Testing smart contracts
Date
2020-03
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Stellenbosch : Stellenbosch University.
Abstract
ENGLISH ABSTRACT: There have been several high-profile exploits of smart contracts running on the
Ethereum Virtual Machine (EVM) over the last few years since the release of Ethereum. Many of these exploits were introduced via programmer error and
could be avoided by proper auditing beforehand. Security analysis tooling has
advanced in this space to aid developers and auditors to automatically find these exploits and in some cases generate test input that can recreate the
exploit. In this work, we review the most critical vulnerabilities currently
present in the EVM ecosystem and provide best practices and forms of
prevention. Taxonomies (new and existing) are presented to categorise the
type of smart contract exploits present at the application layer and compare
them to similar exploits in imperative programs. Automated testing tools are
investigated and extended in areas where they may struggle to detect certain
vulnerabilities and to synthesise adversarial smart contracts. Lastly, some of
the most popular and actively developed automated testing tools are
catalogued, evaluated, and benchmarked.
Description
Thesis (MSc)--Stellenbosch University, 2020.
Keywords
Smart contracts -- Auditing, Security analysis, Exploitation, Fuzzy expert systems, Ethereum, UCTD