Automated Generation of Test Cases for Smart Contract Security Analyzers

Kim, Ki Byung; Lee, Jong-Hyup

doi:10.1109/access.2020.3039990

Cited by 15 publications

(7 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…A smart contract is, as previously stated, an immutable software code that runs on top of the blockchain. Currently, Ethereum is the most popular blockchain for smart contracts [ 15 ], but other blockchains with smart contract support are shown in recent studies [ 40 ].…”

Section: Blockchains and Smart Contractsmentioning

confidence: 99%

“…For this reason, the distributed fashion of blockchain creates particular requirements for elaborating the contracts [ 12 , 13 ]. As shown in [ 14 ], constant changes in the DevOps process can cause unexpected delays, which can be a big issue in the case of smart contracts, given that the language is changing fast [ 15 ] and with it, the need to implement new and more complete tools and development strategies. However, the viability of implementing a few steps of DevOps on an Ethereum blockchain has been proven by Wöhrer, and Zdun [ 16 ].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Continuous and Secure Integration Framework for Smart Contracts

Reyes

Jimeno

Villanueva-Polanco

2023

Sensors

View full text Add to dashboard Cite

As part of agile methodologies seen in the past few years, IT organizations have continuously adopted new practices in their software delivery life-cycle to improve both efficiency and effectiveness of development teams. Two of these practices are continuous integration and continuous deployment, which are part of the DevOps cycle which has helped organizations build software effectively and efficiently. These practices must be considered for new technologies such as smart contracts, where security concerns and bugs might cost more once deployed than traditional software. This paper states the importance of using a proper DevOps routine and how it is possible to apply this practice to a smart contract build. Specifically, this paper introduces a framework to implement DevOps for smart contracts development by describing multiple DevOps tools and their applicability to smart contract development.

show abstract

Section: Blockchains and Smart Contractsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Continuous and Secure Integration Framework for Smart Contracts

Reyes

Jimeno

Villanueva-Polanco

2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Jiang 等人 [13] 则设计了一款基于模糊分析的工具 Contracufuzzer, 用于检测 Ethereum 智能合约的安全漏洞. Kim [43] 提出了一种为智能合约分析工具自动生成测试用例的方法, 辅助工具检测重入性漏洞. 然而, 如果生成的测试用例中不包含重入性循环路径, 则可能导致检测误差.…”

Section: Figure 1 An Example Of Reentrancy Vulnerabilityunclassified

Smart contract reentrancy vulnerability detection method based on manifold pigeon optimization algorithm

Liu¹,

Huang²,

Xiang³

et al. 2022

Sci. Sin.-Tech.

View full text Add to dashboard Cite

Reentrancy vulnerability commonly exists in smart contract, which results in serious economic losses. Existing symbolic execution-based static analyzing tools detect reentrancy vulnerability by evaluating default rules. However, the incompleteness of the default rules can lead to false positive judgments. Therefore, we attempt to solve this problem from the perspective of test case generation based on dynamic execution. In this paper, the application scenario is abstracted as a mathematical model of automated test case generation for path coverage (ATCG-PC) with reentrancy loop paths. Reentrancy vulnerability can be detected by executing the test cases of reentrancy loop paths. The swarm intelligence algorithm represented by the pigeon optimization algorithm is a common method for solving the black-box optimization problem. Pigeon-inspired optimization algorithm searches in the neighbor of the population optimal solution. However, the optimal solution of the large-scale black-box optimization problem may not be in this neighbor. To improve the path coverage rate of the pigeon-inspired optimization algorithm for ATCG-PC, an improved pigeoninspired optimization algorithm is proposed. The proposed algorithm allocates more computational resources to the subspace related to the target path, thereby improving the effectiveness of the pigeon-inspired optimization algorithm. It helps pigeon-inspired optimization algorithm to cover the reetrancy loop path. The experimental results show that the improved pigeon-inspired optimization algorithm can effectively generate path coverage test cases in different smart contracts. The proposed method can also find all possible paths and detect reentrancy vulnerabilities accurately when other tools (i.e., Oyente, Securify, and Smartcheck) make false positive judgments in the selected eight benchmarks. The recognition accuracy of reentrancy vulnerabilities is improved by 12.5%, 12.5%, and 25%, respectively.

show abstract

“…There have been recent advances in automated generation of test cases, models for formal verification of security properties, and methodologies for practical security analyses for smart contracts. Nonetheless, several high-profile failures to achieve safety have resulted in some negative perception of the safety of blockchain systems [18]- [20]. These concerns for safety have been amplified by existing bottlenecks in the throughput of several blockchain systems [17], [21].…”

Section: Some Challenges To Widespread Adoption Of Blockchain Technologymentioning

confidence: 99%

Talaria: A Framework for Simulation of Permissioned Blockchains for Logistics and Beyond

Xing,

Fischer,

Labh

et al. 2021

Preprint

View full text Add to dashboard Cite

Automated Generation of Test Cases for Smart Contract Security Analyzers

Cited by 15 publications

References 12 publications

Continuous and Secure Integration Framework for Smart Contracts

Continuous and Secure Integration Framework for Smart Contracts

Smart contract reentrancy vulnerability detection method based on manifold pigeon optimization algorithm

Talaria: A Framework for Simulation of Permissioned Blockchains for Logistics and Beyond

Contact Info

Product

Resources

About