DeepAI AI Chat
Log In Sign Up

Oracle-Supported Dynamic Exploit Generation for Smart Contracts

09/14/2019
by   Haijun Wang, et al.
KYUSHU UNIVERSITY
Nanyang Technological University
0

Despite the high stakes involved in smart contracts, they are often developed in an undisciplined manner, leaving the security and reliability of blockchain transactions at risk. In this paper, we introduce ContraMaster: an oracle-supported dynamic exploit generation framework for smart contracts. Existing approaches mutate only single transactions; ContraMaster exceeds these by mutating the transaction sequences. ContraMaster uses data-flow, control-flow, and the dynamic contract state to guide its mutations. It then monitors the executions of target contract programs, and validates the results against a general-purpose semantic test oracle to discover vulnerabilities. Being a dynamic technique, it guarantees that each discovered vulnerability is a violation of the test oracle and is able to generate the attack script to exploit this vulnerability. In contrast to rule-based approaches, ContraMaster has not shown any false positives, and it easily generalizes to unknown types of vulnerabilities (e.g., logic errors). We evaluate ContraMaster on 218 vulnerable smart contracts. The experimental results confirm its practical applicability and advantages over the state-of-the-art techniques, and also reveal three new types of attacks.

READ FULL TEXT

page 1

page 2

page 3

page 4

05/06/2021

Reentrancy Vulnerability Identification in Ethereum Smart Contracts

Ethereum Smart contracts use blockchain to transfer values among peers o...
12/14/2022

Vulnerability Analysis of Smart Contracts

Blockchain platforms and smart contracts are vulnerable to security brea...
03/06/2023

Metamorphic Testing for Smart Contract Vulnerabilities Detection

Despite the rapid growth of smart contracts, they are suffering numerous...
02/15/2021

Dynamic Vulnerability Detection on Smart Contracts Using Machine Learning

In this work we propose Dynamit, a monitoring framework to detect reentr...
01/15/2023

Pre-deployment Analysis of Smart Contracts – A Survey

Smart contracts are programs that execute transactions involving indepen...
12/23/2022

Front-Running Attack Benchmark Construction and Vulnerability Detection Technique Evaluation

Front-running attacks have been a major concern on the blockchain. Attac...
08/28/2022

MANDO: Multi-Level Heterogeneous Graph Embeddings for Fine-Grained Detection of Smart Contract Vulnerabilities

Learning heterogeneous graphs consisting of different types of nodes and...