计算机工程与应用2024,Vol.60Issue(5):307-320,14.DOI:10.3778/j.issn.1002-8331.2211-0142
基于模糊测试的智能合约正确性检测
Correctness Detection of Smart Contract Based on Fuzzing
摘要
Abstract
The development of smart contracts is in its early stages.Different underlying programming languages and application platforms make the design of smart contracts lack specifications,which is prone to loopholes and losses.For the security vulnerability of smart contracts on Ethereum,it proposes a method for correctness detection of smart con-tracts based on fuzzing.This method generates fuzzy inputs based on the content and specifications of the smart contract,executes the smart contract in Ethereum virtual machine according to the fuzzy inputs,monitors the behavior of the con-tract in the execution process,generates multiple log files,extracts key information from the log files,triggers the test cases to get the vulnerabilities contained in the smart contract,and achieves the correctness detection.During the experiment,it detects 416 smart contracts for seven common vulnerability types and identifies 19 smart contracts as vulnerabilities.According to the analysis of artificial auditing,18 of the 19 marked incorrect contracts do have security vulnerabilities.The experimental results show that the proposes method can identify the vulnerabilities contained in the smart contract with high accuracy,to detect the correctness of the smart contract.关键词
智能合约/漏洞检测/模糊测试/正确性检测/以太坊Key words
smart contract/vulnerability detection/fuzzing/correctness detection/Ethereum分类
信息技术与安全科学引用本文复制引用
王嘉诚,蒋佳佳,赵佳豪,张玉书,王良民..基于模糊测试的智能合约正确性检测[J].计算机工程与应用,2024,60(5):307-320,14.基金项目
国家重点研发计划基金(2020YFB1005500) (2020YFB1005500)
南京航空航天大学研究生创新训练项目(xcxjh20221616). (xcxjh20221616)
