This project implements a fuzz testing method for detecting manipulation risk in token smart contracts. There are four common kinds of manipulation risk which could be detected by our project: Compatibility,Preallocation,Authority Management and Freezing Backdoor.
The main idea and related details is in the research paper: TokenAuditor: Detecting Manipulation Risk in Token Smart Contract by Fuzzing, which is accepted in QRS'23.
The project needs prepared work to make it run correctly.
The dependency frameworks of this project are as follows:
- Ganache - A tool for creating a local blockchain for fast Ethereum development, please refer to the guide for installation and usage, our project requrie the version is newer than 7.2.0
- Web3.py - A Python library for interacting with Ethereum. You can install it with pip and requirements.txt
In addition, there are other dependency packages that need to be installed. If your python version is 3.9.12, you can install them directly by executing the following command:
pip install -r requirements.txt
If you are using another python version, please modify the requirements.txt to make it compatible.
For this project, the contract under test should be processed before running. The ABI, Creation Bytecode, Constructor Parameter of the cotract is necessary for running. The solity source code is not necessary. You can refer to the format in contracts/ folder.
As for our paper, we use the dataset awesome-buggy-erc20-tokens for evaluation, and this dataset could be also helpful for you!
After completing the preparations, use the following command for quick start!
python main.py
When the comman shows Finished! Please check in result/ folder!
, you can check the detection result in that folder, and the name of contract is example.
Our project provides parameter settings for better use, a complete example of the command is as follows:
python main.py -c example -l 3600 -b 10 -e 50
The meanings of the command parameters are shown below:
-c:
set contracts under the fuzzing test,example
means the file name is "example". If you want to test multiple contracts, separate them with commas. (example1,example2,example3
)-l:
set the executing limit time, the unit is seconds.3600
means the program will stop after 3600s.-b:
set the number of generating test samples per epoch,10
means each epoch generate 10 test samples for test.-e:
set the executing epoch.
If you find problem(s) in this repo, please make issues.
If you want to contribute to this repo, please fork and create a new pull request.
The commit style should follow the following convention:
[!TYPE:] message
The [!TYPE:] includes the following types:
- !F: create new function
- !B: bug fix
- !D: update about the document
- !S: change code style or fix typo
- !R: refactor the code
- !O: optimize the performance
- !T: add test
- !C: chores of update the dependency
- !A: archive related files
Example:
!D: configuring the git style
This example means this commit [!D:] is about update a document and the commit is used for configuring git style.
If this work is helpful for you, thanks for your citation.
@inproceedings{QRS22CaoTA,
author = {Mingpei Cao and
Yueze Zhang and
Zhenxuan Feng and
Jiahao Hu and
Yuesheng Zhu},
title = {TokenAuditor: Detecting Manipulation Risk in Token Smart Contract by Fuzzing},
booktitle = {Proceeding of the 22nd {IEEE} International Conference on Software Quality, Reliability
and Security (QRS'22), Guangzhou, China, December 5-9, 2022},
pages = {651--662},
publisher = {{IEEE}},
year = {2022},
url = {https://doi.org/10.1109/QRS57517.2022.00071},
doi = {10.1109/QRS57517.2022.00071},
}