Abstract
Due to the unique global state and transaction sequence characteristics of smart contracts, the detection method based on a single test case cannot improve the vulnerability detection rate during contract detection. The current contract testing methods based on genetic algorithms have not yet solved the problems caused by these characteristics. Therefore, we propose an adaptive fuzzing method based on dynamic taint analysis and genetic algorithm, SDTGfuzzer. SDTGfuzzer focuses on dynamic taint analysis to collect runtime information as feedback, and focuses on solving the challenges brought by global variables and transaction sequences for contract testing. Genetic Algorithms work well in test case generation for fuzzing. Therefore, SDTGfuzzer optimizes the genetic algorithm based on an efficient and lightweight multi-objective adaptive strategy, focusing on solving the problem that the contract constraints cannot be covered due to the global state. Experimental results show that our method has a higher vulnerability detection rate than other tools for detecting contract vulnerabilities.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Gai, K., Zhang, Y., et al.: Blockchain-enabled service optimizations in supply chain digital twin. IEEE TSC (2022)
He, J., Balunović, M., et al.: Learning to fuzz from symbolic execution with application to smart contracts. In: ACM CCS, pp. 531–548 (2019)
Hu, F., Lakdawala, S., et al.: Low-power, intelligent sensor hardware interface for medical data preprocessing. IEEE TITB 13(4), 656–663 (2009)
Jiang, B., Liu, Y., Chan, W.: Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In: 33rd IEEE/ACM International Conference ASE, pp. 259–269 (2018)
Krupp, J., Rossow, C.: \(\{\)teEther\(\}\): Gnawing at ethereum to automatically exploit smart contracts. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 1317–1333 (2018)
Li, Y., Gai, K., et al.: Intercrossed access controls for secure financial services on multimedia big data in cloud systems. ACM TMCCA (2016)
Li, Y., Song, Y., et al.: Intelligent fault diagnosis by fusing domain adversarial training and maximum mean discrepancy via ensemble learning. IEEE TII 17(4), 2833–2841 (2020)
Liu, C., Liu, H., et al.: Reguard: finding reentrancy bugs in smart contracts. In: 2IEEE/ACM 40th International Conference ICSE-Companion, pp. 65–68 (2018)
Mueller, B.: A framework for bug hunting on the Ethereum blockchain (2017)
Nguyen, T.D., Pham, L.H., Sun, J.: SGUARD: towards fixing vulnerable smart contracts automatically. In: IEEE Symposium on Security and Privacy (SP), pp. 1215–1229 (2021)
Nguyen, T.D., Pham, L.H., Sun, J., Lin, Y., Minh, Q.T.: sFuzz: an efficient adaptive Fuzzer for solidity smart contracts. In: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, pp. 778–788 (2020)
Qiu, H., Zheng, Q., et al.: Topological graph convolutional network-based urban traffic flow and density prediction. IEEE TITS 22(7), 4560–4569 (2020)
Qiu, M., Chen, Z., et al.: Energy-aware data allocation with hybrid memory for mobile cloud systems. IEEE Syst. J. 11(2), 813–822 (2014)
Qiu, M., Jia, Z., et al.: Voltage assignment with guaranteed probability satisfying timing constraint for real-time multiproceesor DSP. J. Signal Proc. Syst. 46, 55–73 (2007)
Qiu, M., Qiu, H., et al.: Secure data sharing through untrusted clouds with blockchain-enabled key management. In: 3rd SmartBlock Conference, pp. 11–16 (2020)
Qiu, M., Yang, L., et al.: Dynamic and leakage energy minimization with soft real-time loop scheduling and voltage assignment. IEEE TVLSI 18(3), 501–504 (2009)
Rodler, M., Li, W., Karame, G.O., Davi, L.: Sereum: Protecting existing smart contracts against re-entrancy attacks. arXiv preprint: arXiv:1812.05934 (2018)
Torres, C.F., Schütte, J., State, R.: Osiris: hunting for integer bugs in Ethereum smart contracts. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 664–676 (2018)
Wüstholz, V., Christakis, M.: Harvey: A Greybox Fuzzer for smart contracts. In: 28th ACM European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1398–1409 (2020)
Zhang, P., Yu, J., Ji, S.: ADF-GA: data flow criterion based test case generation for Ethereum smart contracts. In: Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops, pp. 754–761 (2020)
Zhang, Q., Wang, Y., et al.: ETHPLOIT: from fuzzing to efficient exploit generation against smart contracts. In: IEEE 27th Int’l Conf. on Software Analysis, Evolution and Reengineering (SANER), pp. 116–126 (2020)
Acknowledgement
Natural Science Foundation of Shandong Province (Grant No. ZR2020ZD01).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Zhao, H., Li, X., Gai, K. (2023). A Dynamic Taint Analysis-Based Smart Contract Testing Approach. In: Qiu, M., Lu, Z., Zhang, C. (eds) Smart Computing and Communication. SmartCom 2022. Lecture Notes in Computer Science, vol 13828. Springer, Cham. https://doi.org/10.1007/978-3-031-28124-2_38
Download citation
DOI: https://doi.org/10.1007/978-3-031-28124-2_38
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-28123-5
Online ISBN: 978-3-031-28124-2
eBook Packages: Computer ScienceComputer Science (R0)