基于蜕变测试的区块链智能合约漏洞检测方法

doi:10.11959/j.issn.1000-436x.2023190

通信学报 ›› 2023, Vol. 44 ›› Issue (10): 164-176.doi: 10.11959/j.issn.1000-436x.2023190

• 学术论文 • 上一篇

基于蜕变测试的区块链智能合约漏洞检测方法

陈锦富¹^,², 王震鑫¹^,², 蔡赛华¹^,², 冯乔伟¹^,², 陈宇豪¹^,², 许容天¹^,², Patrick Kwaku Kudjo³

¹ 江苏大学计算机科学与通信工程学院，江苏镇江 212013
² 江苏省工业网络安全技术重点实验室，江苏镇江 212013
³ 威斯康星国际大学学院商业计算系，阿克拉 RE 00233

修回日期:2023-09-05 出版日期:2023-10-01 发布日期:2023-10-01
作者简介:陈锦富（1978− ），男，江西赣州人，博士，江苏大学教授、博士生导师，主要研究方向为软件测试、软件安全和可信软件
王震鑫（1997− ），男，河南南阳人，江苏大学硕士生，主要研究方向为区块链系统安全、漏洞检测等
蔡赛华（1990− ），男，江苏南通人，博士，江苏大学讲师、硕士生导师，主要研究方向为恶意流量检测、异常数据检测、软件安全测试
冯乔伟（1998− ），男，江苏扬州人，江苏大学硕士生，主要研究方向为区块链漏洞检测、软件安全测试
作者陈宇豪（1999− ），男，江苏无锡人，江苏大学硕士生，主要研究方向为区块链漏洞检测、软件安全测试。简介
许容天（1997− ），男，江苏无锡人，江苏大学硕士生，主要研究方向为区块链漏洞检测、软件安全测试
Patrick Kwaku Kudjo（1981− ），男，博士，威斯康星国际大学学院副教授，主要研究方向为软件安全、漏洞分析和预测、智能软件安全和网络安全等
基金资助:
国家重点研发计划基金资助项目(2020YFB1005501);国家自然科学基金资助项目(62172194);国家自然科学基金资助项目(62202206);国家自然科学基金资助项目(U1836116);江苏省自然科学基金资助项目(BK20220515);江苏省自然科学基金资助项目(BK20202001);中国博士后科学基金资助项目(2023T160275);江苏省青蓝工程基金资助项目

Vulnerability detection method for blockchain smart contracts based on metamorphic testing

Jinfu CHEN¹^,², Zhenxin WANG¹^,², Saihua CAI¹^,², Qiaowei FENG¹^,², Yuhao CHEN¹^,², Rongtian XU¹^,², KwakuKudjo Patrick³

¹ School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang 212013, China
² Jiangsu Key Laboratory of Security Technology for Industrial Cyberspace, Jiangsu University, Zhenjiang 212013, China
³ Department of Business Computing, Wisconsin International University College, Accra RE 00233, Ghana

Revised:2023-09-05 Online:2023-10-01 Published:2023-10-01
Supported by:
The National Key Research and Development Program of China(2020YFB1005501);The National Natural Science Foundation of China(62172194);The National Natural Science Foundation of China(62202206);The National Natural Science Foundation of China(U1836116);The Natural Science Foundation of Jiangsu Province(BK20220515);The Natural Science Foundation of Jiangsu Province(BK20202001);The China Postdoctoral Science Foundation(2023T160275);The Qinglan Project of Jiangsu Province

摘要/Abstract

摘要：

针对现有测试方法的缺陷，提出了一种基于蜕变测试的区块链智能合约漏洞检测方法，其能针对区块链智能合约中具体的功能生成针对性的测试用例，从而检测区块链智能合约中存在的漏洞。针对可能出现的安全漏洞，设计了不同的蜕变关系并进行蜕变测试。通过验证源测试用例和后续测试用例之间是否满足蜕变关系，判断智能合约是否存在相关的安全漏洞。实验结果表明，所提方法可以有效地检测出智能合约中存在的安全漏洞。

关键词: 软件测试, 区块链, 智能合约, 安全漏洞, 蜕变测试

Abstract:

Aimed at the defects of existing test methods, a vulnerability detection method for blockchain smart contracts based on metamorphic testing was proposed, which could generate test cases for specific functions in blockchain smart contracts to detect possible vulnerabilities.According to the possible security vulnerabilities, different metamorphosis relationships were designed and then metamorphic testing was performed.Through verifying whether the metamorphic relationship between the source test case and the subsequent test case was satisfied, whether the smart contract had related security vulnerabilities was judged.The experimental results show that the proposed method can effectively detect the security vulnerabilities in the smart contracts.

Key words: software testing, blockchain, smart contract, security vulnerability, metamorphic testing

中图分类号:

TP311

陈锦富, 王震鑫, 蔡赛华, 冯乔伟, 陈宇豪, 许容天, Patrick Kwaku Kudjo. 基于蜕变测试的区块链智能合约漏洞检测方法[J]. 通信学报, 2023, 44(10): 164-176.

Jinfu CHEN, Zhenxin WANG, Saihua CAI, Qiaowei FENG, Yuhao CHEN, Rongtian XU, KwakuKudjo Patrick. Vulnerability detection method for blockchain smart contracts based on metamorphic testing[J]. Journal on Communications, 2023, 44(10): 164-176.

图/表 21

表1

图1

图2

图3

图4

图5

表2

表3

图6

表4

表5

图7

图8

表6

表7

表8

蜕变测试实验中待选的蜕变关系"

蜕变关系编号	蜕变关系形式化公式
MR₁	$\begin{array}{l} {(r, [p], r f) \| (r (x_{1}, x_{2}) = (x_{2} = 2 x_{1}) \overset{p (x_{i}) = [p] (x_{i})}{\to} \\ (r f (P (x_{1}), P (x_{2}) = (P (x_{1}) = = 0 & & P (x_{2}) > 0))))} \end{array}$
MR₂	$\begin{array}{l} {(r, [p], r f) \| (r (x_{1}, x_{2}) = (x_{2} = x_{1} + 2^{8 n}) \overset{p (x_{i}) = [p] (x_{i})}{\to} \\ (r f (P (x_{1}), P (x_{2}) = (P (x_{1}) < P (x_{2})))))} \end{array}$
MR₃	$\begin{array}{l} {(r, [p], r f) \| (r (x_{1}, x_{2}) = (x_{2} = x_{1} + 2^{8 n}) \overset{p (x_{i}) = [p] (x_{i})}{\to} \\ (r f (P (x_{1}), P (x_{2}) = (P (x_{1}) > P (x_{2})))))} \end{array}$
MR₄	$\begin{array}{l} {(r, [p], r f) \| (r (x_{1}, x_{2}) = (x_{2} = x_{1} + 1) \overset{p (x_{i}) = [p] (x_{i})}{\to} \\ (r f (P (x_{1}), P (x_{2}) = (P (x_{1}) > P (x_{2})))))} \end{array}$
MR₅	$\begin{array}{l} {(r, [p], r f) \| (r (x_{1}, x_{2}) = (x_{2} = x_{1} - 1) \overset{p (x_{i}) = [p] (x_{i})}{\to} \\ (r f (P (x_{1}), P (x_{2}) = (P (x_{1}) = = P (x_{2})))))} \end{array}$
MR₆	$\begin{array}{l} {(r, [p], r f) \| (r (x_{1}, x_{2}) = (x_{2} = x_{1}) \overset{p (x_{i}) = [p] (x_{i})}{\to} \\ (r f (P (x_{1}), P (x_{2}) = (P (x_{1}) = = P (x_{2})))))} \end{array}$

表8

图9

表9

表10

表11

图10

参考文献 28

[1]	CLACK C D , BAKSHI V A , BRAINE L . Smart contract templates:foundations,design landscape and research directions[J]. arXiv Preprint,arXiv:1608.00771, 2016.
[2]	GRISHCHENKO I , MAFFEI M , SCHNEIDEWIND C . A semantic framework for the security analysis of ethereum smart contracts[C]// International Conference on Principles of Security and Trust. Cham:Springer, 2018: 243-269.
[3]	ATZEI N , BARTOLETTI M , CIMOLI T . A survey of attacks on ethereum smart contracts SoK[C]// Proceedings of the 6th International Conference on Principles of Security and Trust. New York:ACM Press, 2017: 164-186.
[4]	邵奇峰, 金澈清, 张召 ,等. 区块链技术:架构及进展[J]. 计算机学报, 2018,41(5): 969-988.
	SHAO Q F , JIN C Q , ZHANG Z ,et al. Blockchain:architecture and research progress[J]. Chinese Journal of Computers, 2018,41(5): 969-988.
[5]	CECCHETTI E , YAO S Q , NI H B ,et al. Compositional security for reentrant applications[C]// Proceedings of 2021 IEEE Symposium on Security and Privacy (SP). Piscataway:IEEE Press, 2021: 1249-1267.
[6]	ALBERT E , CORREAS J , GORDILLO P ,et al. GASOL:gas analysis and optimization for Ethereum smart contracts[C]// International Conference on Tools and Algorithms for the Construction and Analysis of Systems. Cham:Springer, 2020: 118-125.
[7]	ZHANG Y Y , MA S Q , LI J R ,et al. SMARTSHIELD:automatic smart contract protection made easy[C]// Proceedings of 2020 IEEE 27th International Conference on Software Analysis,Evolution and Reengineering (SANER). Piscataway:IEEE Press, 2020: 23-34.
[8]	RODLER M , LI W T , KARAME G O ,et al. Sereum:protecting existing smart contracts against re-entrancy attacks[C]// Proceedings of 2019 Network and Distributed System Security Symposium. Reston:Internet Society, 2019: 24-27.
[9]	倪远东, 张超, 殷婷婷 . 智能合约安全漏洞研究综述[J]. 信息安全学报, 2020,5(3): 78-99.
	NI Y D , ZHANG C , YIN T T . A survey of smart contract vulnerability research[J]. Journal of Cyber Security, 2020,5(3): 78-99.
[10]	KALRA S , GOEL S , DHAWAN M ,et al. ZEUS:analyzing safety of smart contracts[C]// Proceedings of 2018 Network and Distributed System Security Symposium. Reston:Internet Society, 2018: 1-15.
[11]	GROCE A , FEIST J , GRIECO G ,et al. What are the actual flaws in important smart contracts (and how can we find them)?[C]// International Conference on Financial Cryptography and Data Security. Cham:Springer, 2020: 634-653.
[12]	杨慧文, 崔展齐, 陈翔 ,等. 基于软件度量的Solidity智能合约缺陷预测方法[J]. 软件学报, 2022,33(5): 1587-1611.
	YANG H W , CUI Z Q , CHEN X ,et al. Defect prediction for solidity smart contracts based on software measurement[J]. Journal of Software, 2022,33(5): 1587-1611.
[13]	钱鹏, 刘振广, 何钦铭 ,等. 智能合约安全漏洞检测技术研究综述[J]. 软件学报, 2021,33(8): 3059-3085.
	QIAN P , LIU Z G , HE Q M ,et al. Smart contract vulnerability detection technique:a survey[J]. Journal of Software, 2021,33(8): 3059-3085.
[14]	TIKHOMIROV S , VOSKRESENSKAYA E , IVANITSKIY I ,et al. SmartCheck:static analysis of Ethereum smart contracts[C]// Proceedings of 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). Piscataway:IEEE Press, 2018: 9-16.
[15]	TSANKOV P , DAN A , DRACHSLER-COHEN D ,et al. Securify:practical security analysis of smart contracts[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2018: 67-82.
[16]	BADRUDDOJA S , DANTU R , HE Y Y ,et al. Making smart contracts smarter[C]// Proceedings of 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). Piscataway:IEEE Press, 2021: 1-3.
[17]	FEIST J , GRIECO G , GROCE A . Slither:a static analysis framework for smart contracts[C]// Proceedings of 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). Piscataway:IEEE Press, 2019: 8-15.
[18]	ANAND S , BURKE E K , CHEN T Y ,et al. An orchestrated survey of methodologies for automated software test case generation[J]. Journal of Systems and Software, 2013,86(8): 1978-2001.
[19]	CHEN T Y , KUO F C , LIU H ,et al. Metamorphic testing:a review of challenges and opportunities[J]. ACM Computing Surveys, 2018,51(1): 1-27.
[20]	FENG Y , TORLAK E , BODIK R . Precise attack synthesis for smart contracts[J]. arXiv Preprint,arXiv:1902.06067, 2019.
[21]	GRIECO G , SONG W , CYGAN A ,et al. Echidna:effective,usable,and fast fuzzing for smart contracts[C]// Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. New York:ACM Press, 2020: 557-560.
[22]	XIE X Y , JOSHUA W K H , CHEN T Y . Testing and validating machine learning classifiers by metamorphic testing[J]. Journal of Systems and Software, 2011,84(4): 544-558.
[23]	CHEN T Y , CHEUNG S C , YIU S M . Metamorphic testing:a new approach for generating next test cases[J]. arXiv Preprint,arXiv:2002.12543, 2020.
[24]	CHINEN Y , YANAI N , CRUZ J P ,et al. RA:hunting for re-entrancy attacks in Ethereum smart contracts via static analysis[C]// Proceedings of 2020 IEEE International Conference on Blockchain (Blockchain). Piscataway:IEEE Press, 2020: 327-336.
[25]	惠战伟 . 蜕变测试技术研究[D]. 南京:解放军理工大学, 2015.
	HUI Z W . Metamorphic testing techniques research[D]. Nanjing:PLA University of Science and Technology, 2015.
[26]	CHEN T Y , YU Y T . On the relationship between partition and random testing[J]. IEEE Transactions on Software Engineering, 1994,20(12): 977-980.
[27]	REN M , YIN Z J , MA F C ,et al. Empirical evaluation of smart contract testing:what is the best choice?[C]// Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis. New York:ACM Press, 2021: 566-579.
[28]	SUN C A , FU A , POON P L ,et al. METRIC+:a metamorphic relation identification technique based on input plus output domains[J]. IEEE Transactions on Software Engineering, 2021,47(9): 1764-1785.

智能合约检测方法	存在的问题	蜕变测试的优势
Securify	无法检测到重入攻击漏洞，并存在TOD误报的问题	有效地检测重入攻击漏洞
Echidna	对违规属性的定义非常重要，但定义违规属性可能面临预言问题	有效地应对预言问题
SmartCheck	某些漏洞无法表示为Xpath模式，导致Securify无法检测到包括重入攻击漏洞在内的部分漏洞，缺乏准确性	可以检测重入攻击漏洞，有效地增加测试的准确性

变量名称	变量1	变量2	变量3	变量4
Source input	A_s	B_s	P_s	M_s
Source output	△S_s	—	—	—
Follow input	A_f	B_f	P_f	M_f
Follow output	△S_f	—	—	—
Input relation	A_f=A_s	B_f=B_s	P_f=2P_s	M_s=M_f
Output relation	△S_s=0＆＆△S_f>0	—	—	—

变量名称	变量1	变量2	变量3	变量4
Source input	A_s	B_s	P_s	M_s
Source output	△S_s	—	—	—
Follow input	A_f	B_f	P_f	M_f
Follow output	△S_f	—	—	—
Input relation	A_f=A_s	B_f=B_s	P_f=P_s+2⁸ⁿ	M_s=M_f
Output relation	△S_s<△S_f	—	—	—

变量名称	变量1	变量2	变量3
Source input	A_s	B_s	M_s
Source output	S_s	—	—
Follow input	A_f	B_f	M_f
Follow output	S_f	—	—
Input relation	B_f=(B_s+2^{8 n})	—	—
Output relation	S_s>S_f	—	—

变量名称	变量1	变量2	变量3
Source input	A_s	B_s	M_s
Source output	S_s	—	—
Follow input	A_f	B_f	M_f
Follow output	S_f	—	—
Input relation	B_f=(B_s+1)	—	—
Output relation	S_s＞S_f	—	—

基于蜕变测试的区块链智能合约漏洞检测方法

Vulnerability detection method for blockchain smart contracts based on metamorphic testing

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 21

参考文献 28

相关文章 15

Metrics

推荐阅读 0

合约编号	合约名称	漏洞类型	合约来源
1	Reentrance	重入攻击/加法溢出	Etherscan
2	Bitcoin Red	减法溢出	CVE-2018-11687
3	EtherStore	重入攻击	Etherscan
4	PolyAi	减法溢出	CVE-2018-11812
5	Internet Node Token	加法溢出	CVE-2018-11811
6	Bank	重入攻击	Etherscan
7	Beauty Ecosystem Coin	乘法溢出	CVE-2018-10299
8	Victim	重入攻击	Etherscan
9	Playkey	加法溢出	CVE-2018-11809
10	Token Example	加法溢出	Etherscan

[1]	李致远, 徐丙磊, 周颖仪. 基于图神经网络的账户余额模型区块链地址分类方法[J]. 通信学报, 2023, 44(9): 115-126.
[2]	陈越, 郝增航, 魏江宏, 胡学先, 杨冬梅. 支持陷门撤销和编辑次数限制的可编辑区块链[J]. 通信学报, 2023, 44(7): 100-113.
[3]	张海波, 曹钰坤, 刘开健, 王汝言. 车联网中基于区块链的分布式信任管理方案[J]. 通信学报, 2023, 44(5): 148-157.
[4]	冯涛, 陈李秋, 方君丽, 石建明. 基于本地化差分隐私和属性基可搜索加密的区块链数据共享方案[J]. 通信学报, 2023, 44(5): 224-233.
[5]	刘雪娇, 钟强, 夏莹杰. 基于双层分片区块链的车联网跨信任域高效认证方案[J]. 通信学报, 2023, 44(5): 213-223.
[6]	夏莹杰, 朱思雨, 刘雪娇. 区块链架构下具有条件隐私的车辆编队跨信任域高效群组认证研究[J]. 通信学报, 2023, 44(4): 111-123.
[7]	刘雪娇, 曹天聪, 夏莹杰. 区块链架构下高效的车联网跨域数据安全共享研究[J]. 通信学报, 2023, 44(3): 186-197.
[8]	经普杰, 王良民, 董学文, 张玉书, 王骞, Muhammad Sohail. 分层跨链结构：一种面向区块链系统监管的可行架构[J]. 通信学报, 2023, 44(3): 93-104.
[9]	戴千一, 张斌, 郭松, 徐开勇. 基于多分类器集成的区块链网络层异常流量检测方法[J]. 通信学报, 2023, 44(3): 66-80.
[10]	蒋丽, 谢胜利, 田辉. 面向数字孪生边缘网络的区块链分片及资源自适应优化机制[J]. 通信学报, 2023, 44(3): 12-23.
[11]	黄冬艳, 李琨. 多地址的时间型区块链隐蔽通信方法研究[J]. 通信学报, 2023, 44(2): 148-159.
[12]	王苗苗, 芮兰兰, 徐思雅. 面向文化资源可信共享的多因子身份认证方案[J]. 通信学报, 2023, 44(10): 34-45.
[13]	李雷孝, 杜金泽, 林浩, 高昊昱, 杨艳艳, 高静. 区块链网络隐蔽信道研究进展[J]. 通信学报, 2022, 43(9): 209-223.
[14]	冯霞, 崔凯平, 谢晴晴, 王良民. VANET中基于区块链的分布式匿名认证方案[J]. 通信学报, 2022, 43(9): 134-147.
[15]	杨亚涛, 刘德莉, 刘培鹤, 曾萍, 肖嵩. BFV-Blockchainvoting：支持BFV全同态加密的区块链电子投票系统[J]. 通信学报, 2022, 43(9): 100-111.