With the rapid development of blockchain technology, smart contracts, as its core component, are widely used in various fields. However, with the increase in the number and complexity of smart contracts, their security has become a key issue. Currently, fuzzy testing is the mainstream dynamic security testing technique in the field of Ethereum smart contracts, generating a large number of test cases and executing them to discover vulnerabilities. However, due to the difficulty in covering the deep branching code of smart contracts, vulnerability detection is not comprehensive enough. In order to solve the problem of the difficulty of deep branch code coverage of smart contracts, this paper proposes a fuzzy testing method for smart contracts based on MDP and simulated annealing algorithm, i.e., VMFUZZ. This method first models the execution process of smart contracts as MDP, and then combines with the simulated annealing algorithm to generate the transaction sequences that are prone to triggering vulnerabilities in order to comprehensively cover the execution situation of the contract. Finally, a large number of new test cases are generated through fuzzy testing to detect vulnerabilities. The experimental results show that VMFUZZ is improved in code coverage compared to ILF and has a higher detection rate in vulnerability detection capability.
|