Automated Generation of Test Cases for Smart Contract Security Analyzers
We address the absence of reliable tests on contract analyzers of smart contracts and present a systematic method to diversify test cases by combining smart-contract-specific bugs and static analysis barriers in this paper. Using contract analyzers is the most practical solution for building a secur...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2020-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9268135/ |
| id |
doaj-78c433d7ea3e4dfaa1bf44f919194d7c |
|---|---|
| record_format |
Article |
| spelling |
doaj-78c433d7ea3e4dfaa1bf44f919194d7c2021-03-30T04:31:55ZengIEEEIEEE Access2169-35362020-01-01820937720939210.1109/ACCESS.2020.30399909268135Automated Generation of Test Cases for Smart Contract Security AnalyzersKi Byung Kim0https://orcid.org/0000-0001-8527-6142Jonghyup Lee1https://orcid.org/0000-0001-8122-3377Department of Mathematical Finance, Gachon University, Seongnam, South KoreaDepartment of Mathematical Finance, Gachon University, Seongnam, South KoreaWe address the absence of reliable tests on contract analyzers of smart contracts and present a systematic method to diversify test cases by combining smart-contract-specific bugs and static analysis barriers in this paper. Using contract analyzers is the most practical solution for building a secure blockchain service, but they are relatively immature and lacking stable performance metrics. Traditionally, performance reports only compare static contract analyzers with pre-defined test cases, such as the Juliet test suite. However, building such test suites is burdensome for smart contracts, which are frequently change. In this paper, we propose an automated method to assess contract analyzers of smart contracts by diversifying test cases. In the experimental results, we identified nine erroneous alarms in the state-of-the-art contract analyzers with automatically generated test cases on five vulnerabilities.https://ieeexplore.ieee.org/document/9268135/Smart contractsstatic analysissecurity auditshoney pots |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Ki Byung Kim Jonghyup Lee |
| spellingShingle |
Ki Byung Kim Jonghyup Lee Automated Generation of Test Cases for Smart Contract Security Analyzers IEEE Access Smart contracts static analysis security audits honey pots |
| author_facet |
Ki Byung Kim Jonghyup Lee |
| author_sort |
Ki Byung Kim |
| title |
Automated Generation of Test Cases for Smart Contract Security Analyzers |
| title_short |
Automated Generation of Test Cases for Smart Contract Security Analyzers |
| title_full |
Automated Generation of Test Cases for Smart Contract Security Analyzers |
| title_fullStr |
Automated Generation of Test Cases for Smart Contract Security Analyzers |
| title_full_unstemmed |
Automated Generation of Test Cases for Smart Contract Security Analyzers |
| title_sort |
automated generation of test cases for smart contract security analyzers |
| publisher |
IEEE |
| series |
IEEE Access |
| issn |
2169-3536 |
| publishDate |
2020-01-01 |
| description |
We address the absence of reliable tests on contract analyzers of smart contracts and present a systematic method to diversify test cases by combining smart-contract-specific bugs and static analysis barriers in this paper. Using contract analyzers is the most practical solution for building a secure blockchain service, but they are relatively immature and lacking stable performance metrics. Traditionally, performance reports only compare static contract analyzers with pre-defined test cases, such as the Juliet test suite. However, building such test suites is burdensome for smart contracts, which are frequently change. In this paper, we propose an automated method to assess contract analyzers of smart contracts by diversifying test cases. In the experimental results, we identified nine erroneous alarms in the state-of-the-art contract analyzers with automatically generated test cases on five vulnerabilities. |
| topic |
Smart contracts static analysis security audits honey pots |
| url |
https://ieeexplore.ieee.org/document/9268135/ |
| work_keys_str_mv |
AT kibyungkim automatedgenerationoftestcasesforsmartcontractsecurityanalyzers AT jonghyuplee automatedgenerationoftestcasesforsmartcontractsecurityanalyzers |
| _version_ |
1724181663157583872 |