A Dynamic Taint Analysis-Based Smart Contract Testing Approach

Hui Zhao; Xing Li; Keke Gai

doi:10.1007/978-3-031-28124-2_38

A Dynamic Taint Analysis-Based Smart Contract Testing Approach

Hui Zhao, Xing Li, Keke Gai^*

^*Corresponding author for this work

School of Cyberspace Science and Technology

Henan University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Due to the unique global state and transaction sequence characteristics of smart contracts, the detection method based on a single test case cannot improve the vulnerability detection rate during contract detection. The current contract testing methods based on genetic algorithms have not yet solved the problems caused by these characteristics. Therefore, we propose an adaptive fuzzing method based on dynamic taint analysis and genetic algorithm, SDTGfuzzer. SDTGfuzzer focuses on dynamic taint analysis to collect runtime information as feedback, and focuses on solving the challenges brought by global variables and transaction sequences for contract testing. Genetic Algorithms work well in test case generation for fuzzing. Therefore, SDTGfuzzer optimizes the genetic algorithm based on an efficient and lightweight multi-objective adaptive strategy, focusing on solving the problem that the contract constraints cannot be covered due to the global state. Experimental results show that our method has a higher vulnerability detection rate than other tools for detecting contract vulnerabilities.

Original language	English
Title of host publication	Smart Computing and Communication - 7th International Conference, SmartCom 2022, Proceedings
Editors	Meikang Qiu, Zhihui Lu, Cheng Zhang
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	403-413
Number of pages	11
ISBN (Print)	9783031281235
DOIs	https://doi.org/10.1007/978-3-031-28124-2_38
Publication status	Published - 2023
Event	7th International Conference on Smart Computing and Communication, SmartCom 2022 - New York, United States Duration: 18 Nov 2022 → 20 Nov 2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13828 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	7th International Conference on Smart Computing and Communication, SmartCom 2022
Country/Territory	United States
City	New York
Period	18/11/22 → 20/11/22

Keywords

Fuzzing
Genetic Algorithms
Smart Contracts
Taint Analysis
Vulnerability Detection

Access to Document

10.1007/978-3-031-28124-2_38

Cite this

Zhao, H., Li, X., & Gai, K. (2023). A Dynamic Taint Analysis-Based Smart Contract Testing Approach. In M. Qiu, Z. Lu, & C. Zhang (Eds.), Smart Computing and Communication - 7th International Conference, SmartCom 2022, Proceedings (pp. 403-413). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13828 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-28124-2_38

Zhao, Hui ; Li, Xing ; Gai, Keke. / A Dynamic Taint Analysis-Based Smart Contract Testing Approach. Smart Computing and Communication - 7th International Conference, SmartCom 2022, Proceedings. editor / Meikang Qiu ; Zhihui Lu ; Cheng Zhang. Springer Science and Business Media Deutschland GmbH, 2023. pp. 403-413 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{db8fe0c482e6442fb2225bc7bad48d83,

title = "A Dynamic Taint Analysis-Based Smart Contract Testing Approach",

abstract = "Due to the unique global state and transaction sequence characteristics of smart contracts, the detection method based on a single test case cannot improve the vulnerability detection rate during contract detection. The current contract testing methods based on genetic algorithms have not yet solved the problems caused by these characteristics. Therefore, we propose an adaptive fuzzing method based on dynamic taint analysis and genetic algorithm, SDTGfuzzer. SDTGfuzzer focuses on dynamic taint analysis to collect runtime information as feedback, and focuses on solving the challenges brought by global variables and transaction sequences for contract testing. Genetic Algorithms work well in test case generation for fuzzing. Therefore, SDTGfuzzer optimizes the genetic algorithm based on an efficient and lightweight multi-objective adaptive strategy, focusing on solving the problem that the contract constraints cannot be covered due to the global state. Experimental results show that our method has a higher vulnerability detection rate than other tools for detecting contract vulnerabilities.",

keywords = "Fuzzing, Genetic Algorithms, Smart Contracts, Taint Analysis, Vulnerability Detection",

author = "Hui Zhao and Xing Li and Keke Gai",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 7th International Conference on Smart Computing and Communication, SmartCom 2022 ; Conference date: 18-11-2022 Through 20-11-2022",

year = "2023",

doi = "10.1007/978-3-031-28124-2_38",

language = "English",

isbn = "9783031281235",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "403--413",

editor = "Meikang Qiu and Zhihui Lu and Cheng Zhang",

booktitle = "Smart Computing and Communication - 7th International Conference, SmartCom 2022, Proceedings",

address = "Germany",

}

Zhao, H, Li, X & Gai, K 2023, A Dynamic Taint Analysis-Based Smart Contract Testing Approach. in M Qiu, Z Lu & C Zhang (eds), Smart Computing and Communication - 7th International Conference, SmartCom 2022, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13828 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 403-413, 7th International Conference on Smart Computing and Communication, SmartCom 2022, New York, United States, 18/11/22. https://doi.org/10.1007/978-3-031-28124-2_38

A Dynamic Taint Analysis-Based Smart Contract Testing Approach. / Zhao, Hui; Li, Xing; Gai, Keke.
Smart Computing and Communication - 7th International Conference, SmartCom 2022, Proceedings. ed. / Meikang Qiu; Zhihui Lu; Cheng Zhang. Springer Science and Business Media Deutschland GmbH, 2023. p. 403-413 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13828 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Dynamic Taint Analysis-Based Smart Contract Testing Approach

AU - Zhao, Hui

AU - Li, Xing

AU - Gai, Keke

PY - 2023

Y1 - 2023

N2 - Due to the unique global state and transaction sequence characteristics of smart contracts, the detection method based on a single test case cannot improve the vulnerability detection rate during contract detection. The current contract testing methods based on genetic algorithms have not yet solved the problems caused by these characteristics. Therefore, we propose an adaptive fuzzing method based on dynamic taint analysis and genetic algorithm, SDTGfuzzer. SDTGfuzzer focuses on dynamic taint analysis to collect runtime information as feedback, and focuses on solving the challenges brought by global variables and transaction sequences for contract testing. Genetic Algorithms work well in test case generation for fuzzing. Therefore, SDTGfuzzer optimizes the genetic algorithm based on an efficient and lightweight multi-objective adaptive strategy, focusing on solving the problem that the contract constraints cannot be covered due to the global state. Experimental results show that our method has a higher vulnerability detection rate than other tools for detecting contract vulnerabilities.

AB - Due to the unique global state and transaction sequence characteristics of smart contracts, the detection method based on a single test case cannot improve the vulnerability detection rate during contract detection. The current contract testing methods based on genetic algorithms have not yet solved the problems caused by these characteristics. Therefore, we propose an adaptive fuzzing method based on dynamic taint analysis and genetic algorithm, SDTGfuzzer. SDTGfuzzer focuses on dynamic taint analysis to collect runtime information as feedback, and focuses on solving the challenges brought by global variables and transaction sequences for contract testing. Genetic Algorithms work well in test case generation for fuzzing. Therefore, SDTGfuzzer optimizes the genetic algorithm based on an efficient and lightweight multi-objective adaptive strategy, focusing on solving the problem that the contract constraints cannot be covered due to the global state. Experimental results show that our method has a higher vulnerability detection rate than other tools for detecting contract vulnerabilities.

KW - Fuzzing

KW - Genetic Algorithms

KW - Smart Contracts

KW - Taint Analysis

KW - Vulnerability Detection

UR - http://www.scopus.com/inward/record.url?scp=85152555584&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-28124-2_38

DO - 10.1007/978-3-031-28124-2_38

M3 - Conference contribution

AN - SCOPUS:85152555584

SN - 9783031281235

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 403

EP - 413

BT - Smart Computing and Communication - 7th International Conference, SmartCom 2022, Proceedings

A2 - Qiu, Meikang

A2 - Lu, Zhihui

A2 - Zhang, Cheng

PB - Springer Science and Business Media Deutschland GmbH

T2 - 7th International Conference on Smart Computing and Communication, SmartCom 2022

Y2 - 18 November 2022 through 20 November 2022

ER -

Zhao H, Li X, Gai K. A Dynamic Taint Analysis-Based Smart Contract Testing Approach. In Qiu M, Lu Z, Zhang C, editors, Smart Computing and Communication - 7th International Conference, SmartCom 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. p. 403-413. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-28124-2_38

A Dynamic Taint Analysis-Based Smart Contract Testing Approach

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this