運用資料相依性引導組合式去中心化金融協議模糊測試

謝立峋; Li-Hsun Hsieh

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/96325

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	蕭旭君	zh_TW
dc.contributor.advisor	Hsu-Chun Hsiao	en
dc.contributor.author	謝立峋	zh_TW
dc.contributor.author	Li-Hsun Hsieh	en
dc.date.accessioned	2024-12-24T16:21:43Z	-
dc.date.available	2024-12-25	-
dc.date.copyright	2024-12-24	-
dc.date.issued	2024	-
dc.date.submitted	2024-11-29	-
dc.identifier.citation	[1] C. Aschermann, S. Schumilo, T. Blazytko, R. Gawlik, and T. Holz. Redqueen: Fuzzing with input-to-state correspondence. In NDSS, volume 19, pages 1–15, 2019. [2] M. Böhme, L. Szekeres, and J. Metzman. On the reliability of coverage-based fuzzer benchmarking. In Proceedings of the 44th International Conference on Software Engineering, ICSE ’22, page 1621–1633, New York, NY, USA, 2022. Association for Computing Machinery. [3] C. Cadar, D. Dunbar, D. R. Engler, et al. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI, volume 8, pages 209–224, 2008. [4] C. Cadar and K. Sen. Symbolic execution for software testing: three decades later. Communications of the ACM, 56(2):82–90, 2013. [5] T. Chen, Z. Li, H. Zhou, J. Chen, X. Luo, X. Li, and X. Zhang. Towards saving money in using smart contracts. In Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results, pages 81–84, 2018. [6] J. Feist, G. Grieco, and A. Groce. Slither: a static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pages 8–15. IEEE, 2019. [7] J. F. Ferreira, P. Cruz, T. Durieux, and R. Abreu. Smartbugs: A framework to analyze solidity smart contracts. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering, pages 1349–1352, 2020. [8] G. Grieco, W. Song, A. Cygan, J. Feist, and A. Groce. Echidna: effective, usable, and fast fuzzing for smart contracts. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 557–560, 2020. [9] A. Herrera, H. Gunadi, S. Magrath, M. Norrish, M. Payer, and A. L. Hosking. Seed selection for successful fuzzing. In Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2021, page 230–243, New York, NY, USA, 2021. Association for Computing Machinery. [10] B. Jiang, Y. Liu, and W. K. Chan. Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pages 259–269, 2018. [11] J. Li, B. Zhao, and C. Zhang. Fuzzing: a survey. Cybersecurity, 1(1):1–13, 2018. [12] L. Luu, D.-H. Chu, H. Olickel, P. Saxena, and A. Hobor. Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pages 254–269, 2016. [13] M. Mossberg, F. Manzano, E. Hennenfent, A. Groce, G. Grieco, J. Feist, T. Brunson, and A. Dinaburg. Manticore: A user-friendly symbolic execution framework for binaries and smart contracts. In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 1186–1189. IEEE, 2019. [14] T. D. Nguyen, L. H. Pham, J. Sun, Y. Lin, and Q. T. Minh. sfuzz: An efficient adaptive fuzzer for solidity smart contracts. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, pages 778–788, 2020. [15] I. Nikolić, A. Kolluri, I. Sergey, P. Saxena, and A. Hobor. Finding the greedy, prodigal, and suicidal contracts at scale. In Proceedings of the 34th annual computer security applications conference, pages 653–663, 2018. [16] Y. Smaragdakis, N. Grech, S. Lagouvardos, K. Triantafyllou, and I. Tsatiris. Symbolic value-flow static analysis: deep, precise, complete modeling of ethereum smart contracts. Proceedings of the ACM on Programming Languages, 5(OOPSLA):1–30, 2021. [17] S. So, S. Hong, and H. Oh. {SmarTest}: Effectively hunting vulnerable transaction sequences in smart contracts through language {Model-Guided} symbolic execution. In 30th USENIX Security Symposium (USENIX Security 21), pages 1361–1378, 2021. [18] Technical ẅhitepaperf̈or afl-fuzz. https://lcamtuf.coredump.cx/afl/ technical_details.txt. Accessed: 2023-07-20. [19] C. F. Torres, A. K. Iannillo, A. Gervais, and R. State. Confuzzius: A data dependency-aware hybrid fuzzer for smart contracts. In 2021 IEEE European Symposium on Security and Privacy (EuroS&P), pages 103–119. IEEE, 2021. [20] C. F. Torres, M. Steichen, et al. The art of the scam: Demystifying honeypots in ethereum smart contracts. In 28th USENIX Security Symposium (USENIX Security 19), pages 1591–1607, 2019. [21] Understanding the dao attack. https://www.coindesk.com/learn/ understanding-the-dao-attack/. Accessed: 2023-07-21. [22] Uniswap. https://uniswap.org/. Accessed: 2023-06-30. [23] B. Wang, H. Liu, C. Liu, Z. Yang, Q. Ren, H. Zheng, and H. Lei. Blockeye: Hunting for defi attacks on blockchain. In 2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), pages 17–20. IEEE, 2021. [24] J. Wang, Y. Duan, W. Song, H. Yin, and C. Song. Be sensitive and collaborative: Analyzing impact of coverage metrics in greybox fuzzing. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), pages 1–15, Chaoyang District, Beijing, Sept. 2019. USENIX Association. [25] S.-H. Wang, C.-C. Wu, Y.-C. Liang, L.-H. Hsieh, and H.-C. Hsiao. Promutator: Detecting vulnerable price oracles in defi by mutated transactions. In 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 380–385. IEEE, 2021. [26] G. Wood et al. Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper, 151(2014):1–32, 2014. [27] C.-C. Wu. Detecting compositional defi attacks using context-aware analysis on mutated smart contracts. Master’s thesis, National Taiwan University, 2023. [28] V. Wüstholz and M. Christakis. Harvey: A greybox fuzzer for smart contracts. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pages 1398–1409, 2020. [29] V. Wüstholz and M. Christakis. Targeted greybox fuzzing with static lookahead analysis. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, pages 789–800, 2020. [30] J. Xu, K. Paruch, S. Cousaert, and Y. Feng. SoK: Decentralized exchanges (DEX) with automated market maker (AMM) protocols. ACM Computing Surveys, 55(11):1–50, feb 2023. [31] Q. Zhang, Y. Wang, J. Li, and S. Ma. Ethploit: From fuzzing to efficient exploit generation against smart contracts. In 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER), pages 116–126. IEEE, 2020.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/96325	-
dc.description.abstract	在自動化軟體測試領域中，模糊測試已成為最普遍的工具之一。相較於在分析傳統程式上的巨大成功，模糊測試在處理涉及多個合約的 DeFi 協議時卻表現不佳。除此之外，以往的智能合約模糊測試工具所使用的測試預言機只能偵測到底層的漏洞，如整數溢出、重入攻擊等。對於價格操控攻擊等較為高階的漏洞則難以偵測。在本論文中，我們提出了可以偵測 DeFi 協議漏洞的模糊測試工具。為了解決因為過多潛在合約而造成的可組合性問題，我們基於資料相依性評分系統，優先考慮具有 SLOAD/SSTORE 指令對的合約。為了偵測在組合式 DeFi 協議中更為常見的高階漏洞，我們使用基於交易的分析工具作為測試預言機。最終，我們的模糊測試工具成功在過去五次的價格操縱攻擊中成功檢測出了四次。	zh_TW
dc.description.abstract	Fuzzing has become the most widely used tool in the area of automated software testing. Different from the huge success in testing traditional programs, fuzzing tools struggle to handle the composability of DeFi protocols that involves multiple contracts. Also, the testing oracles used by smart contract fuzzers can only detect low-level bugs such as integer overflow or reentrancy vulnerabilities, which would fail to find high-level bugs like price manipulation attacks. In this work, we propose a fuzzing tool that can find bugs in DeFi protocols. To handle the composability issue that too many potential contracts can be chosen, we introduce a data-dependency scoring system that prefers contracts with SLOAD/SSTORE pairs. To detect high-level bugs that are more common in composable DeFi protocols, we leverage transaction-based analysis tools as the testing oracle. As a result, our fuzzing tool can detect 4 out of 5 past attacks of price manipulation.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2024-12-24T16:21:43Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2024-12-24T16:21:43Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	誌謝 i 摘要 iii Abstract v Contents vii List of Figures xi List of Tables xiii Chapter 1 Introduction 1 Chapter 2 Background 3 2.1 Smart Contract 3 2.2 Ethereum Virtual Machine 3 2.3 Price Manipulation Attack 4 2.4 Fuzzing 4 2.5 Testing Oracle 5 Chapter 3 Motivation 7 3.1 A Toy Case of Compositional Attack 7 3.2 Challenge: Composability and Scalability 9 3.3 Challenge: Testing Oracle Problem 10 3.4 Our Idea: Guide Fuzzing with Data-dependency 11 3.5 Our Idea: Transaction-based Tools as the Testing Oracle 11 Chapter 4 Design 13 4.1 Architecture 13 4.2 Fuzzing Engine 14 4.2.1 Mutation 14 4.2.2 The Data-dependency Scoring System 15 4.3 Testing Oracle 16 4.4 Initial Seeds and the Parameter Pool 16 4.5 Format of Test Cases 17 4.6 Instrumented EVM 17 4.6.1 Execution Trace 18 4.6.2 Initial Ethers 18 4.6.3 Initial Tokens 18 Chapter 5 Evaluation 19 5.1 Effectiveness of Fuzzing 19 5.2 Effectiveness of Data-dependency 20 Chapter 6 Related Work 23 6.1 Static Analyzers 23 6.2 Symbolic Execution Tools 24 6.3 Fuzzers 24 Chapter 7 Discussion 27 7.1 Other Testing Oracles 27 7.2 Detecting On-chain Vulnerabilities 27 7.3 Metamorphic Testing 28 7.4 Exploitability Assessment 28 Chapter 8 Conclusions 29 References 31	-
dc.language.iso	en	-
dc.subject	去中心化金融安全	zh_TW
dc.subject	智能合約安全	zh_TW
dc.subject	模糊測試	zh_TW
dc.subject	DeFi Security	en
dc.subject	Fuzzing	en
dc.subject	Smart Contract Security	en
dc.title	運用資料相依性引導組合式去中心化金融協議模糊測試	zh_TW
dc.title	Data Dependency-Guided Fuzzing for Composable DeFi Protocols	en
dc.type	Thesis	-
dc.date.schoolyear	113-1	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	黃俊穎;黃世昆	zh_TW
dc.contributor.oralexamcommittee	Chun-Ying Huang;Shih-Kun Huang	en
dc.subject.keyword	模糊測試,智能合約安全,去中心化金融安全,	zh_TW
dc.subject.keyword	Fuzzing,Smart Contract Security,DeFi Security,	en
dc.relation.page	35	-
dc.identifier.doi	10.6342/NTU202404610	-
dc.rights.note	同意授權(限校園內公開)	-
dc.date.accepted	2024-11-29	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	資訊工程學系	-
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
ntu-113-1.pdf 授權僅限NTU校內IP使用（校園外請利用VPN校外連線服務）	2.95 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。