{"title":"智能合约模糊器的评估框架","authors":"Peixuan Feng, Yongjuan Wang, Siqi Lu, Qingjun Yuan, Gang Yu, Xiangyu Wang, Jianan Liu, Huaiguang Wu","doi":"10.1002/smr.70021","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>With the widespread application of smart contracts in economics and asset management, the security of smart contracts has been widely addressed by academia and industry. Fuzz is an effective technique for vulnerability detection. Several fuzzers are currently available for smart contracts, how to choose the most appropriate tools to test smart contracts is a problem that needs to be solved. To this end, we propose an evaluation framework for a smart contract fuzzers, which sets eight evaluation indicators from five aspects to comprehensively evaluate the usability, transparency, detection ability, branch coverage, and design of oracle of the smart contract fuzzers. In order to verify the scientificity and rationality of the framework, we selected six state-of-the-art (SOTA) smart contract fuzzers for evaluation. By evaluating the usability of six fuzzers, the level of difficulty in using them was verified; by evaluating the transparency of six fuzzers, the usability of the tool's output information during use was verified; the branch coverage and rationality of oracle design of the six fuzzers was validated by evaluating their detection ability on the dataset. The final evaluation results validated the effectiveness of our proposed framework in guiding users to choose smart contract fuzzers.</p>\n </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 4","pages":""},"PeriodicalIF":1.7000,"publicationDate":"2025-04-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Evaluation Framework for Smart Contract Fuzzers\",\"authors\":\"Peixuan Feng, Yongjuan Wang, Siqi Lu, Qingjun Yuan, Gang Yu, Xiangyu Wang, Jianan Liu, Huaiguang Wu\",\"doi\":\"10.1002/smr.70021\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>\\n \\n <p>With the widespread application of smart contracts in economics and asset management, the security of smart contracts has been widely addressed by academia and industry. Fuzz is an effective technique for vulnerability detection. Several fuzzers are currently available for smart contracts, how to choose the most appropriate tools to test smart contracts is a problem that needs to be solved. To this end, we propose an evaluation framework for a smart contract fuzzers, which sets eight evaluation indicators from five aspects to comprehensively evaluate the usability, transparency, detection ability, branch coverage, and design of oracle of the smart contract fuzzers. In order to verify the scientificity and rationality of the framework, we selected six state-of-the-art (SOTA) smart contract fuzzers for evaluation. By evaluating the usability of six fuzzers, the level of difficulty in using them was verified; by evaluating the transparency of six fuzzers, the usability of the tool's output information during use was verified; the branch coverage and rationality of oracle design of the six fuzzers was validated by evaluating their detection ability on the dataset. The final evaluation results validated the effectiveness of our proposed framework in guiding users to choose smart contract fuzzers.</p>\\n </div>\",\"PeriodicalId\":48898,\"journal\":{\"name\":\"Journal of Software-Evolution and Process\",\"volume\":\"37 4\",\"pages\":\"\"},\"PeriodicalIF\":1.7000,\"publicationDate\":\"2025-04-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Software-Evolution and Process\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/smr.70021\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Software-Evolution and Process","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/smr.70021","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
With the widespread application of smart contracts in economics and asset management, the security of smart contracts has been widely addressed by academia and industry. Fuzz is an effective technique for vulnerability detection. Several fuzzers are currently available for smart contracts, how to choose the most appropriate tools to test smart contracts is a problem that needs to be solved. To this end, we propose an evaluation framework for a smart contract fuzzers, which sets eight evaluation indicators from five aspects to comprehensively evaluate the usability, transparency, detection ability, branch coverage, and design of oracle of the smart contract fuzzers. In order to verify the scientificity and rationality of the framework, we selected six state-of-the-art (SOTA) smart contract fuzzers for evaluation. By evaluating the usability of six fuzzers, the level of difficulty in using them was verified; by evaluating the transparency of six fuzzers, the usability of the tool's output information during use was verified; the branch coverage and rationality of oracle design of the six fuzzers was validated by evaluating their detection ability on the dataset. The final evaluation results validated the effectiveness of our proposed framework in guiding users to choose smart contract fuzzers.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
