TokenAuditor: Detecting Manipulation Risk in Token Smart Contract by Fuzzing

【Author】 Cao, Mingpei; Zhang, Yueze; Feng, Zhenxuan; Hu, Jiahao; Zhu, Yuesheng

【Source】2022 IEEE 22ND INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY, QRS

【影响因子】

【Abstract】Decentralized cryptocurrencies are influential smart contract applications in the blockchain, drawing interest from industry and academia. The capacity to govern and manage token behavior provided by the token smart contract adds to thriving decentralized applications. However, token smart contracts face security challenges in technology weakness and manipulation risks. In this work, we briefly describe the manipulation risk and propose TokenAuditor, a fuzzing framework detecting those risks in token smart contracts. TokenAuditor constructs basic blocks based on the contract bytecodes and adopts the rarity selection and mutation strategy to generate test cases. The main idea is to select the test cases that have hit rare basic blocks since the fuzzing started as candidates and perform mutation operations on them. In our evaluation, TokenAudiotr discovered 664 manipulation risks of four types in 4021 real-world token contracts.

【Keywords】Fuzzing; manipulation risk; smart contract security; rarity selection; blockchain

【发表时间】2022

【收录时间】2023-06-03

【文献类型】理论模型

【主题类别】

区块链治理-技术治理-智能合约漏洞检测