{"title":"WASMOD: Detecting vulnerabilities in Wasm smart contracts","authors":"Jianfei Zhou, Ting Chen","doi":"10.1049/blc2.12029","DOIUrl":null,"url":null,"abstract":"<p>Over the past few years, blockchain platforms supporting WebAssembly (Wasm) smart contracts are gaining popularity. However, Wasm smart contracts are often compiled from memory-unsafe languages (e.g. C and C++). And there is a lack of effective defense against integer overflow and stack overflow at the compiler and virtual machine (VM) layers, making Wasm smart contracts even more exploitable than native C and C++ programs. In this paper, the authors propose wasm overflow detector <b>(WASMOD)</b> to address the integer overflow and stack overflow vulnerabilities. The authors’ approach combines bytecode instrumentation, run-time validation, and grey-box fuzzing to detect these vulnerabilities. The authors applied their approach to the popular EOSIO blockchain and evaluated it on 4616 deployed Wasm smart contracts. The authors’ approach detected 13 real-world vulnerable smart contracts.</p>","PeriodicalId":100650,"journal":{"name":"IET Blockchain","volume":"3 4","pages":"172-181"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/blc2.12029","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Blockchain","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/blc2.12029","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Over the past few years, blockchain platforms supporting WebAssembly (Wasm) smart contracts are gaining popularity. However, Wasm smart contracts are often compiled from memory-unsafe languages (e.g. C and C++). And there is a lack of effective defense against integer overflow and stack overflow at the compiler and virtual machine (VM) layers, making Wasm smart contracts even more exploitable than native C and C++ programs. In this paper, the authors propose wasm overflow detector (WASMOD) to address the integer overflow and stack overflow vulnerabilities. The authors’ approach combines bytecode instrumentation, run-time validation, and grey-box fuzzing to detect these vulnerabilities. The authors applied their approach to the popular EOSIO blockchain and evaluated it on 4616 deployed Wasm smart contracts. The authors’ approach detected 13 real-world vulnerable smart contracts.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
