Since the emergence of Ethereum, blockchain-based decentralized applications (DApps) have become increasingly popular and important. To balance the security, performance, and costs, a DApp typically consists of two layers: an on-chain layer to execute transactions and store crucial data on the blockchain and an off-chain layer to interact with users. A DApp needs to synchronize its off-chain layer with the on-chain layer proactively. Otherwise, the inconsistent data in the off-chain layer could mislead users and cause undesirable consequences, e.g., loss of transaction fees. However, transactions sent to the blockchain are not guaranteed to be executed and could even be reversed after execution due to chain reorganization. Such non-determinism in the transaction execution is unique to blockchain. DApp developers may fail to perform the on-chain-off-chain synchronization accurately due to their lack of familiarity with the complex transaction lifecycle. In this work, we investigate the challenges of synchronizing on-chain and off-chain data in Ethereum-based DApps. We present two types of bugs that could result in inconsistencies between the on-chain and off-chain layers. To help detect such on-chain-off-chain synchronization bugs, we introduce a state transition model to guide the testing of DApps and propose two effective oracles to facilitate the automatic identification of bugs. We build the first testing framework, DArcher, to detect on-chain-off-chain synchronization bugs in DApps. We have evaluated DArcher on 11 popular real-world DApps. DArcher achieves high precision (99.3%), recall (87.6%), and accuracy (89.4%) in bug detection and significantly outperforms the baseline methods. It has found 15 real bugs in the 11 DApps. So far, six of the 15 bugs have been confirmed by the developers, and three have been fixed. These promising results demonstrate the usefulness of DArcher.
翻译:自Etheurum的出现以来,基于链链的分散应用(Dapps)变得日益受欢迎和重要。然而,为了平衡安全、业绩和成本,一个Dapp通常由两层组成:一个在链层上执行交易和储存关键数据,一个在链链和离链层上与用户互动。一个Dapp需要使其离链层与链层同步。否则,离链层中的数据不一致可能会误导用户,并造成不良后果,例如,失去交易费用。然而,向链层发送的交易没有保证得到执行,甚至由于链条重组而执行后可能发生逆转。交易执行中的这种非脱节性做法是独特的。Dapps开发者可能由于他们不熟悉复杂的交易生命周期而未能准确完成链链内同步。在这个工作中,我们调查了链链和离链数据同步化的挑战,比如,在Eveyerum的Dapperality 4 中,我们发现有两种类型的错误,在链路段上和达程中,我们有两种不同的标准测试。