CrossFuzz: Cross-contract fuzzing for smart contract vulnerability detection

IF 1.5 4区 计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING Science of Computer Programming Pub Date : 2024-01-04 DOI:10.1016/j.scico.2023.103076
Huiwen Yang , Xiguo Gu , Xiang Chen , Liwei Zheng , Zhanqi Cui
{"title":"CrossFuzz: Cross-contract fuzzing for smart contract vulnerability detection","authors":"Huiwen Yang ,&nbsp;Xiguo Gu ,&nbsp;Xiang Chen ,&nbsp;Liwei Zheng ,&nbsp;Zhanqi Cui","doi":"10.1016/j.scico.2023.103076","DOIUrl":null,"url":null,"abstract":"<div><h3>Context:</h3><p>Smart contracts are computer programs that run on a blockchain. As the functions implemented by smart contracts become increasingly complex, the number of cross-contract interactions within them also rises. Consequently, the combinatorial explosion of transaction sequences poses a significant challenge for smart contract security vulnerability detection. Existing static analysis-based methods for detecting cross-contract vulnerabilities suffer from high false-positive rates and cannot generate test cases, while fuzz testing-based methods exhibit low code coverage and may not accurately detect security vulnerabilities.</p></div><div><h3>Objective:</h3><p>The goal of this paper is to address the above limitations and efficiently detect cross-contract vulnerabilities. To achieve this goal, we present CrossFuzz, a fuzz testing-based method for detecting cross-contract vulnerabilities.</p></div><div><h3>Method:</h3><p>First, CrossFuzz generates parameters of constructors by tracing data propagation paths. Then, it collects inter-contract data flow information. Finally, CrossFuzz optimizes mutation strategies for transaction sequences based on inter-contract data flow information to improve the performance of fuzz testing.</p></div><div><h3>Results:</h3><p>We implemented CrossFuzz, which is an extension of ConFuzzius, and conducted experiments on a real-world dataset containing 396 smart contracts. The results show that CrossFuzz outperforms xFuzz, a fuzz testing-based tool optimized for cross-contract vulnerability detection, with a 10.58% increase in bytecode coverage. Furthermore, CrossFuzz detects 1.82 times more security vulnerabilities than ConFuzzius.</p></div><div><h3>Conclusion:</h3><p>Our method utilizes data flow information to optimize mutation strategies. It significantly improves the efficiency of fuzz testing for detecting cross-contract vulnerabilities.</p></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"234 ","pages":"Article 103076"},"PeriodicalIF":1.5000,"publicationDate":"2024-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167642323001582/pdfft?md5=7fef51df3438fb9723e7404479376a1f&pid=1-s2.0-S0167642323001582-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Science of Computer Programming","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167642323001582","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0

Abstract

Context:

Smart contracts are computer programs that run on a blockchain. As the functions implemented by smart contracts become increasingly complex, the number of cross-contract interactions within them also rises. Consequently, the combinatorial explosion of transaction sequences poses a significant challenge for smart contract security vulnerability detection. Existing static analysis-based methods for detecting cross-contract vulnerabilities suffer from high false-positive rates and cannot generate test cases, while fuzz testing-based methods exhibit low code coverage and may not accurately detect security vulnerabilities.

Objective:

The goal of this paper is to address the above limitations and efficiently detect cross-contract vulnerabilities. To achieve this goal, we present CrossFuzz, a fuzz testing-based method for detecting cross-contract vulnerabilities.

Method:

First, CrossFuzz generates parameters of constructors by tracing data propagation paths. Then, it collects inter-contract data flow information. Finally, CrossFuzz optimizes mutation strategies for transaction sequences based on inter-contract data flow information to improve the performance of fuzz testing.

Results:

We implemented CrossFuzz, which is an extension of ConFuzzius, and conducted experiments on a real-world dataset containing 396 smart contracts. The results show that CrossFuzz outperforms xFuzz, a fuzz testing-based tool optimized for cross-contract vulnerability detection, with a 10.58% increase in bytecode coverage. Furthermore, CrossFuzz detects 1.82 times more security vulnerabilities than ConFuzzius.

Conclusion:

Our method utilizes data flow information to optimize mutation strategies. It significantly improves the efficiency of fuzz testing for detecting cross-contract vulnerabilities.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
CrossFuzz:跨合约模糊检测智能合约漏洞
背景:智能合约是在区块链上运行的计算机程序。随着智能合约实现的功能越来越复杂,其中的跨合约交互数量也在增加。因此,交易序列的组合爆炸给智能合约安全漏洞检测带来了巨大挑战。现有的基于静态分析的跨合约漏洞检测方法存在误报率高、无法生成测试用例等问题,而基于模糊测试的方法代码覆盖率低,可能无法准确检测出安全漏洞。方法:首先,CrossFuzz通过跟踪数据传播路径生成构造函数的参数。然后,它收集合约间数据流信息。最后,CrossFuzz根据合约间数据流信息优化交易序列的突变策略,以提高模糊测试的性能。结果:我们实现了CrossFuzz,它是ConFuzzius的扩展,并在包含396个智能合约的真实世界数据集上进行了实验。结果表明,CrossFuzz的表现优于xFuzz,后者是一款基于模糊测试的工具,专为跨合约漏洞检测而优化,字节码覆盖率提高了10.58%。结论:我们的方法利用数据流信息来优化突变策略。结论:我们的方法利用数据流信息优化突变策略,大大提高了模糊测试检测跨合约漏洞的效率。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Science of Computer Programming
Science of Computer Programming 工程技术-计算机:软件工程
CiteScore
3.80
自引率
0.00%
发文量
76
审稿时长
67 days
期刊介绍: Science of Computer Programming is dedicated to the distribution of research results in the areas of software systems development, use and maintenance, including the software aspects of hardware design. The journal has a wide scope ranging from the many facets of methodological foundations to the details of technical issues andthe aspects of industrial practice. The subjects of interest to SCP cover the entire spectrum of methods for the entire life cycle of software systems, including • Requirements, specification, design, validation, verification, coding, testing, maintenance, metrics and renovation of software; • Design, implementation and evaluation of programming languages; • Programming environments, development tools, visualisation and animation; • Management of the development process; • Human factors in software, software for social interaction, software for social computing; • Cyber physical systems, and software for the interaction between the physical and the machine; • Software aspects of infrastructure services, system administration, and network management.
期刊最新文献
Editorial Board Analysis and formal specification of OpenJDK's BitSet: Proof files Parametric ontologies in formal software engineering CAN-Verify: Automated analysis for BDI agents Efficient interaction-based offline runtime verification of distributed systems with lifeline removal
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1