運用資料相依性引導組合式去中心化金融協議模糊測試

Abstract

在自動化軟體測試領域中，模糊測試已成為最普遍的工具之一。相較於在分析傳統程式上的巨大成功，模糊測試在處理涉及多個合約的 DeFi 協議時卻表現不佳。除此之外，以往的智能合約模糊測試工具所使用的測試預言機只能偵測到底層的漏洞，如整數溢出、重入攻擊等。對於價格操控攻擊等較為高階的漏洞則難以偵測。

在本論文中，我們提出了可以偵測 DeFi 協議漏洞的模糊測試工具。為了解決因為過多潛在合約而造成的可組合性問題，我們基於資料相依性評分系統，優先考慮具有 SLOAD/SSTORE 指令對的合約。為了偵測在組合式 DeFi 協議中更為常見的高階漏洞，我們使用基於交易的分析工具作為測試預言機。最終，我們的模糊測試工具成功在過去五次的價格操縱攻擊中成功檢測出了四次。

Fuzzing has become the most widely used tool in the area of automated software testing. Different from the huge success in testing traditional programs, fuzzing tools struggle to handle the composability of DeFi protocols that involves multiple contracts. Also, the testing oracles used by smart contract fuzzers can only detect low-level bugs such as integer overflow or reentrancy vulnerabilities, which would fail to find high-level bugs like price manipulation attacks.

In this work, we propose a fuzzing tool that can find bugs in DeFi protocols. To handle the composability issue that too many potential contracts can be chosen, we introduce a data-dependency scoring system that prefers contracts with SLOAD/SSTORE pairs. To detect high-level bugs that are more common in composable DeFi protocols, we leverage transaction-based analysis tools as the testing oracle. As a result, our fuzzing tool can detect 4 out of 5 past attacks of price manipulation.