Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
ContractFuzzer: fuzzing smart contracts for vulnerability detection
Jiang B., Liu Y., Chan W.  ASE 2018 (Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, Montpellier, France, Sep 3-7, 2018)259-269.2018.Type:Proceedings
Date Reviewed: Oct 11 2019

Many fields exploit blockchain technology, including those related to human and life sciences, supply chains, and clinical research. However, especially in the past couple years (namely 2017), almost all transactions running on public blockchains were related to the decentralized exchange of cryptocurrencies. Such transactions are executed via smart contract programs, which update the status of the blockchain with respect to the exchanged values.

In Ethereum (a popular blockchain implementation), smart contracts are written in a language called Solidity and compiled into code executed by the Ethereum Virtual Machine (EVM). The current daily volume of exchanged currencies is 7.5 billion euros; and in 2018, there were two million smart contracts deployed. Once deployed, smart contracts cannot be modified (they are “written in stone”), thus an ex ante security evaluation is compelling.

Although tools exist (for example, performing static analysis or symbolic execution), they are still crude and new to many developers. The authors develop a fuzzing framework for detecting the security vulnerabilities of smart contracts on the Ethereum platform. They evaluate 6991 smart contracts and identify 459 vulnerabilities (including “the infamous DAO bug” and the Parity Wallet bug). Their fuzzing tool detects seven known vulnerabilities and finds fewer false positives than Oyente, another popular tool that uses formal methods.

When deploying a computer program that potentially holds a high volume of economic assets, a security analysis is of utmost importance. Because both the language and the integrated development environment (IDE) are also in development, tools such as the ones presented in this paper are very useful for any smart contract developer’s toolbox.

Reviewer:  Massimiliano Masi Review #: CR146725 (1912-0444)
Bookmark and Share
  Featured Reviewer  
 
Testing And Debugging (D.2.5 )
 
 
Security and Protection (C.2.0 ... )
 
 
Validation (D.2.4 ... )
 
 
Verification (B.1.4 ... )
 
 
General (D.2.0 )
 
 
Software Engineering (D.2 )
 
Would you recommend this review?
yes
no
Other reviews under "Testing And Debugging": Date
Software defect removal
Dunn R., McGraw-Hill, Inc., New York, NY, 1984. Type: Book (9789780070183131)
Mar 1 1985
On the optimum checkpoint selection problem
Toueg S., Babaoglu O. SIAM Journal on Computing 13(3): 630-649, 1984. Type: Article
Mar 1 1985
Software testing management
Royer T., Prentice-Hall, Inc., Upper Saddle River, NJ, 1993. Type: Book (9780135329870)
Mar 1 1994
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy