当前位置: X-MOL 学术J. Netw. Comput. Appl. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
DFier: A directed vulnerability verifier for Ethereum smart contracts
Journal of Network and Computer Applications ( IF 7.7 ) Pub Date : 2024-07-30 , DOI: 10.1016/j.jnca.2024.103984
Zeli Wang , Weiqi Dai , Ming Li , Kim-Kwang Raymond Choo , Deqing Zou

Smart contracts are self-executing digital agreements that automatically enforce the terms between parties, playing a crucial role in blockchain systems. However, due to the potential losses of digital assets caused by vulnerabilities, the security issues of Ethereum smart contracts have garnered widespread attention. To address this, researchers have developed various techniques to detect vulnerabilities in smart contracts, with fuzzing techniques achieving promising results. Nonetheless, current fuzzers are unable to effectively exercise suspicious targets because they overlook two key factors: comprehensively exploring all paths to the targets and providing high-quality directed seed inputs. This paper presents a irected vulnerability veri (DFier), which elaborates effective transaction sequences with directed inputs for the fuzzer. This focuses on exploring target paths and automatically validating whether the specified locations are vulnerable. Specifically, DFier employs static analysis to help locate target paths, facilitating their comprehensive exploration. Additionally, we devise three heuristic strategies to enable our fuzzing technique to generate directed inputs that effectively validate the targets. Extensive experiments demonstrate that DFier is effective in verifying contract security, compared with three existing contract fuzzers (i.e., contractFuzzer, sFuzz, and conFuzzius), while the performance losses are in an acceptable range.

中文翻译:


DFier:以太坊智能合约的定向漏洞验证器



智能合约是自动执行的数字协议,可以自动执行各方之间的条款,在区块链系统中发挥着至关重要的作用。然而,由于漏洞可能导致数字资产损失,以太坊智能合约的安全问题受到广泛关注。为了解决这个问题,研究人员开发了各种技术来检测智能合约中的漏洞,其中模糊测试技术取得了可喜的结果。尽管如此,当前的模糊器无法有效地执行可疑目标,因为它们忽略了两个关键因素:全面探索到达目标的所有路径和提供高质量的定向种子输入。本文提出了一种定向漏洞验证(DFier),它为模糊器详细阐述了具有定向输入的有效交易序列。这重点是探索目标路径并自动验证指定位置是否容易受到攻击。具体来说,DFier通过静态分析来帮助定位目标路径,促进其综合探索。此外,我们设计了三种启发式策略,使我们的模糊技术能够生成有效验证目标的定向输入。大量实验表明,与现有的三种合约模糊器(即contractFuzzer、sFuzz和conFuzzius)相比,DFier在验证合约安全性方面是有效的,同时性能损失在可接受的范围内。
更新日期:2024-07-30
down
wechat
bug