Automated Generation of Test Cases for Smart Contract Security Analyzers

Ki Byung Kim; Jonghyup Lee

doi:10.1109/ACCESS.2020.3039990

IEEE Access (Jan 2020)

Automated Generation of Test Cases for Smart Contract Security Analyzers

Ki Byung Kim,
Jonghyup Lee

Affiliations

Ki Byung Kim: ORCiD; Department of Mathematical Finance, Gachon University, Seongnam, South Korea
Jonghyup Lee: ORCiD; Department of Mathematical Finance, Gachon University, Seongnam, South Korea

DOI: https://doi.org/10.1109/ACCESS.2020.3039990
Journal volume & issue: Vol. 8
pp. 209377 – 209392

Abstract

Read online

We address the absence of reliable tests on contract analyzers of smart contracts and present a systematic method to diversify test cases by combining smart-contract-specific bugs and static analysis barriers in this paper. Using contract analyzers is the most practical solution for building a secure blockchain service, but they are relatively immature and lacking stable performance metrics. Traditionally, performance reports only compare static contract analyzers with pre-defined test cases, such as the Juliet test suite. However, building such test suites is burdensome for smart contracts, which are frequently change. In this paper, we propose an automated method to assess contract analyzers of smart contracts by diversifying test cases. In the experimental results, we identified nine erroneous alarms in the state-of-the-art contract analyzers with automatically generated test cases on five vulnerabilities.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords