Jisuanji kexue (Aug 2022)
Survey of Ethereum Smart Contract Fuzzing Technology Research
Abstract
Smart contracts running on the blockchain platform completethe establishment and automatic execution of a greements between different participants,and also manage a large number of digital assets.The frequent exposure of smart contract loopholes has caused incalculable economic losses.Fuzzing is an effective dynamic vulnerability detection technique that has been applied to smart contract security research.This paper analyzes the problem of insufficient summarization of smart contract fuzzing in existing review work,and proposes a basic framework for smart contract fuzzing.Taking Ethereum smart contracts as an example,which are currently the most widely studied in smart contract security,the account mechanism and transaction structure closely related to smart contracts are introduced,and the characteristics of smart contracts that are different from traditional programs are summarized.The vulnerabilities of smart contracts are expounded,and the vulnerabilities covered by these smart contract fuzzing techniques are compared.Furthermore,the input generation of the existing smart contract fuzzing technology is analyzed from the aspects of single transaction and transaction sequence.The input mutation is summarized from the functional level,transaction level and transaction sequence level.The use of test oracles for existing smart contract fuzzing techniques is briefly described.In addition,the corresponding technical evaluation indicators are also summarized.Finally,the problems faced by smart contract fuzzing are proposed,and the future research directions are prospected.
Keywords
