Abstract
Transaction-reverting statements are key constructs within Solidity that are extensively used for authority and validity checks. Current state-of-the-art search-based testing and fuzzing approaches do not explicitly handle these statements and therefore can not effectively detect security vulnerabilities. In this paper, we argue that it is critical to directly handle and test these statements to assess that they correctly protect the contracts against invalid requests. To this aim, we propose a new approach that improves the search guidance for these transaction-reverting statements based on interprocedural control dependency analysis, in addition to the traditional coverage criteria. We assess the benefits of our approach by performing an empirical study on 100 smart contracts w.r.t. transaction-reverting statement coverage and vulnerability detection capability. Our results show that the proposed approach can improve the performance of DynaMOSA, the state-of-the-art algorithm for test case generation. On average, we improve transaction-reverting statement coverage by 14 % (up to 35 %), line coverage by 8 % (up to 32 %), and vulnerability-detection capability by 17 % (up to 50 %).
Original language | English |
---|---|
Title of host publication | 2022 IEEE International Conference on Software Maintenance and Evolution (ICSME) |
Editors | Cristina Ceballos |
Place of Publication | Piscataway |
Publisher | IEEE |
Pages | 163-174 |
Number of pages | 12 |
ISBN (Electronic) | 978-1-6654-7956-1 |
ISBN (Print) | 978-1-6654-7957-8 |
DOIs | |
Publication status | Published - 2022 |
Event | 2022 IEEE International Conference on Software Maintenance and Evolution - Limassol, Cyprus Duration: 3 Oct 2022 → 7 Oct 2022 |
Conference
Conference | 2022 IEEE International Conference on Software Maintenance and Evolution |
---|---|
Abbreviated title | ICSME 2022 |
Country/Territory | Cyprus |
City | Limassol |
Period | 3/10/22 → 7/10/22 |
Bibliographical note
Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-careOtherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.
Keywords
- test case generation
- smart contracts
- search-based software engineering
- fuzzing