Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Design and Implementation of Deep Learning Real-Time Streaming Video Data Processing System Read chapter Read first chapter

2023 | OriginalPaper | Chapter

A Dynamic Taint Analysis-Based Smart Contract Testing Approach

Authors : Hui Zhao, Xing Li, Keke Gai

Published in: Smart Computing and Communication

Publisher: Springer Nature Switzerland

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Due to the unique global state and transaction sequence characteristics of smart contracts, the detection method based on a single test case cannot improve the vulnerability detection rate during contract detection. The current contract testing methods based on genetic algorithms have not yet solved the problems caused by these characteristics. Therefore, we propose an adaptive fuzzing method based on dynamic taint analysis and genetic algorithm, SDTGfuzzer. SDTGfuzzer focuses on dynamic taint analysis to collect runtime information as feedback, and focuses on solving the challenges brought by global variables and transaction sequences for contract testing. Genetic Algorithms work well in test case generation for fuzzing. Therefore, SDTGfuzzer optimizes the genetic algorithm based on an efficient and lightweight multi-objective adaptive strategy, focusing on solving the problem that the contract constraints cannot be covered due to the global state. Experimental results show that our method has a higher vulnerability detection rate than other tools for detecting contract vulnerabilities.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter A Critical-Path-Based Vulnerability Detection Method for tx.origin Dependency of Smart Contract
next chapter Construction Practice of Cloud Billing Message Based on Stream Native
Literature
1.
Gai, K., Zhang, Y., et al.: Blockchain-enabled service optimizations in supply chain digital twin. IEEE TSC (2022)
2.
He, J., Balunović, M., et al.: Learning to fuzz from symbolic execution with application to smart contracts. In: ACM CCS, pp. 531–548 (2019)
3.
Hu, F., Lakdawala, S., et al.: Low-power, intelligent sensor hardware interface for medical data preprocessing. IEEE TITB 13(4), 656–663 (2009)
4.
Jiang, B., Liu, Y., Chan, W.: Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In: 33rd IEEE/ACM International Conference ASE, pp. 259–269 (2018)
5.
Krupp, J., Rossow, C.: \(\{\)teEther\(\}\): Gnawing at ethereum to automatically exploit smart contracts. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 1317–1333 (2018)
6.
Li, Y., Gai, K., et al.: Intercrossed access controls for secure financial services on multimedia big data in cloud systems. ACM TMCCA (2016)
7.
Li, Y., Song, Y., et al.: Intelligent fault diagnosis by fusing domain adversarial training and maximum mean discrepancy via ensemble learning. IEEE TII 17(4), 2833–2841 (2020)
8.
Liu, C., Liu, H., et al.: Reguard: finding reentrancy bugs in smart contracts. In: 2IEEE/ACM 40th International Conference ICSE-Companion, pp. 65–68 (2018)
9.
Mueller, B.: A framework for bug hunting on the Ethereum blockchain (2017)
10.
Nguyen, T.D., Pham, L.H., Sun, J.: SGUARD: towards fixing vulnerable smart contracts automatically. In: IEEE Symposium on Security and Privacy (SP), pp. 1215–1229 (2021)
11.
Nguyen, T.D., Pham, L.H., Sun, J., Lin, Y., Minh, Q.T.: sFuzz: an efficient adaptive Fuzzer for solidity smart contracts. In: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, pp. 778–788 (2020)
12.
Qiu, H., Zheng, Q., et al.: Topological graph convolutional network-based urban traffic flow and density prediction. IEEE TITS 22(7), 4560–4569 (2020)
13.
Qiu, M., Chen, Z., et al.: Energy-aware data allocation with hybrid memory for mobile cloud systems. IEEE Syst. J. 11(2), 813–822 (2014)CrossRef
14.
Qiu, M., Jia, Z., et al.: Voltage assignment with guaranteed probability satisfying timing constraint for real-time multiproceesor DSP. J. Signal Proc. Syst. 46, 55–73 (2007)
15.
Qiu, M., Qiu, H., et al.: Secure data sharing through untrusted clouds with blockchain-enabled key management. In: 3rd SmartBlock Conference, pp. 11–16 (2020)
16.
Qiu, M., Yang, L., et al.: Dynamic and leakage energy minimization with soft real-time loop scheduling and voltage assignment. IEEE TVLSI 18(3), 501–504 (2009)
17.
Rodler, M., Li, W., Karame, G.O., Davi, L.: Sereum: Protecting existing smart contracts against re-entrancy attacks. arXiv preprint: arXiv:​1812.​05934 (2018)
18.
Torres, C.F., Schütte, J., State, R.: Osiris: hunting for integer bugs in Ethereum smart contracts. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 664–676 (2018)
19.
Wüstholz, V., Christakis, M.: Harvey: A Greybox Fuzzer for smart contracts. In: 28th ACM European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1398–1409 (2020)
20.
Zhang, P., Yu, J., Ji, S.: ADF-GA: data flow criterion based test case generation for Ethereum smart contracts. In: Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops, pp. 754–761 (2020)
21.
Zhang, Q., Wang, Y., et al.: ETHPLOIT: from fuzzing to efficient exploit generation against smart contracts. In: IEEE 27th Int’l Conf. on Software Analysis, Evolution and Reengineering (SANER), pp. 116–126 (2020)
Metadata
Title
A Dynamic Taint Analysis-Based Smart Contract Testing Approach
Authors
Hui Zhao
Xing Li
Keke Gai
Copyright Year
2023
Book
Smart Computing and Communication

Print ISBN: 978-3-031-28123-5

Electronic ISBN: 978-3-031-28124-2

Copyright Year: 2023

DOI
https://doi.org/10.1007/978-3-031-28124-2_38

Premium Partner

    Image Credits