A Dynamic Taint Analysis-Based Smart Contract Testing Approach

Hui Zhao; Xing Li; Keke Gai

doi:10.1007/978-3-031-28124-2_38

A Dynamic Taint Analysis-Based Smart Contract Testing Approach

Hui Zhao, Xing Li, Keke Gai^*

^*此作品的通讯作者

网络空间安全学院

Henan University

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

摘要

Due to the unique global state and transaction sequence characteristics of smart contracts, the detection method based on a single test case cannot improve the vulnerability detection rate during contract detection. The current contract testing methods based on genetic algorithms have not yet solved the problems caused by these characteristics. Therefore, we propose an adaptive fuzzing method based on dynamic taint analysis and genetic algorithm, SDTGfuzzer. SDTGfuzzer focuses on dynamic taint analysis to collect runtime information as feedback, and focuses on solving the challenges brought by global variables and transaction sequences for contract testing. Genetic Algorithms work well in test case generation for fuzzing. Therefore, SDTGfuzzer optimizes the genetic algorithm based on an efficient and lightweight multi-objective adaptive strategy, focusing on solving the problem that the contract constraints cannot be covered due to the global state. Experimental results show that our method has a higher vulnerability detection rate than other tools for detecting contract vulnerabilities.

源语言	英语
主期刊名	Smart Computing and Communication - 7th International Conference, SmartCom 2022, Proceedings
编辑	Meikang Qiu, Zhihui Lu, Cheng Zhang
出版商	Springer Science and Business Media Deutschland GmbH
页	403-413
页数	11
ISBN（印刷版）	9783031281235
DOI	https://doi.org/10.1007/978-3-031-28124-2_38
出版状态	已出版 - 2023
活动	7th International Conference on Smart Computing and Communication, SmartCom 2022 - New York, 美国期限: 18 11月 2022 → 20 11月 2022

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	13828 LNCS
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	7th International Conference on Smart Computing and Communication, SmartCom 2022
国家/地区	美国
市	New York
时期	18/11/22 → 20/11/22

访问文件

10.1007/978-3-031-28124-2_38

其它文件与链接

链接到 Scopus 的出版物

引用此

Zhao, H., Li, X., & Gai, K. (2023). A Dynamic Taint Analysis-Based Smart Contract Testing Approach. 在 M. Qiu, Z. Lu, & C. Zhang (编辑), Smart Computing and Communication - 7th International Conference, SmartCom 2022, Proceedings (页码 403-413). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 13828 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-28124-2_38

Zhao, Hui ; Li, Xing ; Gai, Keke. / A Dynamic Taint Analysis-Based Smart Contract Testing Approach. Smart Computing and Communication - 7th International Conference, SmartCom 2022, Proceedings. 编辑 / Meikang Qiu ; Zhihui Lu ; Cheng Zhang. Springer Science and Business Media Deutschland GmbH, 2023. 页码 403-413 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{db8fe0c482e6442fb2225bc7bad48d83,

title = "A Dynamic Taint Analysis-Based Smart Contract Testing Approach",

abstract = "Due to the unique global state and transaction sequence characteristics of smart contracts, the detection method based on a single test case cannot improve the vulnerability detection rate during contract detection. The current contract testing methods based on genetic algorithms have not yet solved the problems caused by these characteristics. Therefore, we propose an adaptive fuzzing method based on dynamic taint analysis and genetic algorithm, SDTGfuzzer. SDTGfuzzer focuses on dynamic taint analysis to collect runtime information as feedback, and focuses on solving the challenges brought by global variables and transaction sequences for contract testing. Genetic Algorithms work well in test case generation for fuzzing. Therefore, SDTGfuzzer optimizes the genetic algorithm based on an efficient and lightweight multi-objective adaptive strategy, focusing on solving the problem that the contract constraints cannot be covered due to the global state. Experimental results show that our method has a higher vulnerability detection rate than other tools for detecting contract vulnerabilities.",

keywords = "Fuzzing, Genetic Algorithms, Smart Contracts, Taint Analysis, Vulnerability Detection",

author = "Hui Zhao and Xing Li and Keke Gai",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 7th International Conference on Smart Computing and Communication, SmartCom 2022 ; Conference date: 18-11-2022 Through 20-11-2022",

year = "2023",

doi = "10.1007/978-3-031-28124-2_38",

language = "English",

isbn = "9783031281235",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "403--413",

editor = "Meikang Qiu and Zhihui Lu and Cheng Zhang",

booktitle = "Smart Computing and Communication - 7th International Conference, SmartCom 2022, Proceedings",

address = "Germany",

}

Zhao, H, Li, X & Gai, K 2023, A Dynamic Taint Analysis-Based Smart Contract Testing Approach. 在 M Qiu, Z Lu & C Zhang (编辑), Smart Computing and Communication - 7th International Conference, SmartCom 2022, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 13828 LNCS, Springer Science and Business Media Deutschland GmbH, 页码 403-413, 7th International Conference on Smart Computing and Communication, SmartCom 2022, New York, 美国, 18/11/22. https://doi.org/10.1007/978-3-031-28124-2_38

A Dynamic Taint Analysis-Based Smart Contract Testing Approach. / Zhao, Hui; Li, Xing; Gai, Keke.
Smart Computing and Communication - 7th International Conference, SmartCom 2022, Proceedings. 编辑 / Meikang Qiu; Zhihui Lu; Cheng Zhang. Springer Science and Business Media Deutschland GmbH, 2023. 页码 403-413 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 13828 LNCS).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - A Dynamic Taint Analysis-Based Smart Contract Testing Approach

AU - Zhao, Hui

AU - Li, Xing

AU - Gai, Keke

PY - 2023

Y1 - 2023

N2 - Due to the unique global state and transaction sequence characteristics of smart contracts, the detection method based on a single test case cannot improve the vulnerability detection rate during contract detection. The current contract testing methods based on genetic algorithms have not yet solved the problems caused by these characteristics. Therefore, we propose an adaptive fuzzing method based on dynamic taint analysis and genetic algorithm, SDTGfuzzer. SDTGfuzzer focuses on dynamic taint analysis to collect runtime information as feedback, and focuses on solving the challenges brought by global variables and transaction sequences for contract testing. Genetic Algorithms work well in test case generation for fuzzing. Therefore, SDTGfuzzer optimizes the genetic algorithm based on an efficient and lightweight multi-objective adaptive strategy, focusing on solving the problem that the contract constraints cannot be covered due to the global state. Experimental results show that our method has a higher vulnerability detection rate than other tools for detecting contract vulnerabilities.

AB - Due to the unique global state and transaction sequence characteristics of smart contracts, the detection method based on a single test case cannot improve the vulnerability detection rate during contract detection. The current contract testing methods based on genetic algorithms have not yet solved the problems caused by these characteristics. Therefore, we propose an adaptive fuzzing method based on dynamic taint analysis and genetic algorithm, SDTGfuzzer. SDTGfuzzer focuses on dynamic taint analysis to collect runtime information as feedback, and focuses on solving the challenges brought by global variables and transaction sequences for contract testing. Genetic Algorithms work well in test case generation for fuzzing. Therefore, SDTGfuzzer optimizes the genetic algorithm based on an efficient and lightweight multi-objective adaptive strategy, focusing on solving the problem that the contract constraints cannot be covered due to the global state. Experimental results show that our method has a higher vulnerability detection rate than other tools for detecting contract vulnerabilities.

KW - Fuzzing

KW - Genetic Algorithms

KW - Smart Contracts

KW - Taint Analysis

KW - Vulnerability Detection

UR - http://www.scopus.com/inward/record.url?scp=85152555584&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-28124-2_38

DO - 10.1007/978-3-031-28124-2_38

M3 - Conference contribution

AN - SCOPUS:85152555584

SN - 9783031281235

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 403

EP - 413

BT - Smart Computing and Communication - 7th International Conference, SmartCom 2022, Proceedings

A2 - Qiu, Meikang

A2 - Lu, Zhihui

A2 - Zhang, Cheng

PB - Springer Science and Business Media Deutschland GmbH

T2 - 7th International Conference on Smart Computing and Communication, SmartCom 2022

Y2 - 18 November 2022 through 20 November 2022

ER -

Zhao H, Li X, Gai K. A Dynamic Taint Analysis-Based Smart Contract Testing Approach. 在 Qiu M, Lu Z, Zhang C, 编辑, Smart Computing and Communication - 7th International Conference, SmartCom 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. 页码 403-413. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-28124-2_38

A Dynamic Taint Analysis-Based Smart Contract Testing Approach

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此