Mutation Testing for Integer Overflow in Ethereum Smart Contracts

作     者：Jinlei Sun Song Huang Changyou Zheng Tingyong Wang Cheng Zong Zhanwei Hui Jinlei Sun;Song Huang;Changyou Zheng;Tingyong Wang;Cheng Zong;Zhanwei Hui

作者机构：Command&Control Engineering CollegeArmy Engineering University of PLANanjing 210000China Institute of Evaluation and Assessment ResearchAcademy of Military ScienceBeijing 100091China 

出 版 物：《Tsinghua Science and Technology》 (清华大学学报（自然科学版（英文版）)

年 卷 期：2022年第27卷第1期

页      面：27-40页

核心收录：

学科分类：12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 

基　　金：supported by National Key R&D Program of China(No.2018YFB1403400) the National Natural Science Foundation of China(No.61702544) Natural Science Foundation of Jiangsu Province,China(Nos.BK20160769 and BK20141072) China Postdoctoral Science Foundation(No.2016M603031) 

主　　题：blockchain Ethereum Smart Contracts(ESCs) integer overflow mutation testing 

摘      要：Integer overflow is a common vulnerability in Ethereum Smart Contracts(ESCs)and often causes huge economic *** contracts cannot be changed once it is deployed on the blockchain and thus demand further *** testing is a fault-based testing method that can effectively improve the sufficiency of a test for smart ***,existing methods cannot efficiently perform mutation testing specifically for integer overflow in ***,by analyzing integer overflow in ESCs,we propose five special mutation operators to address such vulnerability in terms of detecting sufficiency in ESC *** empirical study on 40 open-source ESCs is conducted to evaluate the effectiveness of the proposed mutation *** show that(1)our proposed mutation operators can reproduce all 179 integer overflow vulnerabilities in 40 smart contracts,and the generated mutants have high compilation pass rate and integer overflow vulnerability generation rate;moreover,(2)the generated mutants can find the shortcomings of existing testing methods for integer overflow vulnerability,thereby providing effective support to improve the sufficiency of the test.