Ethereum Smart Contract Fuzz Testing Service for Security Vulnerability Detection
Project: Research
Researcher(s)
Description
The objective of this project is to develop a next-generation fuzz testing for smart contracts in blockchain application development as a measure to precisely detect security vulnerability in smart contract code.We plan to develop an innovative and automated testing service to expose and record security vulnerability issues exposed on the submitted code. The testing service will be equipped with precise and next-generation test oracles and compact test scenarios representations which cannot be found in the market.Standard test environment for testing smart contracts will be used as the basis. On top of this basis, we will develop advanced modules for profiling execution and oracle check mechanism in testnet and Ethereum virtual machine, and a fuzz test data generation module that is aware of untested interactions among smart contracts to realize advanced vulnerability testing ability. The testing service will deliver to user a test report, which includes an encoding of the test scenarios that expose the security vulnerability issues. A test scenario visualization model will be developed for ease of user to interrupt the test report. The process from smart contract submission, through the whole process of fuzz testing, to test report delivery will be automated without human intervention.The testing service will support users to fuzz test their smart code without professional knowledge, at any time and without upfront investment in the software testing infrastructure, thereby enabling companies and individuals to make invention on top of smart contract code for their business. The testing service could help to alleviate the shortage of qualified professionals to develop smart contracts by offloading their fuzz testing tasks to the present testing service to assure their code. The infrastructure of the testing service can provide a reference to other local companies to set up their software development infrastructure services to gain competitiveness.Detail(s)
Project number | 9440226 |
---|---|
Grant type | ITF |
Status | Finished |
Effective start/end date | 1/08/19 → 31/07/21 |