Computer Science

Computer Science ›› 2022, Vol. 49 ›› Issue (8): 294-305.doi: 10.11896/jsjkx.220500069

• Information Security • Previous Articles     Next Articles

Survey of Ethereum Smart Contract Fuzzing Technology Research

HUANG Song1, DU Jin-hu1, WANG Xing-ya1,2, SUN Jin-lei1   

  1. 1 Institute of Command and Control Engineering,Army Engineering University of PLA,Nanjing 210007,China
    2 College of Computer Science and Technology,Nanjing Tech University,Nanjing 211816,China
  • Received:2022-05-07 Revised:2022-06-10 Published:2022-08-02
  • About author:HUANG Song,born in 1970,Ph.D, professor,Ph.D supervisor,is a senior member of China Computer Federation.His main research interests include software testing and software reliability.
    DU Jin-hu,born in 1998,postgraduate.His main research interests include smart contract security and fuzzing.
  • Supported by:
    National Key R & D Program of China(2018YFB1403400),Comprehensive Research on Equipment Items(LJ20212C011118),General Project of Basic Natural Science in Colleges and Universities of Jiangsu Province(21KJB520027),Key Project of University Education Information Research(2021JSETKT023) and Project of University-Industry Collaborative Education(202002180001).

PDF (PC)

1480

Abstract: Smart contracts running on the blockchain platform completethe establishment and automatic execution of a greements between different participants,and also manage a large number of digital assets.The frequent exposure of smart contract loopholes has caused incalculable economic losses.Fuzzing is an effective dynamic vulnerability detection technique that has been applied to smart contract security research.This paper analyzes the problem of insufficient summarization of smart contract fuzzing in existing review work,and proposes a basic framework for smart contract fuzzing.Taking Ethereum smart contracts as an example,which are currently the most widely studied in smart contract security,the account mechanism and transaction structure closely related to smart contracts are introduced,and the characteristics of smart contracts that are different from traditional programs are summarized.The vulnerabilities of smart contracts are expounded,and the vulnerabilities covered by these smart contract fuzzing techniques are compared.Furthermore,the input generation of the existing smart contract fuzzing technology is analyzed from the aspects of single transaction and transaction sequence.The input mutation is summarized from the functional level,transaction level and transaction sequence level.The use of test oracles for existing smart contract fuzzing techniques is briefly described.In addition,the corresponding technical evaluation indicators are also summarized.Finally,the problems faced by smart contract fuzzing are proposed,and the future research directions are prospected.

Key words: Ethereum smart contract, Fuzzing, Input generation, Input mutation, Test oracle

CLC Number: 

  • TP311
[1]NICK S.The Idea of Smart Contract[EB/OL].https://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/idea.html.
[2]NAKAMOTO S.Bitcoin:A peer-to-peer electronic cash system[EB/OL]. https://bitcoin.org/bitcoin.pdf.
[3]SUNYAEV A.Distributed ledger technology[M]//InternetComputing.Cham:Springer,2020:265-299.
[4]TAPSCOTT A,TAPSCOTT D.How blockchain is changing finance[J].Harvard Business Review,2017,1(9):2-5.
[5]MIN T,WANG H,GUO Y,et al.Blockchain games:A survey[C]//2019 IEEE Conference on Games(CoG).IEEE,2019:1-8.
[6]REYNA A,MARTÍN C,CHEN J,et al.On blockchain and its integration with IoT.Challenges and opportunities[J].Future Generation Computer Systems,2018,88:173-190.
[7]RAIKWAR M,MAZUMDAR S,RUJ S,et al.A blockchainframework for insurance processes[C]//2018 9th IFIP International Conference on New Technologies,Mobility and Security(NTMS).IEEE,2018:1-4.
[8]WOOD G.Ethereum:A secure decentralised generalised transa-ction ledger[J].Ethereum Project Yellow Paper,2014,151(2014):1-32.
[9]Etherscan.Total Ether Supply[EB/OL].https://cn.etherscan.com/stat/supply.
[10]CSDN.The reason for the Ethereum fork:the famous The DAO event [EB/OL].https://blog.csdn.net/mrRqAEr7ci9s2v0/article/details/84949088.
[11]Zhihu.Analysis of Parity MultiSig Wallet Freezing[EB/OL].https://zhuanlan.zhihu.com/p/31000130?from_voters_page=true.
[12]LI J,ZHAO B,ZHANG C.Fuzzing:a survey[J].Cybersecurity,2018,1(1):1-13.
[13]KAKSONEN R,LAAKSO M,TAKANEN A.Software security assessment through specification mutations and fault injection[M]//Communications and Multimedia Security Issues of the New Century.Boston:Springer,2001:173-183.
[14]SCHUMILO S,ASCHERMANN C,GAWLIK R,et al.kafl:Hardware-assisted feedback fuzzing for {OS} kernels[C]//26th {USENIX} Security Symposium({USENIX} Security 17).2017:167-182.
[15]ZHENG Y,DAVANIAN A,YIN H,et al.FIRM-AFL:high-throughput greybox fuzzing of iot firmware via augmented process emulation[C]//28th {USENIX} Security Symposium({USENIX} Security 19).2019:1099-1114.
[16]LIU B,ZHANG C,GONG G,et al.{FANS}:Fuzzing Android Native System Services via Automated Interface Analysis[C]//29th {USENIX} Security Symposium({USENIX} Security 20).2020:307-323.
[17]JIANG B,LIU Y,CHAN W K.Contractfuzzer:Fuzzing smart contracts for vulnerability detection[C]//2018 33rd IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2018:259-269.
[18]Consensys.Homepage of Consensys [EB/OL].https://www.consensys.net/.
[19]WÜSTHOLZ V,CHRISTAKIS M.Harvey:A greybox fuzzerfor smart contracts[C]//Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering.2020:1398-1409.
[20]Trail of Bits.Homepage of Trailofbits[EB/OL].https://www.trailofbits.com/.
[21]GRIECO G,SONG W,CYGAN A,et al.Echidna:effective,usable,and fast fuzzing for smart contracts[C]//Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis.2020:557-560.
[22]GROCE A,GRIECO G.echidna-parade:a tool for diverse multicore smart contract fuzzing[C]//Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis.2021:658-661.
[23]LIU C,LIU H,CAO Z,et al.Reguard:finding reentrancy bugs in smart contracts[C]//2018 IEEE/ACM 40th International Conference on Software Engineering:Companion(ICSE-Companion).IEEE,2018:65-68.
[24]HE J,BALUNOVIĆ M,AMBROLADZE N,et al.Learning tofuzz from symbolic execution with application to smart contracts[C]//Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security.2019:531-548.
[25]LIAO J W,TSAI T T,HE C K,et al.Soliaudit:smart contract vulnerability assessment based on machine learning and fuzz testing[C]//2019 Sixth International Conference on Internet of Things:Systems,Management and Security(IOTSMS).IEEE,2019:458-465.
[26]WANG H,LIU Y,LI Y,et al.Oracle-supported dynamic exploit generation for smart contracts[J].IEEE Transactions on Dependable and Secure Computing,2022,19(3):1795-1809.
[27]ZHANG Q,WANG Y,LI J,et al.Ethploit:From fuzzing to efficient exploit generation against smart contracts[C]//2020 IEEE 27th International Conference on Software Analysis,Evolution and Reengineering(SANER).IEEE,2020:116-126.
[28]NGUYEN T D,PHAM L H,SUN J,et al.sfuzz:An efficientadaptive fuzzer for solidity smart contracts[C]//Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering.2020:778-788.
[29]CHOI J,KIM D,KIM S,et al.SMARTIAN:Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses[C]//2021 36th IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2021:227-239.
[30]ZHOU T,LIU K,LI L,et al.SmartGift:Learning to Generate Practical Inputs for Testing Smart Contracts[C]//2021 IEEE International Conference on Software Maintenance and Evolution(ICSME).IEEE,2021:23-34.
[31]ALMAKHOUR M,SLIMAN L,SAMHAT A E,et al.Verification of smart contracts:A survey[J/OL].Pervasive and Mobile Computing,2020,67:101227.https://doi.org/10.1016/j.pmcj.2020.101227.
[32]TOLMACH P,LI Y,LIN S W,et al.A survey of smart contract formal specification and verification[J].ACM Computing Surveys(CSUR),2021,54(7):1-38.
[33]PRAITHEESHAN P,PAN L,YU J,et al.Security analysismethods on ethereum smart contract vulnerabilities:a survey[J].arXiv:1908.08605,2019.
[34]VUJIČIĆ D,JAGODIĆ D,RANDIĆ S.Blockchain technology,bitcoin,and Ethereum:A brief overview[C]//2018 17th International Symposium Infoteh-jahorina(Infoteh).IEEE,2018:1-6.
[35]Ethereum.Solidity[EB/OL].https://docs.soliditylang.org/en/v0.8.13/.
[36]Ben Edgington.LLL Complier Documentation[EB/OL].https://lll-docs.readthedocs.io/en/latest/lll_introduction.html.
[37]Ethereum.Serpent[EB/OL].https://github.com/ethereum/se-rpent.
[38]Vyperlang.Pythonic Smart Contract Language for the EVM[EB/OL].https://github.com/vyperlang/vyper.
[39]CornellBlockchain.Bamboo:a morphing smart contract language[EB/OL].https://github.com/cornellblockchain/bamboo.
[40]DASP.Decentralized Application Security Project(or DASP)Top 10 of 2018[EB/OL].https://www.dasp.co/#item-7.
[41]NccGroup.Homepage of NccGroup[EB/OL].https://www.nccgroup.com/.
[42]ATZEI N,BARTOLETTI M,CIMOLI T.A survey of attacks on ethereum smart contracts(sok)[C]//International Confe-rence on Principles of Security and Trust.Berlin:Springer,2017:164-186.
[43]CHEN J,XIA X,LO D,et al.Defining smart contract defects on ethereum[J].IEEE Transactions on Software Engineering,2022,48(1):327-345.
[44]ZALEWSKI M.American fuzzy lop[EB/OL].https://github.com/google/AFL.
[45]CHOI J,JANG J,HAN C,et al.Grey-box concolic testing on binary code[C]//2019 IEEE/ACM 41st International Conference on Software Engineering(ICSE).IEEE,2019:736-747.
[46]BARR E T,HARMAN M,MCMINN P,et al.The oracle problem in software testing:A survey[J].IEEE transactions on software engineering,2014,41(5):507-525.
[47]AMMANN P,OFFUTT J.Introduction to software testing[M].Cambridge:Cambridge University Press,2016.
[48]LUU L,CHU D H,OLICKEL H,et al.Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC Confe-rence on Computer and Communications Security.2016:254-269.
[49]MOSSBERG M,MANZANO F,HENNENFENT E,et al.Manticore:A user-friendly symbolic execution framework for binaries and smart contracts[C]//2019 34th IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2019:1186-1189.
[50]MUELLER B.Mythril-Security analysis tool for EVM bytecode[EB/OL].https://github.com/ConsenSys/mythril.
[51]TOLMACH P,LI Y,LIN S W,et al.A survey of smart contract formal specification and verification[J].ACM Computing Surveys(CSUR),2021,54(7):1-38.
[1] HU Zhi-hao, PAN Zu-lie. Testcase Filtering Method Based on QRNN for Network Protocol Fuzzing [J]. Computer Science, 2022, 49(5): 318-324.
[2] LI Yi-hao, HONG Zheng, LIN Pei-hong. Fuzzing Test Case Generation Method Based on Depth-first Search [J]. Computer Science, 2021, 48(12): 85-93.
[3] ZHANG Ya-feng, HONG Zheng, WU Li-fa, ZHOU Zhen-ji and SUN He. Protocol State Based Fuzzing Method for Industrial Control Protocols [J]. Computer Science, 2017, 44(5): 132-140.
[4] CHENG Cheng and ZHOU Yan-hui. Findding XSS Vulnerabilities Based on Fuzzing Test and Genetic Algorithm [J]. Computer Science, 2016, 43(Z6): 328-331.
[5] . Model Based Automatic Fuzzing Script Generation [J]. Computer Science, 2013, 40(3): 206-209.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.