Open Access
ARTICLE
Smart Contract Fuzzing Based on Taint Analysis and Genetic Algorithms
Zaoyu Wei1,*, Jiaqi Wang2, Xueqi Shen1, Qun Luo1
1 School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, 100876, China
2 College of New Media, Beijing Institute of Graphic Communication, Beijing, 102600, China
* Corresponding Author: Zaoyu Wei. Email:
Journal of Information Hiding and Privacy Protection 2020, 2(1), 35-45. https://doi.org/10.32604/jihpp.2020.010331
Received 24 May 2020; Accepted 30 June 2020; Issue published 15 October 2020
Abstract
Smart contract has greatly improved the services and capabilities of
blockchain, but it has become the weakest link of blockchain security because of
its code nature. Therefore, efficient vulnerability detection of smart contract is the
key to ensure the security of blockchain system. Oriented to Ethereum smart
contract, the study solves the problems of redundant input and low coverage in the
smart contract fuzz. In this paper, a taint analysis method based on EVM is
proposed to reduce the invalid input, a dangerous operation database is designed
to identify the dangerous input, and genetic algorithm is used to optimize the code
coverage of the input, which construct the fuzzing framework for smart contract
together. Finally, by comparing Oyente and ContractFuzzer, the performance and
efficiency of the framework are proved.
Keywords
Cite This Article
Z. Wei, J. Wang, X. Shen and Q. Luo, "Smart contract fuzzing based on taint analysis and genetic algorithms,"
Journal of Information Hiding and Privacy Protection, vol. 2, no.1, pp. 35–45, 2020. https://doi.org/10.32604/jihpp.2020.010331