SoliAudit: Smart Contract Vulnerability Assessment Based on Machine Learning and Fuzz Testing

模糊测试 智能合约 坚固性 计算机科学 计算机安全 利用 黑客 块链 脆弱性(计算) 数据库事务 机器学习 稳健性 审计 人工智能 数据库 操作系统 会计 程序设计语言 软件 业务
作者
Jianwei Liao,Tsung-Ta Tsai,Chia-Kang He,Chin‐Wei Tien
标识
DOI:10.1109/iotsms48152.2019.8939256
摘要

Blockchain has flourished in recent years. As a decentralized system architecture, smart contracts give the blockchain a user-defined logical concept. The smart contract is an executable program that can be used for automatic transactions on the Ethereum blockchain. In 2016, the DAO attack resulted in the theft of 60M USD due to unsafe smart contracts. Smart contracts are vulnerable to hacking because they are difficult to patch and there is a lack of assessment standards for ensuring their quality. Hackers can exploit the vulnerabilities in smart contracts when they have been published on Ethereum. Thus, this study presents SoliAudit (Solidity Audit), which uses machine learning and fuzz testing for smart contract vulnerability assessment. SoliAudit employs machine learning technology using Solidity machine code as learning features to verify 13 kinds of vulnerabilities, which have been listed as Top 10 threats by an open security organization. We also created a gray-box fuzz testing mechanism, which consists of a fuzzer contract and a simulated blockchain environment for on-line transaction verification. Different from previous research systems, SoliAudit can detect vulnerabilities without expert knowledge or predefined patterns. We subjected SoliAudit to real-world evaluation by using near 18k smart contracts from the Ethereum blockchain and Capture-the-Flag samples. The results show that the accuracy of SoliAudit can reach to 90% and the fuzzing can help identify potential weaknesses, including reentrancy and arithmetic overflow problems.

科研通智能强力驱动
Strongly Powered by AbleSci AI
科研通是完全免费的文献互助平台,具备全网最快的应助速度,最高的求助完成率。 对每一个文献求助,科研通都将尽心尽力,给求助人一个满意的交代。
实时播报
2秒前
分析发布了新的文献求助10
3秒前
4秒前
arniu2008应助zby采纳,获得20
4秒前
无极微光应助科研通管家采纳,获得20
4秒前
思源应助从容迎曼采纳,获得10
4秒前
无极微光应助科研通管家采纳,获得20
4秒前
CipherSage应助科研通管家采纳,获得10
4秒前
Copyright应助科研通管家采纳,获得10
4秒前
FashionBoy应助科研通管家采纳,获得10
5秒前
Owen应助科研通管家采纳,获得10
5秒前
今后应助科研通管家采纳,获得10
5秒前
5秒前
Hello应助科研通管家采纳,获得30
5秒前
5秒前
SciGPT应助科研通管家采纳,获得10
5秒前
Ava应助科研通管家采纳,获得10
5秒前
Orange应助xxl采纳,获得10
6秒前
8秒前
姚序东完成签到,获得积分10
9秒前
9秒前
fofo关注了科研通微信公众号
9秒前
jindou完成签到,获得积分10
10秒前
11秒前
11秒前
12秒前
12秒前
搞怪巧克力卷卷心完成签到,获得积分10
12秒前
kxz完成签到 ,获得积分10
14秒前
共享精神应助含蓄的煜城采纳,获得10
15秒前
顺心谷冬完成签到 ,获得积分10
16秒前
leez发布了新的文献求助10
17秒前
小思雅完成签到,获得积分10
18秒前
李佳笑发布了新的文献求助10
18秒前
XYZ发布了新的文献求助10
19秒前
19秒前
之华完成签到,获得积分10
23秒前
23秒前
fofo发布了新的文献求助10
24秒前
瑆姀完成签到,获得积分10
24秒前
高分求助中
Principles of Economics, 11th Edition 10000
University Physics with Modern Physics, 16th edition 10000
(应助此贴封号)【重要!!请各用户(尤其是新用户)详细阅读】【科研通的精品贴汇总】 10000
Development of a Bridge Weigh-In-Motion System: A technology to convert the bridge response to the passage of traffic into data on vehicle configurations, speeds, times of travel and weights 1000
Molecular Mechanisms of Photosynthesis, 4th Edition 1000
Organic Reactions, Volume 116 1000
Current concepts in cutaneous toxicity : proceedings of the Fourth Conference on Cutaneous Toxicity, Washington, D.C., May 9-11, 1979 1000
热门求助领域 (近24小时)
化学 材料科学 医学 生物 纳米技术 工程类 有机化学 化学工程 生物化学 计算机科学 内科学 物理 复合材料 催化作用 细胞生物学 无机化学 光电子学 物理化学 电极 基因
热门帖子
关注 科研通微信公众号,转发送积分 7262045
求助须知:如何正确求助?哪些是违规求助? 8883453
关于积分的说明 18773671
捐赠科研通 6941305
什么是DOI,文献DOI怎么找? 3202400
关于科研通互助平台的介绍 2375640
邀请新用户注册赠送积分活动 2178075