs.io/en/latest/lll_introduction.html. [37]Ethereum.Serpent[EB/OL].https://github.com/ethereum/se-rpent. [38]Vyperlang.Pythonic Smart Contract Language for the EVM[EB/OL].https://github.com/vyperlang/vyper. [39]CornellBlockchain.Bamboo:a morphing smart contract language[EB/OL].https://github.com/cornellblockchain/bamboo. [40]DASP.Decentralized Application Security Project(or DASP)Top 10 of 2018[EB/OL].https://www.dasp.co/#item-7. [41]NccGroup.Homepage of NccGroup[EB/OL].https://www.nccgroup.com/. [42]ATZEI N,BARTOLETTI M,CIMOLI T.A survey of attacks on ethereum smart contracts(sok)[C]//International Confe-rence on Principles of Security and Trust.Berlin:Springer,2017:164-186. [43]CHEN J,XIA X,LO D,et al.Defining smart contract defects on ethereum[J].IEEE Transactions on Software Engineering,2022,48(1):327-345. [44]ZALEWSKI M.American fuzzy lop[EB/OL].https://github.com/google/AFL. [45]CHOI J,JANG J,HAN C,et al.Grey-box concolic testing on binary code[C]//2019 IEEE/ACM 41st International Conference on Software Engineering(ICSE).IEEE,2019:736-747. [46]BARR E T,HARMAN M,MCMINN P,et al.The oracle problem in software testing:A survey[J].IEEE transactions on software engineering,2014,41(5):507-525. [47]AMMANN P,OFFUTT J.Introduction to software testing[M].Cambridge:Cambridge University Press,2016. [48]LUU L,CHU D H,OLICKEL H,et al.Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC Confe-rence on Computer and Communications Security.2016:254-269. [49]MOSSBERG M,MANZANO F,HENNENFENT E,et al.Manticore:A user-friendly symbolic execution framework for binaries and smart contracts[C]//2019 34th IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2019:1186-1189. [50]MUELLER B.Mythril-Security analysis tool for EVM bytecode[EB/OL].https://github.com/ConsenSys/mythril. [51]TOLMACH P,LI Y,LIN S W,et al.A survey of smart contract formal specification and verification[J].ACM Computing Surveys(CSUR),2021,54(7):1-38. |
[1] | HU Zhi-hao, PAN Zu-lie. Testcase Filtering Method Based on QRNN for Network Protocol Fuzzing [J]. Computer Science, 2022, 49(5): 318-324. |
[2] | LI Yi-hao, HONG Zheng, LIN Pei-hong. Fuzzing Test Case Generation Method Based on Depth-first Search [J]. Computer Science, 2021, 48(12): 85-93. |
[3] | ZHANG Ya-feng, HONG Zheng, WU Li-fa, ZHOU Zhen-ji and SUN He. Protocol State Based Fuzzing Method for Industrial Control Protocols [J]. Computer Science, 2017, 44(5): 132-140. |
[4] | CHENG Cheng and ZHOU Yan-hui. Findding XSS Vulnerabilities Based on Fuzzing Test and Genetic Algorithm [J]. Computer Science, 2016, 43(Z6): 328-331. |
[5] | . Model Based Automatic Fuzzing Script Generation [J]. Computer Science, 2013, 40(3): 206-209. |
|