一种基于函数依赖的跨合约模糊测试方案  

作　　者：张立强[1,2] 路梦君 严飞[1,2] ZHANG Liqiang;LU Mengjun;YAN Fei(School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,China;Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of Education,Wuhan University,Wuhan 430072,China)

机构地区：[1]武汉大学国家网络安全学院,武汉430072 [2]武汉大学空天信息安全与可信计算教育部重点实验室,武汉430072

出　　处：《信息网络安全》2024年第7期1038-1049,共12页Netinfo Security

基　　金：湖北省重点研发计划[2021BAA027]。

摘　　要：随着区块链应用的快速发展和智能合约的广泛使用,由智能合约引发的安全事件急剧增多,导致基于区块链的数字资产产生了巨大损失。目前,虽然部分工具可以检测智能合约安全漏洞,但是它们主要针对单个智能合约进行检测,未考虑跨合约之间的交互依赖关系,因此会产生较多的误报。针对上述智能合约漏洞检测工具在跨合约场景下误报率较高和性能消耗过大的问题,文章提出一种基于函数依赖的跨合约模糊测试方案FIFuzz。该方案提出ContractRank算法进行合约间依赖关系建模,采用函数重要度来表征函数在合约间交互过程中的重要程度,并在后续模糊测试模块中加以利用。模糊测试通过基于函数重要度的交易序列生成策略和基于合约地址映射关系的地址类型数据生成策略来提高检测效率,缩减跨合约漏洞检测的搜索空间。另外,通过合约调用模拟来降低漏洞检测的假阳性率。与相关工具的对比实验表明,FIFuzz的漏洞检测时间相对其他工具缩短了80%,检测到的漏洞数量是其他工具的两倍,检测跨合约漏洞的准确率也明显高于其他工具。实验结果表明,FIFuzz能够有效提升跨合约漏洞的检测准确率,降低误报率,并减小时间开销。With the rapid development of blockchain applications and the widespread use of smart contracts,the security incidents caused by smart contract have increased dramatically and have caused huge losses to digital assets.Although there are some tools to detect smart contract security vulnerabilities,these tools mainly target single smart contract and do not take into account cross-contract interdependencies,resulting in more false positives.In order to address the above-mentioned problems of high false positives and high performance consumption of smart contract vulnerability detection tools in cross-contract scenarios,this paper proposed FIFuzz,a cross-contract fuzzing scheme based on function dependencies,the enhanced ContractRank algorithm was used to model inter-contract dependencies and the concept of function importance was proposed to characterize the importance of functions in inter-contract interactions.After the pre-processing was completed,the fuzzy test was performed,and the search space for cross-contract vulnerability detection was reduced by using the function importance-based transaction sequence generation strategy and the address type data generation strategy based on the contract address mapping relationship to improve the detection efficiency.In addition,the contract call simulation was used to reduce the false positives of vulnerability detection.Through comparison experiments with relevant tools,FIFuzz detects vulnerabilities in 80% shorter time compared to other tools,detects twice as many vulnerabilities as other tools,and the accuracy of FIFuzz in detecting cross-contract vulnerabilities is significantly better than other tools.The experimental results show that the solution proposed in this paper can effectively improve the detection accuracy of cross-contract vulnerabilities,reduce the false alarm rate,and shorten the time overhead.

关 键 词：智能合约 模糊测试 跨合约漏洞 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]