Oracle-Supported Dynamic Exploit Generation for Smart Contracts

Despite the high stakes involved in smart contracts, they are often developed in an undisciplined manner, leaving the security and reliability of blockchain transactions at risk. In this article, we introduce ContraMaster-an oracle-supported dynamic exploit generation framework for smart contracts....

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE transactions on dependable and secure computing 2022-05, Vol.19 (3), p.1795-1809
Hauptverfasser:	Wang, Haijun, Liu, Ye, Li, Yi, Lin, Shang-Wei, Artho, Cyrille, Ma, Lei, Liu, Yang
Format:	Artikel
Sprache:	eng
Schlagworte:	Attack scripts Blockchain Computation theory Computer science Contract projects Contract state Contracts Cryptography Dynamic techniques Electrical engineering False positive Fuzzing Mutation Rule-based approach Security and reliabilities security vulnerability Semantics Smart contract Smart contracts Software testing Solid modeling State-of-the-art techniques test oracle
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	1809
container_issue	3
container_start_page	1795
container_title	IEEE transactions on dependable and secure computing
container_volume	19
creator	Wang, Haijun Liu, Ye Li, Yi Lin, Shang-Wei Artho, Cyrille Ma, Lei Liu, Yang
description	Despite the high stakes involved in smart contracts, they are often developed in an undisciplined manner, leaving the security and reliability of blockchain transactions at risk. In this article, we introduce ContraMaster-an oracle-supported dynamic exploit generation framework for smart contracts. Existing approaches mutate only single transactions; ContraMaster exceeds these by mutating the transaction sequences. ContraMaster uses data-flow, control-flow, and the dynamic contract state to guide its mutations. It then monitors the executions of target contract programs, and validates the results against a general-purpose semantic test oracle to discover vulnerabilities. Being a dynamic technique, it guarantees that each discovered vulnerability is a violation of the test oracle and is able to generate the attack script to exploit this vulnerability. In contrast to rule-based approaches, ContraMaster has not shown any false positives, and it easily generalizes to unknown types of vulnerabilities (e.g., logic errors). We evaluate ContraMaster on 218 vulnerable smart contracts. The experimental results confirm its practical applicability and advantages over the state-of-the-art techniques, and also reveal three new types of attacks.
doi_str_mv	10.1109/TDSC.2020.3037332
format	Article
fullrecord	<record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_ieee_primary_9256983</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9256983</ieee_id><sourcerecordid>2663646061</sourcerecordid><originalsourceid>FETCH-LOGICAL-c374t-697d1bde15a78f3f01b5d5300c2c744e8e1338b339e5b2e8de693ffceaa85bda3</originalsourceid><addsrcrecordid>eNo9kLFOwzAQhi0EEqXwAIglEnOK7YsTe0JVWwpSpQ4trJaTXCCljYPjCPr2JErVW-6G7_91-gi5Z3TCGFVP2_lmNuGU0wlQSAD4BRkxFbGQUiYvu1tEIhQqYdfkpml2lPJIqmhEntfOZHsMN21dW-cxD-bHyhzKLFj81Xtb-mCJFTrjS1sFhXXB5mCcD2a28l3QN7fkqjD7Bu9Oe0zeXxbb2Wu4Wi_fZtNVmEES-TBWSc7SHJkwiSygoCwVuQBKM54lUYQSGYBMARSKlKPMMVZQFBkaI0WaGxiTcOhtfrFuU127snvkqK0p9bz8mGrrPvW3_9JcQT9j8jjwtbM_LTZe72zrqu5FzeMY4iimMesoNlCZs03jsDj3Mqp7r7r3qnuv-uS1yzwMmRIRz7ziIlYS4B-RcXQH</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2663646061</pqid></control><display><type>article</type><title>Oracle-Supported Dynamic Exploit Generation for Smart Contracts</title><source>IEEE Electronic Library (IEL)</source><creator>Wang, Haijun ; Liu, Ye ; Li, Yi ; Lin, Shang-Wei ; Artho, Cyrille ; Ma, Lei ; Liu, Yang</creator><creatorcontrib>Wang, Haijun ; Liu, Ye ; Li, Yi ; Lin, Shang-Wei ; Artho, Cyrille ; Ma, Lei ; Liu, Yang</creatorcontrib><description>Despite the high stakes involved in smart contracts, they are often developed in an undisciplined manner, leaving the security and reliability of blockchain transactions at risk. In this article, we introduce ContraMaster-an oracle-supported dynamic exploit generation framework for smart contracts. Existing approaches mutate only single transactions; ContraMaster exceeds these by mutating the transaction sequences. ContraMaster uses data-flow, control-flow, and the dynamic contract state to guide its mutations. It then monitors the executions of target contract programs, and validates the results against a general-purpose semantic test oracle to discover vulnerabilities. Being a dynamic technique, it guarantees that each discovered vulnerability is a violation of the test oracle and is able to generate the attack script to exploit this vulnerability. In contrast to rule-based approaches, ContraMaster has not shown any false positives, and it easily generalizes to unknown types of vulnerabilities (e.g., logic errors). We evaluate ContraMaster on 218 vulnerable smart contracts. The experimental results confirm its practical applicability and advantages over the state-of-the-art techniques, and also reveal three new types of attacks.</description><identifier>ISSN: 1545-5971</identifier><identifier>ISSN: 1941-0018</identifier><identifier>EISSN: 1941-0018</identifier><identifier>DOI: 10.1109/TDSC.2020.3037332</identifier><identifier>CODEN: ITDSCM</identifier><language>eng</language><publisher>Washington: IEEE</publisher><subject>Attack scripts ; Blockchain ; Computation theory ; Computer science ; Contract projects ; Contract state ; Contracts ; Cryptography ; Dynamic techniques ; Electrical engineering ; False positive ; Fuzzing ; Mutation ; Rule-based approach ; Security and reliabilities ; security vulnerability ; Semantics ; Smart contract ; Smart contracts ; Software testing ; Solid modeling ; State-of-the-art techniques ; test oracle</subject><ispartof>IEEE transactions on dependable and secure computing, 2022-05, Vol.19 (3), p.1795-1809</ispartof><rights>Copyright IEEE Computer Society 2022</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c374t-697d1bde15a78f3f01b5d5300c2c744e8e1338b339e5b2e8de693ffceaa85bda3</citedby><cites>FETCH-LOGICAL-c374t-697d1bde15a78f3f01b5d5300c2c744e8e1338b339e5b2e8de693ffceaa85bda3</cites><orcidid>0000-0003-4562-8208 ; 0000-0001-6709-3721 ; 0000-0002-8621-2420 ; 0000-0001-7300-9215 ; 0000-0002-9726-3434 ; 0000-0002-3656-1614</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9256983$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>230,314,780,784,796,885,27924,27925,54758</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/9256983$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc><backlink>$$Uhttps://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-293333$$DView record from Swedish Publication Index$$Hfree_for_read</backlink></links><search><creatorcontrib>Wang, Haijun</creatorcontrib><creatorcontrib>Liu, Ye</creatorcontrib><creatorcontrib>Li, Yi</creatorcontrib><creatorcontrib>Lin, Shang-Wei</creatorcontrib><creatorcontrib>Artho, Cyrille</creatorcontrib><creatorcontrib>Ma, Lei</creatorcontrib><creatorcontrib>Liu, Yang</creatorcontrib><title>Oracle-Supported Dynamic Exploit Generation for Smart Contracts</title><title>IEEE transactions on dependable and secure computing</title><addtitle>TDSC</addtitle><description>Despite the high stakes involved in smart contracts, they are often developed in an undisciplined manner, leaving the security and reliability of blockchain transactions at risk. In this article, we introduce ContraMaster-an oracle-supported dynamic exploit generation framework for smart contracts. Existing approaches mutate only single transactions; ContraMaster exceeds these by mutating the transaction sequences. ContraMaster uses data-flow, control-flow, and the dynamic contract state to guide its mutations. It then monitors the executions of target contract programs, and validates the results against a general-purpose semantic test oracle to discover vulnerabilities. Being a dynamic technique, it guarantees that each discovered vulnerability is a violation of the test oracle and is able to generate the attack script to exploit this vulnerability. In contrast to rule-based approaches, ContraMaster has not shown any false positives, and it easily generalizes to unknown types of vulnerabilities (e.g., logic errors). We evaluate ContraMaster on 218 vulnerable smart contracts. The experimental results confirm its practical applicability and advantages over the state-of-the-art techniques, and also reveal three new types of attacks.</description><subject>Attack scripts</subject><subject>Blockchain</subject><subject>Computation theory</subject><subject>Computer science</subject><subject>Contract projects</subject><subject>Contract state</subject><subject>Contracts</subject><subject>Cryptography</subject><subject>Dynamic techniques</subject><subject>Electrical engineering</subject><subject>False positive</subject><subject>Fuzzing</subject><subject>Mutation</subject><subject>Rule-based approach</subject><subject>Security and reliabilities</subject><subject>security vulnerability</subject><subject>Semantics</subject><subject>Smart contract</subject><subject>Smart contracts</subject><subject>Software testing</subject><subject>Solid modeling</subject><subject>State-of-the-art techniques</subject><subject>test oracle</subject><issn>1545-5971</issn><issn>1941-0018</issn><issn>1941-0018</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNo9kLFOwzAQhi0EEqXwAIglEnOK7YsTe0JVWwpSpQ4trJaTXCCljYPjCPr2JErVW-6G7_91-gi5Z3TCGFVP2_lmNuGU0wlQSAD4BRkxFbGQUiYvu1tEIhQqYdfkpml2lPJIqmhEntfOZHsMN21dW-cxD-bHyhzKLFj81Xtb-mCJFTrjS1sFhXXB5mCcD2a28l3QN7fkqjD7Bu9Oe0zeXxbb2Wu4Wi_fZtNVmEES-TBWSc7SHJkwiSygoCwVuQBKM54lUYQSGYBMARSKlKPMMVZQFBkaI0WaGxiTcOhtfrFuU127snvkqK0p9bz8mGrrPvW3_9JcQT9j8jjwtbM_LTZe72zrqu5FzeMY4iimMesoNlCZs03jsDj3Mqp7r7r3qnuv-uS1yzwMmRIRz7ziIlYS4B-RcXQH</recordid><startdate>20220501</startdate><enddate>20220501</enddate><creator>Wang, Haijun</creator><creator>Liu, Ye</creator><creator>Li, Yi</creator><creator>Lin, Shang-Wei</creator><creator>Artho, Cyrille</creator><creator>Ma, Lei</creator><creator>Liu, Yang</creator><general>IEEE</general><general>IEEE Computer Society</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>JQ2</scope><scope>ADTPV</scope><scope>AOWAS</scope><scope>D8V</scope><orcidid>https://orcid.org/0000-0003-4562-8208</orcidid><orcidid>https://orcid.org/0000-0001-6709-3721</orcidid><orcidid>https://orcid.org/0000-0002-8621-2420</orcidid><orcidid>https://orcid.org/0000-0001-7300-9215</orcidid><orcidid>https://orcid.org/0000-0002-9726-3434</orcidid><orcidid>https://orcid.org/0000-0002-3656-1614</orcidid></search><sort><creationdate>20220501</creationdate><title>Oracle-Supported Dynamic Exploit Generation for Smart Contracts</title><author>Wang, Haijun ; Liu, Ye ; Li, Yi ; Lin, Shang-Wei ; Artho, Cyrille ; Ma, Lei ; Liu, Yang</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c374t-697d1bde15a78f3f01b5d5300c2c744e8e1338b339e5b2e8de693ffceaa85bda3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Attack scripts</topic><topic>Blockchain</topic><topic>Computation theory</topic><topic>Computer science</topic><topic>Contract projects</topic><topic>Contract state</topic><topic>Contracts</topic><topic>Cryptography</topic><topic>Dynamic techniques</topic><topic>Electrical engineering</topic><topic>False positive</topic><topic>Fuzzing</topic><topic>Mutation</topic><topic>Rule-based approach</topic><topic>Security and reliabilities</topic><topic>security vulnerability</topic><topic>Semantics</topic><topic>Smart contract</topic><topic>Smart contracts</topic><topic>Software testing</topic><topic>Solid modeling</topic><topic>State-of-the-art techniques</topic><topic>test oracle</topic><toplevel>online_resources</toplevel><creatorcontrib>Wang, Haijun</creatorcontrib><creatorcontrib>Liu, Ye</creatorcontrib><creatorcontrib>Li, Yi</creatorcontrib><creatorcontrib>Lin, Shang-Wei</creatorcontrib><creatorcontrib>Artho, Cyrille</creatorcontrib><creatorcontrib>Ma, Lei</creatorcontrib><creatorcontrib>Liu, Yang</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>ProQuest Computer Science Collection</collection><collection>SwePub</collection><collection>SwePub Articles</collection><collection>SWEPUB Kungliga Tekniska Högskolan</collection><jtitle>IEEE transactions on dependable and secure computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Wang, Haijun</au><au>Liu, Ye</au><au>Li, Yi</au><au>Lin, Shang-Wei</au><au>Artho, Cyrille</au><au>Ma, Lei</au><au>Liu, Yang</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Oracle-Supported Dynamic Exploit Generation for Smart Contracts</atitle><jtitle>IEEE transactions on dependable and secure computing</jtitle><stitle>TDSC</stitle><date>2022-05-01</date><risdate>2022</risdate><volume>19</volume><issue>3</issue><spage>1795</spage><epage>1809</epage><pages>1795-1809</pages><issn>1545-5971</issn><issn>1941-0018</issn><eissn>1941-0018</eissn><coden>ITDSCM</coden><abstract>Despite the high stakes involved in smart contracts, they are often developed in an undisciplined manner, leaving the security and reliability of blockchain transactions at risk. In this article, we introduce ContraMaster-an oracle-supported dynamic exploit generation framework for smart contracts. Existing approaches mutate only single transactions; ContraMaster exceeds these by mutating the transaction sequences. ContraMaster uses data-flow, control-flow, and the dynamic contract state to guide its mutations. It then monitors the executions of target contract programs, and validates the results against a general-purpose semantic test oracle to discover vulnerabilities. Being a dynamic technique, it guarantees that each discovered vulnerability is a violation of the test oracle and is able to generate the attack script to exploit this vulnerability. In contrast to rule-based approaches, ContraMaster has not shown any false positives, and it easily generalizes to unknown types of vulnerabilities (e.g., logic errors). We evaluate ContraMaster on 218 vulnerable smart contracts. The experimental results confirm its practical applicability and advantages over the state-of-the-art techniques, and also reveal three new types of attacks.</abstract><cop>Washington</cop><pub>IEEE</pub><doi>10.1109/TDSC.2020.3037332</doi><tpages>15</tpages><orcidid>https://orcid.org/0000-0003-4562-8208</orcidid><orcidid>https://orcid.org/0000-0001-6709-3721</orcidid><orcidid>https://orcid.org/0000-0002-8621-2420</orcidid><orcidid>https://orcid.org/0000-0001-7300-9215</orcidid><orcidid>https://orcid.org/0000-0002-9726-3434</orcidid><orcidid>https://orcid.org/0000-0002-3656-1614</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext_linktorsrc
identifier	ISSN: 1545-5971
ispartof	IEEE transactions on dependable and secure computing, 2022-05, Vol.19 (3), p.1795-1809
issn	1545-5971 1941-0018 1941-0018
language	eng
recordid	cdi_ieee_primary_9256983
source	IEEE Electronic Library (IEL)
subjects	Attack scripts Blockchain Computation theory Computer science Contract projects Contract state Contracts Cryptography Dynamic techniques Electrical engineering False positive Fuzzing Mutation Rule-based approach Security and reliabilities security vulnerability Semantics Smart contract Smart contracts Software testing Solid modeling State-of-the-art techniques test oracle
title	Oracle-Supported Dynamic Exploit Generation for Smart Contracts
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-04T13%3A20%3A28IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Oracle-Supported%20Dynamic%20Exploit%20Generation%20for%20Smart%20Contracts&rft.jtitle=IEEE%20transactions%20on%20dependable%20and%20secure%20computing&rft.au=Wang,%20Haijun&rft.date=2022-05-01&rft.volume=19&rft.issue=3&rft.spage=1795&rft.epage=1809&rft.pages=1795-1809&rft.issn=1545-5971&rft.eissn=1941-0018&rft.coden=ITDSCM&rft_id=info:doi/10.1109/TDSC.2020.3037332&rft_dat=%3Cproquest_RIE%3E2663646061%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2663646061&rft_id=info:pmid/&rft_ieee_id=9256983&rfr_iscdi=true