Smart contract reentrancy vulnerability detection method based on manifold pigeon optimization algorithm

被引:0
作者
Liu F. [1 ]
Huang H. [1 ]
Xiang Y. [1 ]
Hao Z. [2 ,3 ]
机构
[1] School of Software Engineering, South China University of Technology, Guangzhou
[2] School of Computer, Shantou University, Shantou
[3] School of Computer, Guangdong University of Technology, Guangzhou
来源
Zhongguo Kexue Jishu Kexue/Scientia Sinica Technologica | 2023年 / 53卷 / 11期
关键词
automated test case generation; path coverage; pigeon-inspired optimization algorithm; reentrancy vulnerability detection; smart contract;
D O I
10.1360/SST-2021-0365
中图分类号
学科分类号
摘要
Reentrancy vulnerability commonly exists in smart contracts and results in serious economic losses. The existing symbolic execution-based static analyzing tools detect the reentrancy vulnerability by evaluating the default rules. However, the incompleteness of the default rules can lead to false positive judgments. We attempt to solve this problem from the perspective of test case generation based on dynamic execution. In this paper, the application scenario is abstracted as a mathematical model of the automated test case generation for path coverage (ATCG-PC) with reentrancy loop paths. The reentrancy vulnerability can be detected by executing the test cases of the reentrancy loop paths. The swarm intelligence algorithm represented by the pigeon optimization algorithm is a common method for solving the black-box optimization problem. The pigeon-inspired optimization algorithm searches in the neighbor of the population optimal solution; however, the optimal solution of the large-scale black-box optimization problem may not be in this neighbor. An improved pigeon-inspired optimization algorithm is proposed herein to improve the path coverage rate of the pigeon-inspired optimization algorithm for the ATCG-PC. The proposed algorithm allocates more computational resources to the subspace related to the target path, consequently improving the effectiveness of the pigeon-inspired optimization algorithm. It helps the pigeon-inspired optimization algorithm to cover the reentrancy loop path. The experimental results show that the improved pigeon-inspired optimization algorithm can effectively generate path coverage test cases in different smart contracts. The proposed method can also find all possible paths and accurately detect the reentrancy vulnerabilities when other tools (i.e., Oyente, Securify, and Smartcheck) make false positive judgments in the eight selected benchmarks. The recognition accuracy of the reentrancy vulnerabilities is improved by 12.5%, 12.5%, and 25%. © 2023 Chinese Academy of Sciences. All rights reserved.
引用
收藏
页码:1922 / 1938
页数:16
相关论文
共 48 条
[1]  
Nakamoto S., Bitcoin: A peer-to-peer electronic cash system, (2019)
[2]  
Li H Y, Baoyin H X., Sequence optimization for multiple asteroids rendezvous via cluster analysis and probability-based beam search, Sci China Tech Sci, 64, pp. 122-130, (2021)
[3]  
Li R, Song T, Mei B, Et al., Blockchain for large-scale internet of things data storage and protection, IEEE Trans Serv Comput, 12, pp. 762-771, (2018)
[4]  
Xu Q, Dai P C, Wang L, Et al., Distributed consensus-based algorithm for social welfare in smart grid with transmission losses, Sci China Tech Sci, 63, pp. 44-54, (2020)
[5]  
Christidis K, Devetsikiotis M., Blockchains and smart contracts for the internet of things, IEEE Access, 4, pp. 2292-2303, (2016)
[6]  
Zheng P, Zheng Z, Luo X, Et al., A detailed and real-time performance monitoring framework for Blockchain systems, 2018 IEEE/ACM 40th International Conference on Software Engineering: Software Engineering in Practice Track (ICSE-SEIP), pp. 134-143, (2018)
[7]  
Nikolic I, Kolluri A, Sergey I, Et al., Finding the greedy, prodigal, and suicidal contracts at scale, Proceedings of the 34th Annual Computer Security Applications Conference, pp. 653-663, (2018)
[8]  
Luu L, Chu D H, Olickel H, Et al., Making smart contracts smarter, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254-269, (2016)
[9]  
Chen W, Zheng Z, Cui J, Et al., Detecting Ponzi schemes on Ethereum: Towards healthier Blockchain technology, Proceedings of the 2018 World Wide Web Conference, pp. 1409-1418, (2018)
[10]  
Jiang B, Liu Y, Chan W K., ContractFuzzer: Fuzzing smart contracts for vulnerability detection, Proceedings of the 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 259-269, (2018)
12345