{"id":206,"date":"2024-07-15T16:37:16","date_gmt":"2024-07-15T08:37:16","guid":{"rendered":"https:\/\/www.ndnlab.com\/?p=206"},"modified":"2024-07-19T09:37:25","modified_gmt":"2024-07-19T01:37:25","slug":"%e6%9c%80%e6%96%b0%e5%8c%ba%e5%9d%97%e9%93%be%e8%ae%ba%e6%96%87%e5%bd%95%e7%94%a8a%e4%bc%9a-issta-2024","status":"publish","type":"post","link":"https:\/\/www.ndnlab.com\/?p=206","title":{"rendered":"\u6700\u65b0\u533a\u5757\u94fe\u8bba\u6587\u5f55\u7528A\u4f1a-ISSTA 2024"},"content":{"rendered":"
\n
\"\u6700\u65b0\u533a\u5757\u94fe\u8bba\u6587\u5f55\u7528A\u4f1a-ISSTA<\/figure>\n<\/div>\n\n\n

Conference\uff1aACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)
\nLocation:Vienna, Austria
\nConference time\uff1aMon 16 – Fri 20 September 2024
\nWebsite:https:\/\/2024.issta.org\/track\/issta-2024-papers#event-overview<\/p>\n\n\n\n

\n

1\u3001Towards Identifying Exploitable Bottlenecks in Blockchain Clients
\u5bfb\u627e\u533a\u5757\u94fe\u5ba2\u6237\u7aef\u4e2d\u53ef\u5229\u7528\u7684\u74f6\u9888<\/p>\n<\/blockquote>\n\n\n\n

\"\u6700\u65b0\u533a\u5757\u94fe\u8bba\u6587\u5f55\u7528A\u4f1a-ISSTA<\/figure>\n\n\n\n

Blockchain clients serve as foundational components of blockchain networks, each maintaining a replica of the blockchain ledger. They are crucial for ensuring network decentralization, integrity, and stability. However, like all complex software systems, blockchain clients are susceptible to bottlenecks. Certain bottlenecks create vulnerabilities, allowing attackers to intentionally overload these weak points and congest client execution, leading to denial of service (DoS) attacks. We refer to these vulnerabilities as exploitable bottlenecks.Existing research primarily focuses on a limited number of such bottlenecks and often relies on manual analysis. To address this gap, this paper investigates the root causes of bottlenecks in software and introduces a novel tool named ThreadWatch. ThreadWatch monitors runtime symptoms indicative of these issues by modeling clients as a set of threads and delineating their interactions to accurately characterize client behavior. Leveraging ThreadWatch, we identify suspicious bottlenecks and assess their potential for exploitation by external attackers.Applying ThreadWatch to four mainstream blockchain clients developed in different programming languages, we discover a total of 13 exploitable bottlenecks, six of which were previously unknown. As of the time of writing, three CVEs have been assigned based on our findings, highlighting the practical impact of our approach.<\/p>\n\n\n\n

\u533a\u5757\u94fe\u5ba2\u6237\u7aef\u662f\u533a\u5757\u94fe\u7f51\u7edc\u7684\u57fa\u7840\u7ec4\u6210\u90e8\u5206\uff0c\u6bcf\u4e2a\u5ba2\u6237\u7aef\u90fd\u7ef4\u62a4\u7740\u533a\u5757\u94fe\u8d26\u672c\u7684\u526f\u672c\u3002\u5b83\u4eec\u5bf9\u4e8e\u786e\u4fdd\u7f51\u7edc\u7684\u53bb\u4e2d\u5fc3\u5316\u3001\u5b8c\u6574\u6027\u548c\u7a33\u5b9a\u6027\u81f3\u5173\u91cd\u8981\u3002\u7136\u800c\uff0c\u50cf\u6240\u6709\u590d\u6742\u7684\u8f6f\u4ef6\u7cfb\u7edf\u4e00\u6837\uff0c\u533a\u5757\u94fe\u5ba2\u6237\u7aef\u5bb9\u6613\u53d7\u5230\u74f6\u9888\u7684\u5f71\u54cd\u3002\u67d0\u4e9b\u74f6\u9888\u4f1a\u4ea7\u751f\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u6545\u610f\u8d85\u8f7d\u8fd9\u4e9b\u5f31\u70b9\u5e76\u963b\u585e\u5ba2\u6237\u7aef\u6267\u884c\uff0c\u4ece\u800c\u53d1\u52a8\u62d2\u7edd\u670d\u52a1 (DoS) \u653b\u51fb\u3002\u6211\u4eec\u5c06\u8fd9\u4e9b\u6f0f\u6d1e\u79f0\u4e3a\u53ef\u5229\u7528\u7684\u74f6\u9888\u3002\u73b0\u6709\u7814\u7a76\u4e3b\u8981\u96c6\u4e2d\u5728\u5c11\u6570\u6b64\u7c7b\u74f6\u9888\u4e0a\uff0c\u5e76\u4e14\u901a\u5e38\u4f9d\u8d56\u4e8e\u4eba\u5de5\u5206\u6790\u3002\u4e3a\u586b\u8865\u8fd9\u4e00\u7a7a\u767d\uff0c\u672c\u6587\u63a2\u8ba8\u4e86\u8f6f\u4ef6\u74f6\u9888\u7684\u6839\u672c\u539f\u56e0\uff0c\u5e76\u5f15\u5165\u4e86\u4e00\u79cd\u540d\u4e3a ThreadWatch \u7684\u65b0\u5de5\u5177\u3002ThreadWatch \u901a\u8fc7\u5c06\u5ba2\u6237\u7aef\u5efa\u6a21\u4e3a\u4e00\u7ec4\u7ebf\u7a0b\uff0c\u5e76\u63cf\u8ff0\u5b83\u4eec\u7684\u4ea4\u4e92\uff0c\u4ee5\u51c6\u786e\u63cf\u8ff0\u5ba2\u6237\u7aef\u884c\u4e3a\u5e76\u76d1\u63a7\u8fd9\u4e9b\u95ee\u9898\u7684\u8fd0\u884c\u65f6\u75c7\u72b6\u3002\u5229\u7528 ThreadWatch\uff0c\u6211\u4eec\u8bc6\u522b\u51fa\u53ef\u7591\u7684\u74f6\u9888\u5e76\u8bc4\u4f30\u5b83\u4eec\u88ab\u5916\u90e8\u653b\u51fb\u8005\u5229\u7528\u7684\u6f5c\u529b\u3002\u5c06 ThreadWatch \u5e94\u7528\u4e8e\u4f7f\u7528\u4e0d\u540c\u7f16\u7a0b\u8bed\u8a00\u5f00\u53d1\u7684\u56db\u4e2a\u4e3b\u6d41\u533a\u5757\u94fe\u5ba2\u6237\u7aef\u540e\uff0c\u6211\u4eec\u53d1\u73b0\u4e86\u603b\u5171 13 \u4e2a\u53ef\u5229\u7528\u7684\u74f6\u9888\uff0c\u5176\u4e2d\u516d\u4e2a\u662f\u4ee5\u524d\u672a\u77e5\u7684\u3002\u622a\u81f3\u64b0\u5199\u672c\u6587\u65f6\uff0c\u57fa\u4e8e\u6211\u4eec\u7684\u53d1\u73b0\u5df2\u7ecf\u5206\u914d\u4e86\u4e09\u4e2a CVE\uff0c\u7a81\u663e\u4e86\u6211\u4eec\u65b9\u6cd5\u7684\u5b9e\u9645\u5f71\u54cd\u3002<\/p>\n\n\n\n

\n

2\u3001Empirical Analysis of Move Smart Contract Security and the Introduction of MoveScan
Move \u667a\u80fd\u5408\u7ea6\u5b89\u5168\u6027\u7684\u5b9e\u8bc1\u5206\u6790\u4e0e MoveScan \u7684\u5f15\u5165<\/p>\n<\/blockquote>\n\n\n\n

\"\u6700\u65b0\u533a\u5757\u94fe\u8bba\u6587\u5f55\u7528A\u4f1a-ISSTA<\/figure>\n\n\n\n

Move, a smart contract programming language, is renowned for its security-oriented design. However, the real-world security effectiveness of Move contracts has not been thoroughly examined. This study presents the first extensive empirical analysis of Move contract security. Our initial efforts included a manual audit of 652 contracts from 92 Move projects in collaboration with a security firm. This audit uncovered eight distinct defect types, with half being previously undocumented. These defects pose potential security threats or could lead to inefficient use of computational resources. To assess the prevalence of these defects in live Move contracts, we developed MoveScan, an automated analysis framework that translates bytecode into an intermediate representation (IR), extracts vital meta-information, and identifies all eight defect types. Using MoveScan, we identified 97,169 defects across 37,302 deployed contracts on the Aptos and Sui blockchains, highlighting a significant occurrence of defects. Experimental results show that MoveScan achieves a precision rate of 98.85%, with an average analysis time per project of only 5.45 milliseconds. This performance surpasses that of previous state-of-the-art tools, such as MoveLint, which has an accuracy of 87.50% and an average analysis time of 71.72 milliseconds, and Move Prover, which has a recall rate of 6.02% and requires manual intervention. Our findings provide new insights and recommendations for enhancing the security of Move contracts.<\/p>\n\n\n\n

Move \u662f\u4e00\u79cd\u667a\u80fd\u5408\u7ea6\u7f16\u7a0b\u8bed\u8a00\uff0c\u4ee5\u5176\u5b89\u5168\u5bfc\u5411\u7684\u8bbe\u8ba1\u800c\u95fb\u540d\u3002\u7136\u800c\uff0cMove \u5408\u7ea6\u5728\u73b0\u5b9e\u4e16\u754c\u4e2d\u7684\u5b89\u5168\u6027\u6548\u529b\u5c1a\u672a\u5f97\u5230\u5f7b\u5e95\u68c0\u9a8c\u3002\u672c\u7814\u7a76\u9996\u6b21\u5bf9 Move \u5408\u7ea6\u5b89\u5168\u6027\u8fdb\u884c\u4e86\u5e7f\u6cdb\u7684\u5b9e\u8bc1\u5206\u6790\u3002\u6211\u4eec\u6700\u521d\u7684\u5de5\u4f5c\u5305\u62ec\u4e0e\u4e00\u5bb6\u5b89\u5168\u516c\u53f8\u5408\u4f5c\uff0c\u624b\u52a8\u5ba1\u8ba1\u6765\u81ea 92 \u4e2a Move \u9879\u76ee\u7684 652 \u4efd\u5408\u7ea6\u3002\u8fd9\u6b21\u5ba1\u8ba1\u53d1\u73b0\u4e86\u516b\u79cd\u4e0d\u540c\u7c7b\u578b\u7684\u7f3a\u9677\uff0c\u5176\u4e2d\u4e00\u534a\u4ee5\u524d\u672a\u6709\u6587\u732e\u8bb0\u5f55\u3002\u8fd9\u4e9b\u7f3a\u9677\u53ef\u80fd\u5e26\u6765\u6f5c\u5728\u7684\u5b89\u5168\u5a01\u80c1\u6216\u5bfc\u81f4\u8ba1\u7b97\u8d44\u6e90\u7684\u4f4e\u6548\u5229\u7528\u3002\u4e3a\u4e86\u8bc4\u4f30\u8fd9\u4e9b\u7f3a\u9677\u5728\u5b9e\u9645 Move \u5408\u7ea6\u4e2d\u7684\u666e\u904d\u6027\uff0c\u6211\u4eec\u5f00\u53d1\u4e86 MoveScan\uff0c\u8fd9\u662f\u4e00\u4e2a\u81ea\u52a8\u5206\u6790\u6846\u67b6\uff0c\u53ef\u4ee5\u5c06\u5b57\u8282\u7801\u8f6c\u6362\u4e3a\u4e2d\u95f4\u8868\u793a (IR)\uff0c\u63d0\u53d6\u91cd\u8981\u7684\u5143\u4fe1\u606f\uff0c\u5e76\u8bc6\u522b\u6240\u6709\u516b\u79cd\u7f3a\u9677\u7c7b\u578b\u3002\u901a\u8fc7\u4f7f\u7528 MoveScan\uff0c\u6211\u4eec\u5728 Aptos \u548c Sui \u533a\u5757\u94fe\u4e0a\u90e8\u7f72\u7684 37,302 \u4efd\u5408\u7ea6\u4e2d\u53d1\u73b0\u4e86 97,169 \u4e2a\u7f3a\u9677\uff0c\u7a81\u663e\u4e86\u7f3a\u9677\u7684\u663e\u8457\u5b58\u5728\u3002\u5b9e\u9a8c\u7ed3\u679c\u8868\u660e\uff0cMoveScan \u7684\u7cbe\u786e\u7387\u8fbe\u5230 98.85%\uff0c\u6bcf\u4e2a\u9879\u76ee\u7684\u5e73\u5747\u5206\u6790\u65f6\u95f4\u4ec5\u4e3a 5.45 \u6beb\u79d2\u3002\u8fd9\u4e00\u6027\u80fd\u8d85\u8fc7\u4e86\u4e4b\u524d\u6700\u5148\u8fdb\u7684\u5de5\u5177\uff0c\u5982 MoveLint\uff08\u51c6\u786e\u7387\u4e3a 87.50%\uff0c\u5e73\u5747\u5206\u6790\u65f6\u95f4\u4e3a 71.72 \u6beb\u79d2\uff09\u548c Move Prover\uff08\u53ec\u56de\u7387\u4e3a 6.02%\uff0c\u9700\u8981\u4eba\u5de5\u5e72\u9884\uff09\u3002\u6211\u4eec\u7684\u7814\u7a76\u7ed3\u679c\u63d0\u4f9b\u4e86\u65b0\u7684\u89c1\u89e3\u548c\u5efa\u8bae\uff0c\u6709\u52a9\u4e8e\u589e\u5f3a Move \u5408\u7ea6\u7684\u5b89\u5168\u6027\u3002<\/p>\n\n\n\n

\n

3\u3001Optimizing Function Call Order in Smart Contracts to Minimize Gas Fees
\u4f18\u5316\u667a\u80fd\u5408\u7ea6\u4e2d\u7684\u51fd\u6570\u8c03\u7528\u987a\u5e8f\u4ee5\u51cf\u5c11 Gas \u8d39\u7528<\/p>\n<\/blockquote>\n\n\n\n

\"\u6700\u65b0\u533a\u5757\u94fe\u8bba\u6587\u5f55\u7528A\u4f1a-ISSTA<\/figure>\n\n\n\n

Smart contracts, primarily written in Solidity, are Turing-complete programs executed on blockchain platforms like Ethereum. To prevent resource misuse, users are required to pay a gas fee when deploying or invoking smart contracts. While reducing gas consumption has garnered significant attention, the impact of function call order on invocation gas fees has not been thoroughly studied. In this paper, we elucidate how function dispatch influences gas consumption during contract invocation. We introduce OptiDispatch, a bytecode refactoring method and open-source tool designed to minimize the overall gas fees associated with smart contract invocations. At the source code level, OptiDispatch identifies frequently invoked functions within a smart contract and reorders them at the bytecode level to optimize their dispatch order. We implemented OptiDispatch and evaluated its performance on 50 randomly selected real-world smart contracts from Ethereum. The experimental results indicate that OptiDispatch can save approximately 125.17 gas units per transaction, with an additional compilation overhead of only 0.37 seconds.<\/p>\n\n\n\n

\u667a\u80fd\u5408\u7ea6\u4e3b\u8981\u7528 Solidity \u7f16\u5199\uff0c\u662f\u5728\u4ee5\u592a\u574a\u7b49\u533a\u5757\u94fe\u5e73\u53f0\u4e0a\u6267\u884c\u7684\u56fe\u7075\u5b8c\u5907\u7a0b\u5e8f\u3002\u4e3a\u9632\u6b62\u8d44\u6e90\u6ee5\u7528\uff0c\u7528\u6237\u5728\u90e8\u7f72\u6216\u8c03\u7528\u667a\u80fd\u5408\u7ea6\u65f6\u9700\u8981\u652f\u4ed8 Gas \u8d39\u7528\u3002\u5c3d\u7ba1\u51cf\u5c11 Gas \u6d88\u8017\u53d7\u5230\u4e86\u5e7f\u6cdb\u5173\u6ce8\uff0c\u4f46\u51fd\u6570\u8c03\u7528\u987a\u5e8f\u5bf9\u8c03\u7528 Gas \u8d39\u7528\u7684\u5f71\u54cd\u5c1a\u672a\u5f97\u5230\u5145\u5206\u7814\u7a76\u3002\u672c\u6587\u9610\u660e\u4e86\u51fd\u6570\u8c03\u5ea6\u5982\u4f55\u5f71\u54cd\u5408\u7ea6\u8c03\u7528\u8fc7\u7a0b\u4e2d\u7684 Gas \u6d88\u8017\u3002\u6211\u4eec\u4ecb\u7ecd\u4e86 OptiDispatch\uff0c\u8fd9\u662f\u4e00\u79cd\u5b57\u8282\u7801\u91cd\u6784\u65b9\u6cd5\u548c\u5f00\u6e90\u5de5\u5177\uff0c\u65e8\u5728\u5c3d\u91cf\u51cf\u5c11\u4e0e\u667a\u80fd\u5408\u7ea6\u8c03\u7528\u76f8\u5173\u7684\u6574\u4f53 Gas \u8d39\u7528\u3002\u5728\u6e90\u4ee3\u7801\u7ea7\u522b\uff0cOptiDispatch \u8bc6\u522b\u667a\u80fd\u5408\u7ea6\u4e2d\u9891\u7e41\u8c03\u7528\u7684\u51fd\u6570\uff0c\u5e76\u5728\u5b57\u8282\u7801\u7ea7\u522b\u91cd\u65b0\u6392\u5e8f\u4ee5\u4f18\u5316\u5176\u8c03\u5ea6\u987a\u5e8f\u3002\u6211\u4eec\u5b9e\u73b0\u4e86 OptiDispatch \u5e76\u5728\u4ece\u4ee5\u592a\u574a\u968f\u673a\u9009\u62e9\u7684 50 \u4e2a\u771f\u5b9e\u667a\u80fd\u5408\u7ea6\u4e0a\u8bc4\u4f30\u4e86\u5176\u6027\u80fd\u3002\u5b9e\u9a8c\u7ed3\u679c\u8868\u660e\uff0cOptiDispatch \u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u4ea4\u6613\u8282\u7701\u7ea6 125.17 \u4e2a Gas \u5355\u4f4d\uff0c\u800c\u7f16\u8bd1\u5f00\u9500\u4ec5\u589e\u52a0 0.37 \u79d2\u3002<\/p>\n\n\n\n

\n

4\u3001Detecting Security Flaws in Smart Contract Code Snippets from Stack Overflow
\u4eceStack Overflow\u4ee3\u7801\u7247\u6bb5\u4e2d\u68c0\u6d4b\u667a\u80fd\u5408\u7ea6\u5b89\u5168\u6f0f\u6d1e<\/p>\n<\/blockquote>\n\n\n\n

\"\u6700\u65b0\u533a\u5757\u94fe\u8bba\u6587\u5f55\u7528A\u4f1a-ISSTA<\/figure>\n\n\n\n

Smart contract developers frequently turn to Q&A platforms such as Stack Overflow (SO) for solutions to their coding challenges. While the community often provides helpful advice, the shared code snippets can sometimes contain hidden vulnerabilities. Integrating these snippets directly into smart contracts can expose them to malicious attacks. To investigate this issue, we conducted an online survey and received 74 responses from smart contract developers. The survey revealed that a significant majority (86.4%) of respondents do not adequately consider security when reusing code snippets from SO. Although there are several tools available to detect vulnerabilities in smart contracts, these tools are generally designed to analyze complete contracts and are not effective for analyzing typical code snippets found on SO. We present SOChecker, the first tool specifically designed to identify potential vulnerabilities in incomplete smart contract code snippets from SO. SOChecker uses a fine-tuned Llama2 model for code completion, followed by symbolic execution methods for vulnerability detection. Our experiments, conducted on a dataset of 897 code snippets collected from smart contract-related SO posts, show that SOChecker achieves an F1 score of 68.2%, significantly outperforming GPT-3.5 and GPT-4, which scored 20.9% and 33.2% respectively. These results highlight the importance of improving the security of code snippets from Q&A websites.<\/p>\n\n\n\n

\u667a\u80fd\u5408\u7ea6\u5f00\u53d1\u4eba\u5458\u7ecf\u5e38\u5728 Stack Overflow (SO) \u7b49\u95ee\u7b54\u5e73\u53f0\u4e0a\u5bfb\u6c42\u7f16\u7801\u6311\u6218\u7684\u89e3\u51b3\u65b9\u6848\u3002\u5c3d\u7ba1\u793e\u533a\u901a\u5e38\u63d0\u4f9b\u6709\u7528\u7684\u5efa\u8bae\uff0c\u4f46\u5171\u4eab\u7684\u4ee3\u7801\u7247\u6bb5\u6709\u65f6\u53ef\u80fd\u5305\u542b\u9690\u85cf\u7684\u6f0f\u6d1e\u3002\u5c06\u8fd9\u4e9b\u7247\u6bb5\u76f4\u63a5\u96c6\u6210\u5230\u667a\u80fd\u5408\u7ea6\u4e2d\u53ef\u80fd\u4f1a\u4f7f\u5176\u66b4\u9732\u4e8e\u6076\u610f\u653b\u51fb\u3002\u4e3a\u8c03\u67e5\u8fd9\u4e00\u95ee\u9898\uff0c\u6211\u4eec\u8fdb\u884c\u4e86\u5728\u7ebf\u8c03\u67e5\uff0c\u5e76\u6536\u5230\u4e86\u6765\u81ea\u667a\u80fd\u5408\u7ea6\u5f00\u53d1\u4eba\u5458\u7684 74 \u4efd\u56de\u590d\u3002\u8c03\u67e5\u663e\u793a\uff0c\u7edd\u5927\u591a\u6570 (86.4%) \u53d7\u8bbf\u8005\u5728\u91cd\u7528 SO \u4ee3\u7801\u7247\u6bb5\u65f6\u6ca1\u6709\u5145\u5206\u8003\u8651\u5b89\u5168\u6027\u3002\u5c3d\u7ba1\u6709\u51e0\u79cd\u5de5\u5177\u53ef\u7528\u4e8e\u68c0\u6d4b\u667a\u80fd\u5408\u7ea6\u4e2d\u7684\u6f0f\u6d1e\uff0c\u4f46\u8fd9\u4e9b\u5de5\u5177\u901a\u5e38\u662f\u4e3a\u5206\u6790\u5b8c\u6574\u5408\u7ea6\u800c\u8bbe\u8ba1\u7684\uff0c\u5bf9\u4e8e\u5206\u6790 SO \u4e0a\u5178\u578b\u7684\u4ee3\u7801\u7247\u6bb5\u5e76\u4e0d\u6709\u6548\u3002\u6211\u4eec\u4ecb\u7ecd\u4e86 SOChecker\uff0c\u8fd9\u662f\u7b2c\u4e00\u4e2a\u4e13\u95e8\u7528\u4e8e\u8bc6\u522b SO \u4e0a\u4e0d\u5b8c\u6574\u667a\u80fd\u5408\u7ea6\u4ee3\u7801\u7247\u6bb5\u4e2d\u6f5c\u5728\u6f0f\u6d1e\u7684\u5de5\u5177\u3002SOChecker \u9996\u5148\u5229\u7528\u7ecf\u8fc7\u5fae\u8c03\u7684 Llama2 \u6a21\u578b\u8fdb\u884c\u4ee3\u7801\u8865\u5168\uff0c\u7136\u540e\u5e94\u7528\u7b26\u53f7\u6267\u884c\u65b9\u6cd5\u8fdb\u884c\u6f0f\u6d1e\u68c0\u6d4b\u3002\u6211\u4eec\u5728\u4e00\u4e2a\u5305\u542b\u4ece\u667a\u80fd\u5408\u7ea6\u76f8\u5173 SO \u5e16\u5b50\u4e2d\u6536\u96c6\u7684 897 \u4e2a\u4ee3\u7801\u7247\u6bb5\u7684\u6570\u636e\u96c6\u4e0a\u8fdb\u884c\u4e86\u5b9e\u9a8c\uff0c\u7ed3\u679c\u8868\u660e SOChecker \u7684 F1 \u5f97\u5206\u4e3a 68.2%\uff0c\u663e\u8457\u8d85\u8fc7\u4e86 GPT-3.5 \u548c GPT-4\uff0c\u5b83\u4eec\u7684\u5f97\u5206\u5206\u522b\u4e3a 20.9% \u548c 33.2%\u3002\u8fd9\u4e9b\u7ed3\u679c\u7a81\u663e\u4e86\u63d0\u9ad8\u95ee\u7b54\u7f51\u7ad9\u4ee3\u7801\u7247\u6bb5\u5b89\u5168\u6027\u7684\u91cd\u8981\u6027\u3002<\/p>\n\n\n\n

\n

5\u3001A Novel Approach to Speculative Symbolic Execution of Smart Contracts by Leveraging Executed and Near Transactions
\u901a\u8fc7\u5229\u7528\u5df2\u6267\u884c\u548c\u5373\u5c06\u6267\u884c\u7684\u4ea4\u6613\u8fdb\u884c\u667a\u80fd\u5408\u7ea6\u6295\u673a\u6027\u7b26\u53f7\u6267\u884c\u7684\u65b0\u65b9\u6cd5<\/p>\n<\/blockquote>\n\n\n\n

\"\u6700\u65b0\u533a\u5757\u94fe\u8bba\u6587\u5f55\u7528A\u4f1a-ISSTA<\/figure>\n\n\n\n

Symbolic execution has demonstrated its effectiveness for code analysis in smart contracts. However, current symbolic tools for smart contracts utilize multiple-transaction symbolic execution, which not only differs from traditional symbolic tools but also exacerbates the path explosion problem. This paper quantitatively analyzes the bottlenecks of symbolic execution in multiple transactions (TXs) and identifies the redundancy of TX paths. Based on these findings, we introduce LENT-SSE, a new speculative heuristic for Speculative Symbolic Execution of smart contracts, which leverages executed and near TXs to skip and recall SMT solving paths. LENT-SSE employs an executed-transaction-based skipping algorithm to reduce SMT solving time by exploiting the redundancy between executed and executing paths. Additionally, LENT-SSE utilizes a near-transaction-based recalling algorithm to minimize false skips in solving paths. Experimental results on the SmartBugs dataset demonstrate that LENT-SSE can reduce total execution time by 37.4% and path solving time by 65.2% on average without decreasing the number of reported bugs. On a separate dataset of 1000 realistic contracts, total execution time and path solving time were reduced by 38.1% and 54.7%, respectively.<\/p>\n\n\n\n

\u7b26\u53f7\u6267\u884c\u5df2\u88ab\u8bc1\u660e\u662f\u667a\u80fd\u5408\u7ea6\u4ee3\u7801\u5206\u6790\u7684\u6709\u6548\u65b9\u6cd5\u3002\u7136\u800c\uff0c\u73b0\u6709\u7684\u667a\u80fd\u5408\u7ea6\u7b26\u53f7\u5de5\u5177\u91c7\u7528\u591a\u4ea4\u6613\u7b26\u53f7\u6267\u884c\uff0c\u8fd9\u4e0e\u4f20\u7edf\u7b26\u53f7\u5de5\u5177\u4e0d\u540c\uff0c\u5e76\u52a0\u5267\u4e86\u8def\u5f84\u7206\u70b8\u95ee\u9898\u3002\u672c\u6587\u9996\u5148\u5b9a\u91cf\u5206\u6790\u4e86\u591a\u4ea4\u6613\uff08TX\uff09\u4e2d\u7b26\u53f7\u6267\u884c\u7684\u74f6\u9888\uff0c\u53d1\u73b0\u4e86TX\u8def\u5f84\u7684\u5197\u4f59\u3002\u57fa\u4e8e\u8fd9\u4e00\u53d1\u73b0\uff0c\u6211\u4eec\u63d0\u51fa\u4e86LENT-SSE\uff0c\u4f5c\u4e3a\u667a\u80fd\u5408\u7ea6\u63a8\u6d4b\u7b26\u53f7\u6267\u884c\u7684\u4e00\u79cd\u65b0\u63a8\u6d4b\u542f\u53d1\u5f0f\u7b97\u6cd5\uff0c\u5b83\u5229\u7528\u5df2\u6267\u884c\u548c\u90bb\u8fd1TX\u6765\u8df3\u8fc7\u548c\u8c03\u7528\u8def\u5f84\u7684SMT\u6c42\u89e3\u3002LENT-SSE\u4f7f\u7528\u57fa\u4e8e\u5df2\u6267\u884c\u4ea4\u6613\u7684\u8df3\u8fc7\u7b97\u6cd5\uff0c\u901a\u8fc7\u5229\u7528\u5df2\u6267\u884c\u8def\u5f84\u548c\u6b63\u5728\u6267\u884c\u8def\u5f84\u4e4b\u95f4\u7684\u5197\u4f59\u6765\u51cf\u5c11SMT\u6c42\u89e3\u65f6\u95f4\u3002\u6b64\u5916\uff0cLENT-SSE\u4f7f\u7528\u57fa\u4e8e\u90bb\u8fd1\u4ea4\u6613\u7684\u8c03\u7528\u7b97\u6cd5\u6765\u51cf\u5c11\u5bf9\u6c42\u89e3\u8def\u5f84\u7684\u9519\u8bef\u8df3\u8fc7\u3002\u5728SmartBugs\u6570\u636e\u96c6\u4e0a\u7684\u5b9e\u9a8c\u7ed3\u679c\u8868\u660e\uff0c\u5728\u4e0d\u51cf\u5c11\u62a5\u544a\u7684bug\u6570\u91cf\u7684\u524d\u63d0\u4e0b\uff0cLENT-SSE\u5e73\u5747\u53ef\u4ee5\u5c06\u603b\u6267\u884c\u65f6\u95f4\u51cf\u5c1137.4%\uff0c\u8def\u5f84\u6c42\u89e3\u65f6\u95f4\u51cf\u5c1165.2%\uff1b\u57281000\u4e2a\u771f\u5b9e\u5408\u7ea6\u7684\u6570\u636e\u96c6\u4e0a\uff0c\u603b\u6267\u884c\u65f6\u95f4\u548c\u8def\u5f84\u6c42\u89e3\u65f6\u95f4\u5206\u522b\u51cf\u5c11\u4e8638.1%\u548c54.7%\u3002<\/p>\n\n\n\n

\n

6\u3001Discovering Lucrative Vulnerabilities in On-Chain Smart Contracts using Feedback-Driven Fuzzing and Differential Analysis
\u5229\u7528\u53cd\u9988\u9a71\u52a8\u7684\u6a21\u7cca\u6d4b\u8bd5\u548c\u5dee\u5f02\u5206\u6790\u53d1\u73b0\u94fe\u4e0a\u667a\u80fd\u5408\u7ea6\u4e2d\u7684\u6709\u5229\u6f0f\u6d1e<\/p>\n<\/blockquote>\n\n\n\n

\"\u6700\u65b0\u533a\u5757\u94fe\u8bba\u6587\u5f55\u7528A\u4f1a-ISSTA<\/figure>\n\n\n\n

In the context of advancing smart contract applications, ensuring their security is crucial. Exploits in smart contracts often lead to significant financial losses. Securing them is far from trivial. Unlike crashes, most attacks on on-chain smart contracts aim to cause financial losses, known as profitable exploits. By crafting seemingly innocuous inputs, profitable exploits seek to extract additional profit or compromise others’ interests. However, due to the complexity of call chains in on-chain smart contracts and the necessity for effective oracles for profitable exploits, smart contract fuzzing suffers from low efficiency and effectiveness in detecting profitable exploits. This paper introduces Midas, a novel feedback-driven fuzzing framework designed to effectively uncover profitable exploits in on-chain smart contracts. Midas comprises two modules: diverse validity fuzzing and profitable transaction identification. The diverse validity fuzzing module employs dual waypoints to efficiently generate valid transactions, addressing the intricate call chains of on-chain smart contracts. The profitable transaction identification module utilizes differential analysis to effectively pinpoint profitable exploits, overcoming the limitations of ad-hoc oracles. Evaluation of Midas on various on-chain smart contracts demonstrated its ability to identify 40 real-world exploits with 80% precision, surpassing state-of-the-art tools (such as ItyFuzz and Slither) in both efficiency and effectiveness. Particularly, Midas successfully unearthed five previously unknown exploits in critical smart contracts, two of which have already been confirmed by their DApp developers.\u94fe\u4e0a\u667a\u80fd\u5408\u7ea6\u5ba2\u6237\u7aef\u662f\u533a\u5757\u94fe\u7f51\u7edc\u7684\u57fa\u672c\u7ec4\u6210\u90e8\u5206\uff0c\u6bcf\u4e2a\u5ba2\u6237\u7aef\u90fd\u7ef4\u62a4\u7740\u533a\u5757\u94fe\u8d26\u672c\u7684\u526f\u672c\u3002\u5b83\u4eec\u5bf9\u4e8e\u786e\u4fdd\u7f51\u7edc\u7684\u53bb\u4e2d\u5fc3\u5316\u3001\u5b8c\u6574\u6027\u548c\u7a33\u5b9a\u6027\u81f3\u5173\u91cd\u8981\u3002\u7136\u800c\uff0c\u4e0e\u7a0b\u5e8f\u5d29\u6e83\u4e0d\u540c\uff0c\u94fe\u4e0a\u667a\u80fd\u5408\u7ea6\u4e2d\u7684\u5927\u591a\u6570\u653b\u51fb\u65e8\u5728\u8bf1\u53d1\u8d22\u52a1\u635f\u5931\uff0c\u88ab\u79f0\u4e3a\u6709\u5229\u53ef\u56fe\u7684\u6f0f\u6d1e\u5229\u7528\u3002\u8fd9\u4e9b\u6f0f\u6d1e\u5229\u7528\u901a\u8fc7\u770b\u4f3c\u65e0\u5bb3\u7684\u8f93\u5165\u8bd5\u56fe\u83b7\u53d6\u989d\u5916\u5229\u6da6\u6216\u635f\u5bb3\u4ed6\u4eba\u7684\u5229\u76ca\u3002\u7136\u800c\uff0c\u7531\u4e8e\u94fe\u4e0a\u667a\u80fd\u5408\u7ea6\u8c03\u7528\u94fe\u7684\u590d\u6742\u6027\u4ee5\u53ca\u6709\u5229\u53ef\u56fe\u7684\u6f0f\u6d1e\u5229\u7528\u9700\u8981\u6709\u6548\u7684\u9884\u8a00\u673a\uff0c\u73b0\u6709\u7684\u667a\u80fd\u5408\u7ea6\u6a21\u7cca\u6d4b\u8bd5\u65b9\u6cd5\u5728\u53d1\u73b0\u6709\u5229\u53ef\u56fe\u7684\u6f0f\u6d1e\u5229\u7528\u65b9\u9762\u6548\u7387\u548c\u6548\u679c\u4e0d\u4f73\u3002\u672c\u6587\u4ecb\u7ecd\u4e86GoldMine\uff0c\u4e00\u79cd\u65b0\u9896\u7684\u53cd\u9988\u9a71\u52a8\u7684\u6a21\u7cca\u6d4b\u8bd5\u6846\u67b6\uff0c\u65e8\u5728\u6709\u6548\u6316\u6398\u94fe\u4e0a\u667a\u80fd\u5408\u7ea6\u4e2d\u7684\u6709\u5229\u53ef\u56fe\u7684\u6f0f\u6d1e\u5229\u7528\u3002GoldMine \u5305\u542b\u4e24\u4e2a\u6838\u5fc3\u6a21\u5757\uff1a\u591a\u6837\u5316\u6709\u6548\u6027\u6a21\u7cca\u6d4b\u8bd5\u548c\u6709\u5229\u53ef\u56fe\u7684\u4ea4\u6613\u8bc6\u522b\u3002\u591a\u6837\u5316\u6709\u6548\u6027\u6a21\u7cca\u6d4b\u8bd5\u6a21\u5757\u91c7\u7528\u53cc\u8def\u5f84\u70b9\u6765\u6709\u6548\u751f\u6210\u6709\u6548\u4ea4\u6613\uff0c\u89e3\u51b3\u94fe\u4e0a\u667a\u80fd\u5408\u7ea6\u8c03\u7528\u94fe\u7684\u590d\u6742\u6027\u3002\u76c8\u5229\u4ea4\u6613\u8bc6\u522b\u6a21\u5757\u5229\u7528\u5dee\u5f02\u5206\u6790\u6765\u6709\u6548\u5b9a\u4f4d\u6709\u5229\u53ef\u56fe\u7684\u6f0f\u6d1e\u5229\u7528\uff0c\u514b\u670d\u4e86\u4e34\u65f6\u9884\u8a00\u673a\u7684\u5c40\u9650\u6027\u3002\u5bf9GoldMine\u5728\u5404\u79cd\u94fe\u4e0a\u667a\u80fd\u5408\u7ea6\u4e0a\u7684\u8bc4\u4f30\u8868\u660e\uff0c\u5b83\u80fd\u591f\u4ee580%\u7684\u7cbe\u5ea6\u8bc6\u522b\u51fa40\u4e2a\u771f\u5b9e\u4e16\u754c\u7684\u6f0f\u6d1e\uff0c\u5728\u6548\u7387\u548c\u6709\u6548\u6027\u65b9\u9762\u5747\u4f18\u4e8eItyFuzz\u548cSlither\u7b49\u6700\u5148\u8fdb\u7684\u5de5\u5177\u3002\u7279\u522b\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0cGoldMine\u6210\u529f\u5730\u53d1\u73b0\u4e86\u4e94\u4e2a\u4ee5\u524d\u672a\u77e5\u7684\u6709\u4ef7\u503c\u667a\u80fd\u5408\u7ea6\u4e2d\u7684\u6f0f\u6d1e\u5229\u7528\uff0c\u5176\u4e2d\u4e24\u4e2a\u6f0f\u6d1e\u5229\u7528\u5728\u64b0\u5199\u672c\u6587\u65f6\u5df2\u88ab\u5176\u76f8\u5e94\u7684DApp\u5f00\u53d1\u4eba\u5458\u786e\u8ba4\u3002<\/p>\n\n\n\n

\u5728\u63a8\u52a8\u667a\u80fd\u5408\u7ea6\u5e94\u7528\u7684\u540c\u65f6\uff0c\u786e\u4fdd\u5176\u5b89\u5168\u6027\u663e\u5f97\u5c24\u4e3a\u91cd\u8981\u3002\u667a\u80fd\u5408\u7ea6\u7684\u6f0f\u6d1e\u901a\u5e38\u4f1a\u5bfc\u81f4\u663e\u8457\u7684\u8d22\u52a1\u635f\u5931\uff0c\u56e0\u6b64\u786e\u4fdd\u5b83\u4eec\u7684\u5b89\u5168\u6027\u7edd\u975e\u6613\u4e8b\u3002\u4e0d\u540c\u4e8e\u7b80\u5355\u7684\u5d29\u6e83\uff0c\u94fe\u4e0a\u667a\u80fd\u5408\u7ea6\u4e2d\u7684\u5927\u591a\u6570\u653b\u51fb\u65e8\u5728\u5bfc\u81f4\u8d22\u52a1\u635f\u5931\uff0c\u5373\u6240\u8c13\u7684\u6709\u5229\u53ef\u56fe\u7684\u6f0f\u6d1e\u5229\u7528\u3002\u901a\u8fc7\u6784\u9020\u770b\u4f3c\u65e0\u5bb3\u7684\u8f93\u5165\uff0c\u6709\u5229\u53ef\u56fe\u7684\u6f0f\u6d1e\u5229\u7528\u8bd5\u56fe\u83b7\u53d6\u989d\u5916\u5229\u6da6\u6216\u635f\u5bb3\u4ed6\u4eba\u7684\u5229\u76ca\u3002\u7136\u800c\uff0c\u7531\u4e8e\u94fe\u4e0a\u667a\u80fd\u5408\u7ea6\u8c03\u7528\u94fe\u7684\u590d\u6742\u6027\u4ee5\u53ca\u6709\u5229\u53ef\u56fe\u7684\u6f0f\u6d1e\u5229\u7528\u5bf9\u6709\u6548\u9884\u8a00\u673a\u7684\u9700\u6c42\uff0c\u667a\u80fd\u5408\u7ea6\u6a21\u7cca\u6d4b\u8bd5\u5728\u68c0\u6d4b\u6709\u5229\u53ef\u56fe\u7684\u6f0f\u6d1e\u5229\u7528\u65b9\u9762\u6548\u7387\u548c\u6548\u679c\u5747\u4e0d\u9ad8\u3002\u672c\u6587\u4ecb\u7ecd\u4e86\u4e00\u79cd\u65b0\u9896\u7684\u53cd\u9988\u9a71\u52a8\u6a21\u7cca\u6d4b\u8bd5\u6846\u67b6 Midas\uff0c\u65e8\u5728\u6709\u6548\u6316\u6398\u94fe\u4e0a\u667a\u80fd\u5408\u7ea6\u4e2d\u7684\u6709\u5229\u53ef\u56fe\u7684\u6f0f\u6d1e\u5229\u7528\u3002Midas \u5305\u542b\u4e24\u4e2a\u6a21\u5757\uff1a\u591a\u6837\u5316\u6709\u6548\u6027\u6a21\u7cca\u6d4b\u8bd5\u548c\u6709\u5229\u53ef\u56fe\u7684\u4ea4\u6613\u8bc6\u522b\u3002\u591a\u6837\u5316\u6709\u6548\u6027\u6a21\u7cca\u6d4b\u8bd5\u6a21\u5757\u91c7\u7528\u53cc\u91cd\u8def\u5f84\u70b9\u6765\u9ad8\u6548\u751f\u6210\u6709\u6548\u4ea4\u6613\uff0c\u89e3\u51b3\u4e86\u94fe\u4e0a\u667a\u80fd\u5408\u7ea6\u8c03\u7528\u94fe\u7684\u590d\u6742\u6027\u95ee\u9898\u3002\u6709\u5229\u53ef\u56fe\u7684\u4ea4\u6613\u8bc6\u522b\u6a21\u5757\u5229\u7528\u5dee\u5f02\u5206\u6790\u6765\u6709\u6548\u8bc6\u522b\u6709\u5229\u53ef\u56fe\u7684\u6f0f\u6d1e\u5229\u7528\uff0c\u514b\u670d\u4e86\u4e34\u65f6\u9884\u8a00\u673a\u7684\u5c40\u9650\u6027\u3002\u5728\u591a\u4e2a\u94fe\u4e0a\u667a\u80fd\u5408\u7ea6\u4e0a\u5bf9 Midas \u7684\u8bc4\u4f30\u663e\u793a\uff0c\u5b83\u80fd\u591f\u51c6\u786e\u8bc6\u522b\u51fa 40 \u4e2a\u771f\u5b9e\u4e16\u754c\u7684\u6f0f\u6d1e\uff0c\u51c6\u786e\u7387\u8fbe\u5230 80%\uff0c\u5728\u6548\u7387\u548c\u6709\u6548\u6027\u4e0a\u5747\u4f18\u4e8e\u73b0\u6709\u7684\u5de5\u5177\uff08\u5982 ItyFuzz \u548c Slither\uff09\u3002\u7279\u522b\u662f\uff0cMidas \u6210\u529f\u6316\u6398\u4e86\u4e94\u4e2a\u5148\u524d\u672a\u77e5\u7684\u6709\u4ef7\u503c\u667a\u80fd\u5408\u7ea6\u4e2d\u7684\u6f0f\u6d1e\uff0c\u5176\u4e2d\u4e24\u4e2a\u5df2\u7ecf\u5f97\u5230\u5176 DApp \u5f00\u53d1\u4eba\u5458\u7684\u786e\u8ba4\u3002<\/p>\n\n\n\n

\n

7\u3001Automated Detection and Analysis of Price Manipulation Attacks in Decentralized Finance (DeFi) Platforms
\u81ea\u52a8\u68c0\u6d4b\u548c\u5206\u6790 DeFi \u5e73\u53f0\u4e2d\u4ef7\u683c\u64cd\u7eb5\u653b\u51fb<\/p>\n<\/blockquote>\n\n\n\n

\"\u6700\u65b0\u533a\u5757\u94fe\u8bba\u6587\u5f55\u7528A\u4f1a-ISSTA<\/figure>\n\n\n\n

Decentralized Finance (DeFi) applications facilitate tamper-proof transactions among anonymous users. However, vulnerabilities in transaction mechanisms, contract code, or third-party components can be exploited by attackers to manipulate token prices, leading to financial losses. Detecting price manipulation attacks, which often exploit specific states and complex trading sequences, remains challenging for existing detection tools. Auditors prioritize understanding the attack methodology to implement targeted defenses rather than merely confirming its occurrence. To address these challenges, this paper introduces DeFort, an innovative framework for automated detection and analysis of price manipulation attacks in DeFi platforms. DeFort employs a price manipulation behavior model for on-chain detection, diverse price monitoring strategies to identify pools with abnormal token prices, and various profit calculation mechanisms to validate attacks. Leveraging behavioral models, DeFort automatically identifies transactions and functions causing abnormal price fluctuations, enabling the identification of both attackers and victims. Experimental results demonstrate DeFort’s effectiveness over existing methods in detecting price manipulation. Over a two-month monitoring period of 441 real-world projects, DeFort successfully detected five price manipulation attacks.<\/p>\n\n\n\n

\u53bb\u4e2d\u5fc3\u5316\u91d1\u878d\uff08DeFi\uff09\u5e94\u7528\u652f\u6301\u533f\u540d\u7528\u6237\u4e4b\u95f4\u7684\u9632\u7be1\u6539\u4ea4\u6613\u3002\u7136\u800c\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u4ea4\u6613\u673a\u5236\u3001\u5408\u7ea6\u4ee3\u7801\u6216\u7b2c\u4e09\u65b9\u7ec4\u4ef6\u4e2d\u7684\u6f0f\u6d1e\u6765\u64cd\u7eb5\u4ee3\u5e01\u4ef7\u683c\uff0c\u5bfc\u81f4\u8d22\u52a1\u635f\u5931\u3002\u68c0\u6d4b\u4ef7\u683c\u64cd\u7eb5\u653b\u51fb\u901a\u5e38\u6d89\u53ca\u7279\u5b9a\u72b6\u6001\u548c\u590d\u6742\u7684\u4ea4\u6613\u5e8f\u5217\uff0c\u8fd9\u5bf9\u73b0\u6709\u68c0\u6d4b\u5de5\u5177\u6784\u6210\u4e86\u6311\u6218\u3002\u5ba1\u8ba1\u4eba\u5458\u66f4\u91cd\u89c6\u7406\u89e3\u653b\u51fb\u65b9\u6cd5\u4ee5\u5b9e\u65bd\u6709\u9488\u5bf9\u6027\u7684\u9632\u5fa1\uff0c\u800c\u4e0d\u4ec5\u4ec5\u662f\u786e\u8ba4\u653b\u51fb\u7684\u53d1\u751f\u3002\u4e3a\u89e3\u51b3\u8fd9\u4e9b\u6311\u6218\uff0c\u672c\u6587\u5f15\u5165\u4e86DeFort\uff0c\u4e00\u79cd\u7528\u4e8e\u81ea\u52a8\u68c0\u6d4b\u548c\u5206\u6790 DeFi \u5e73\u53f0\u4e2d\u4ef7\u683c\u64cd\u7eb5\u653b\u51fb\u7684\u521b\u65b0\u6846\u67b6\u3002DeFort\u91c7\u7528\u4ef7\u683c\u64cd\u7eb5\u884c\u4e3a\u6a21\u578b\u8fdb\u884c\u94fe\u4e0a\u68c0\u6d4b\uff0c\u591a\u79cd\u4ef7\u683c\u76d1\u63a7\u7b56\u7565\u6765\u8bc6\u522b\u5b58\u5728\u5f02\u5e38\u4ee3\u5e01\u4ef7\u683c\u7684\u6c60\uff0c\u5e76\u5229\u7528\u5404\u79cd\u5229\u6da6\u8ba1\u7b97\u673a\u5236\u9a8c\u8bc1\u653b\u51fb\u3002\u5229\u7528\u884c\u4e3a\u6a21\u578b\uff0cDeFort \u53ef\u81ea\u52a8\u8bc6\u522b\u5bfc\u81f4\u4ef7\u683c\u5f02\u5e38\u6ce2\u52a8\u7684\u4ea4\u6613\u548c\u529f\u80fd\uff0c\u5b9e\u73b0\u653b\u51fb\u8005\u548c\u53d7\u5bb3\u8005\u7684\u8bc6\u522b\u3002\u5b9e\u9a8c\u7ed3\u679c\u8868\u660e\uff0cDeFort \u5728\u68c0\u6d4b\u4ef7\u683c\u64cd\u7eb5\u65b9\u9762\u4f18\u4e8e\u73b0\u6709\u65b9\u6cd5\u3002\u5728\u5bf9 441 \u4e2a\u771f\u5b9e\u9879\u76ee\u8fdb\u884c\u4e24\u4e2a\u6708\u7684\u76d1\u63a7\u540e\uff0cDeFort \u6210\u529f\u68c0\u6d4b\u5230\u4e86\u4e94\u6b21\u4ef7\u683c\u64cd\u7eb5\u653b\u51fb\u3002<\/p>\n\n\n\n

\n
\n
\n

8\u3001Real-time Fault Localization for Decentralized Applications in Web3
Web3\u4e2d\u53bb\u4e2d\u5fc3\u5316\u5e94\u7528\u7a0b\u5e8f\u7684\u5b9e\u65f6\u6545\u969c\u5b9a\u4f4d<\/p>\n<\/blockquote>\n<\/div>\n<\/div>\n\n\n\n

\"\u6700\u65b0\u533a\u5757\u94fe\u8bba\u6587\u5f55\u7528A\u4f1a-ISSTA<\/figure>\n\n\n\n

Web3 represents the future evolution of the Internet, leveraging blockchain technology to enable the Internet of Value. Decentralized applications (DApps), pivotal in the Web3 ecosystem, have gained prominence in recent years. Given their inherent connection to cryptocurrencies, faults in DApps can lead to substantial financial losses. Hence, efficient fault localization is crucial for prompt DApp recovery and minimizing economic risks. Traditional fault localization methods often fall short in this domain due to their inability to identify DApp-specific fault patterns, such as unauthorized cryptocurrency transfers. To address this gap, researchers have explored techniques like mutation testing, though these methods are often impractical due to their time-intensive nature. This paper presents a pioneering study on fault localization for DApps. We introduce DAppFL, a learning-based tool that employs reverse engineering to capture executed source code and trace cryptocurrency flows, aiding in pinpointing faulty functions. Additionally, we introduce a benchmark dataset for DApp fault localization, enhancing research in this critical area. Experimental results demonstrate that DAppFL achieves a 63% Top-5 fault localization rate, surpassing current state-of-the-art methods by 23%.<\/p>\n\n\n\n

Web3 \u63cf\u8ff0\u4e86\u4e92\u8054\u7f51\u7684\u672a\u6765\u6f14\u8fdb\uff0c\u5229\u7528\u533a\u5757\u94fe\u6280\u672f\u5b9e\u73b0\u4e86\u4ef7\u503c\u4e92\u8054\u7f51\u3002\u4f5c\u4e3a Web3 \u751f\u6001\u7cfb\u7edf\u4e2d\u7684\u5173\u952e\u7ec4\u6210\u90e8\u5206\uff0c\u53bb\u4e2d\u5fc3\u5316\u5e94\u7528\u7a0b\u5e8f\uff08DApp\uff09\u8fd1\u5e74\u6765\u65e5\u76ca\u91cd\u8981\u3002\u7531\u4e8e\u5176\u4e0e\u52a0\u5bc6\u8d27\u5e01\u7684\u56fa\u6709\u8054\u7cfb\uff0cDApp \u4e2d\u7684\u6545\u969c\u53ef\u80fd\u5bfc\u81f4\u91cd\u5927\u8d22\u52a1\u635f\u5931\u3002\u56e0\u6b64\uff0c\u5bf9\u4e8e\u5feb\u901f\u6062\u590d DApp \u5e76\u6700\u5c0f\u5316\u7ecf\u6d4e\u98ce\u9669\uff0c\u9ad8\u6548\u7684\u6545\u969c\u5b9a\u4f4d\u81f3\u5173\u91cd\u8981\u3002\u4f20\u7edf\u7684\u6545\u969c\u5b9a\u4f4d\u65b9\u6cd5\u901a\u5e38\u5728\u8fd9\u4e00\u9886\u57df\u8868\u73b0\u4e0d\u4f73\uff0c\u56e0\u4e3a\u5b83\u4eec\u65e0\u6cd5\u8bc6\u522b DApp \u7279\u6709\u7684\u6545\u969c\u6a21\u5f0f\uff0c\u4f8b\u5982\u672a\u7ecf\u6388\u6743\u7684\u52a0\u5bc6\u8d27\u5e01\u8f6c\u79fb\u3002\u4e3a\u4e86\u586b\u8865\u8fd9\u4e00\u7a7a\u767d\uff0c\u7814\u7a76\u4eba\u5458\u63a2\u7d22\u4e86\u8bf8\u5982\u7a81\u53d8\u6d4b\u8bd5\u4e4b\u7c7b\u7684\u6280\u672f\uff0c\u5c3d\u7ba1\u8fd9\u4e9b\u65b9\u6cd5\u5f80\u5f80\u56e0\u5176\u8017\u65f6\u6027\u8d28\u800c\u4e0d\u5207\u5b9e\u9645\u3002\u672c\u6587\u9996\u6b21\u5bf9 DApp \u7684\u6545\u969c\u5b9a\u4f4d\u8fdb\u884c\u4e86\u6df1\u5165\u7814\u7a76\u3002\u6211\u4eec\u4ecb\u7ecd\u4e86 DAppFL\uff0c\u8fd9\u662f\u4e00\u79cd\u57fa\u4e8e\u5b66\u4e60\u7684\u5de5\u5177\uff0c\u901a\u8fc7\u9006\u5411\u5de5\u7a0b\u6355\u83b7\u6267\u884c\u7684\u6e90\u4ee3\u7801\u5e76\u8ddf\u8e2a\u52a0\u5bc6\u8d27\u5e01\u6d41\uff0c\u5e2e\u52a9\u51c6\u786e\u5b9a\u4f4d\u6545\u969c\u51fd\u6570\u3002\u6b64\u5916\uff0c\u6211\u4eec\u8fd8\u5f15\u5165\u4e86\u4e00\u4e2a\u7528\u4e8e DApp \u6545\u969c\u5b9a\u4f4d\u7684\u57fa\u51c6\u6570\u636e\u96c6\uff0c\u589e\u5f3a\u4e86\u8fd9\u4e00\u5173\u952e\u9886\u57df\u7684\u7814\u7a76\u3002\u5b9e\u9a8c\u7ed3\u679c\u8868\u660e\uff0cDAppFL \u5728 Top-5 \u6545\u969c\u5b9a\u4f4d\u7387\u8fbe\u5230\u4e86 63%\uff0c\u6bd4\u5f53\u524d\u6700\u5148\u8fdb\u7684\u65b9\u6cd5\u63d0\u9ad8\u4e86 23%\u3002<\/p>\n\n\n\n

\u6587\u7ae0\u6765\u6e90\uff1ahttps:\/\/mp.weixin.qq.com\/s\/Uja3LRLifymn9qWKT0S6qw<\/p>\n","protected":false},"excerpt":{"rendered":"

Conference\uff1aACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) Location:Vienna, Austria Conference time\uff1aMon 16 – Fri 20 September 2024 Website:https:\/\/2024.issta.org\/track\/issta-2024-papers#event-overview 1\u3001To … \u7ee7\u7eed\u9605\u8bfb →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-206","post","type-post","status-publish","format-standard","hentry","category-blockchain"],"_links":{"self":[{"href":"https:\/\/www.ndnlab.com\/index.php?rest_route=\/wp\/v2\/posts\/206","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ndnlab.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ndnlab.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ndnlab.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ndnlab.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=206"}],"version-history":[{"count":3,"href":"https:\/\/www.ndnlab.com\/index.php?rest_route=\/wp\/v2\/posts\/206\/revisions"}],"predecessor-version":[{"id":233,"href":"https:\/\/www.ndnlab.com\/index.php?rest_route=\/wp\/v2\/posts\/206\/revisions\/233"}],"wp:attachment":[{"href":"https:\/\/www.ndnlab.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=206"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ndnlab.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=206"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ndnlab.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=206"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}