Testing smart contracts
Thesis (MSc)--Stellenbosch University, 2020.
ENGLISH ABSTRACT: There have been several high-profile exploits of smart contracts running on the Ethereum Virtual Machine (EVM) over the last few years since the release of Ethereum. Many of these exploits were introduced via programmer error and could be avoided by proper auditing beforehand. Security analysis tooling has advanced in this space to aid developers and auditors to automatically find these exploits and in some cases generate test input that can recreate the exploit. In this work, we review the most critical vulnerabilities currently present in the EVM ecosystem and provide best practices and forms of prevention. Taxonomies (new and existing) are presented to categorise the type of smart contract exploits present at the application layer and compare them to similar exploits in imperative programs. Automated testing tools are investigated and extended in areas where they may struggle to detect certain vulnerabilities and to synthesise adversarial smart contracts. Lastly, some of the most popular and actively developed automated testing tools are catalogued, evaluated, and benchmarked.