•  
  •  
 
Tsinghua Science and Technology

Keywords

blockchain, Ethereum Smart Contracts (ESCs), integer overflow, mutation testing

Abstract

Integer overflow is a common vulnerability in Ethereum Smart Contracts (ESCs) and often causes huge economic losses. Smart contracts cannot be changed once it is deployed on the blockchain and thus demand further testing. Mutation testing is a fault-based testing method that can effectively improve the sufficiency of a test for smart contracts. However, existing methods cannot efficiently perform mutation testing specifically for integer overflow in ESCs. Therefore, by analyzing integer overflow in ESCs, we propose five special mutation operators to address such vulnerability in terms of detecting sufficiency in ESC testing. An empirical study on 40 open-source ESCs is conducted to evaluate the effectiveness of the proposed mutation operators. Results show that (1) our proposed mutation operators can reproduce all 179 integer overflow vulnerabilities in 40 smart contracts, and the generated mutants have high compilation pass rate and integer overflow vulnerability generation rate; moreover, (2) the generated mutants can find the shortcomings of existing testing methods for integer overflow vulnerability, thereby providing effective support to improve the sufficiency of the test.

Share

COinS