Affiliation:
1. Department of Computer Science and Engineering, The University of Texas at Arlington, USA
2. National Institute of Standards and Technology, USA
Abstract
Symbolic execution of smart contracts suffers from sequence explosion. Some existing tools limit the sequence length, thus being unable to adequately evaluate some functions. In this paper, we propose a symbolic execution approach without limiting the sequence length. In our approach, the symbolic execution process is a two-phase model that maximizes code coverage while reducing the number of sequences to be executed. The first phase executes all sequences up to a length limit to identify the not-fully covered functions while the second attempts to cover these functions according to state evaluation and a function graph structure. We have developed a tool called SmartExecutor and conducted an experimental evaluation on the SGUARD dataset. The experimental results indicate that compared with state-of-the-art tools, SmartExecutor achieves higher code coverage with less time. It also detects more vulnerabilities than Mythril, a state-of-the-art symbolic execution tool.
Publisher
Association for Computing Machinery (ACM)
Reference39 articles.
1. SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses
2. ConsenSys. 2015. ConsenSys is a market-leading blockchain technology company. https://consensys.net/about/ Last accessed 20 November 2023.
3. contractAnalysis. 2023. Case studies on Mpro. https://github.com/contractAnalysis/smartExecutor_exp_data/tree/smartExecutor_paper/mpro_case_study.
4. contractAnalysis. 2023. SmartExecutor. https://github.com/contractAnalysis/smartExecutor.
5. contractAnalysis. 2023. SmartExecutor experiment data preparation. https://github.com/contractAnalysis/smartExecutor_exp_data.