基于交易序列分层变异的EVM模糊测试

以太坊虚拟机是以太坊区块链中关键组成部分, 其缺陷会导致交易的执行结果出现偏差, 给以太坊生态带来严重问题. 现有的以太坊虚拟机缺陷检测工作仅将虚拟机视为独立的智能合约执行工具, 没有完整测试其工作流程, 从而导致缺陷检测存在盲点. 针对上述问题, 提出了一种以太坊虚拟机运行全过程的缺陷检测方法(ETHCOV). ETHCOV首先结合权重策略指导智能合约、合约接口参数输入和交易序列按不同粒度变异, 然后将其与区块状态以及世界状态打包作为测试用例, 最后将测试用例输入到以太坊虚拟机中触发运行并对比检验运行结果, 以此来检测以太坊虚拟机的漏洞缺陷. 基于上述方法实现了一个原型系统, 并以2万多个真实智能合约作为为输入对以太坊虚拟机进行缺陷检测测试. 实验结果表明, 相较于现有工具EVMFuzzer, ETHCOV的测试效率提升了339%, 代码覆盖率提升了125%, 并检测出3组用例的不一致输出. 这些结果表明ETHCOV能有效检测以太坊虚拟机的缺陷.

Fuzzer for EVM Based on Hierarchical Variation of Transaction Sequences

The Ethereum virtual machine (EVM) is a key component of the Ethereum blockchain, and its defects will cause deviations in the execution results of transactions, which will bring serious problems to the Ethereum ecosystem. The existing work on EVM defect detection only treats the virtual machine as an independent smart contract execution tool and does not fully test its workflow, resulting in blind spots in defect detection. To solve the above problems, a defect detection method for the whole process of EVM operation (ETHCOV) is proposed. ETHCOV first combines the weight strategy to guide smart contracts, contract interface parameter inputs, and transaction sequences to vary at different granularities. It then packages them with block state and world state as test cases and finally inputs the test cases into the EVM to trigger the run and compare the test run results, so as to detect the vulnerabilities in the EVM. Based on the above method, a prototype system is implemented and more than 20 000 real smart contracts are tested as input to the EVM for defect detection. Experimental results show that compared with the existing tool EVMFuzzer, ETHCOV improves the test efficiency by 339% and the code coverage by 125%, and the inconsistent output of three sets of test cases is detected. These results show that ETHCOV can effectively detect defects in the EVM.