Despite the rapid growth of smart contracts, they are suffering numerous security vulnerabilities due to the absence of reliable development and testing. In this article, we apply the metamorphic testing technique to detect smart contract vulnerabilities. Based on the anomalies we observed in vulnerable smart contracts, we define five metamorphic relations to detect abnormal gas consumption and account interaction inconsistency of the target smart contract. Through dynamically executing transactions and checking the final violation of metamorphic relations, we determine whether a smart contract is vulnerable. We evaluate our approach on a benchmark of 67 manually annotated smart contracts. The experimental results show that our approach achieves a higher detection rate (TPR, true positive rate) with a lower misreport rate (FDR, false discovery rate) than the other three state-of-the-art tools. These results further suggest that metamorphic testing is a promising method for detecting smart contract vulnerabilities.
翻译:尽管智能合同迅速增长,但由于缺乏可靠的发展和测试,它们仍面临许多安全弱点。在本条中,我们运用变形测试技术来发现智能合同弱点。根据我们在脆弱智能合同中观察到的异常,我们定义了五个变形关系,以发现异常气体消耗和账户互动情况与目标智能合同不一致的情况。通过动态执行交易和检查最终违反变形关系的情况,我们确定智能合同是否脆弱。我们评估了67项人工智能合同的基准,即附加说明的智能合同。实验结果显示,我们的方法实现了更高的检测率(TR,真实正率),报告率(FDR,假发现率)低于其他三种最先进的工具。这些结果进一步表明,变形测试是发现智能合同脆弱性的有希望的方法。</s>