On July 17, local time in the United States, ISSTA 2023, the top conference in the field of software engineering, was officially held in Seattle. ISSTA (The 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis) is one of the most famous international conferences on software testing and analysis, and it is also a Class A international academic conference (CCF-A) recommended by the China Computer Federation. In this conference, the School of Software Engineering of Sun Yat-sen University and WeBank jointly published the latest research results of the blockchain. The research proposed a new type of fuzzy testing framework for logic loopholes caused by inconsistent states in smart contracts.
Members participating in this research include doctoral student Ye Mingxi and master student Wu Dongpeng from Sun Yat-sen University. The instructors are Sun Yat-sen University professor Zheng Zibin, associate professor Nan Yuhong, and Li Huizhong, head of research and development of WeBank's blockchain underlying platform. The research has also been supported by projects such as the National Key Research and Development Program, the National Natural Science Foundation of China, and the Wechat Scholars Program.
Among them, the WeBank Scholars Program is a high-standard and high-standard innovative research project initiated and established by WeBank. Based on the actual needs of financial services and the direction of future technological development, it aims to reserve Academia and corporate scientific research forces focus on actual industrial pain points and conduct scientific research in real business scenarios. Professor Zheng Zibin was selected into the first batch of Weizhong Scholars Program by virtue of his outstanding research and outstanding contributions in the field of blockchain. He undertook the topic of blockchain. Based on the smart contract scene of the FISCO BCOS open source blockchain underlying platform, he built an easy-to-use smart contract agreement Security verification and efficient security verification platform.
research introduction
In recent years, blockchain technology has developed rapidly, and smart contracts, as a new type of basic software, have been widely used in finance, art, games and other fields. At present, tens of thousands of users use smart contracts every day, and the average daily transaction volume can reach 5 billion US dollars.
However, different from program vulnerability detection in traditional fields, vulnerabilities in smart contracts are usually logic errors and defects that are more difficult to detect, and the consequences are more serious. In the state inconsistency vulnerability, the attacker manipulates the program state of the smart contract on the blockchain to make the execution result of the program inconsistent with the user's expected result. By exploiting this type of vulnerability, an attacker can preemptively run or affect the execution flow of the program, thereby affecting the normal execution of the program and obtaining improper benefits from it.
Existing state-inconsistency vulnerability detection schemes mainly face two problems: (1) High false positive rate due to lack of accurate context information. Due to the inability to accurately restore the context information during the running of smart contracts, static analysis methods may introduce unexecutable program paths, resulting in false positives; (2) High false negative rates due to the lack of effective testing guidelines. Existing fuzz testing methods need to rely on expert knowledge to design test criteria, and are highly dependent on existing attack patterns, resulting in the inability to identify new attack methods.
Therefore, the School of Software Engineering of Sun Yat-sen University and WeBank conducted joint research and proposed a new fuzzing testing framework IcyChecker, which was published at ISSTA 2023 under the title "Detecting State Inconsistency Bugs in DApps via On-Chain Transaction Replay and Fuzzing".
In response to the above problems, IcyChecker first obtains historical function calls and corresponding fine-grained context information by replaying historical data. IcyChecker then performs fuzz testing based on the collected historical information, generating new function call sequences that trigger program vulnerabilities. Finally, IcyChecker uses differential analysis to identify inconsistencies in the execution results of peer-to-peer transaction sequences, thereby discovering vulnerabilities.
Based on the rich context information collected from historical data on the chain, the accuracy of IcyChecker detection has increased to over 80%. For the first time, the research introduces differential analysis technology to identify logical loopholes in smart contracts, and realizes loophole detection without relying on expert knowledge.