Research On Blockchain Smart Contract Testing Approach Based On Metamorphic Testing

Blockchain technology has gone through 14 years of development,gradually developing from the technical experiment stage to the industrial maturity stage.Any user who does not know each other does not need to use any third party or intermediary to reach a consensus in the transaction,and can directly conduct peer-to-peer transactions,data transfer or achieve contract signing through it.With the wide spread of blockchain technology,its software architecture also tends to be more complex,and the security issues that come with it are more important,such as the POW51% attack on the consensus layer,double flower attack,and especially the security risk on the contract layer has become the "hardest hit" area of blockchain security,such as The Dao,BEC vulnerability,EOS vulnerability,etc,EOS vulnerability,etc.The frequent occurrence of vulnerabilities in smart contract security is no accident,and how to solve such problems has become a direction worth studying.In the blockchain smart contract security detection,in addition to the traditional static audit tools,fuzzy testing and other methods are proposed to dynamically run the detection of security vulnerabilities in blockchain smart contracts.However,there are two problems.The first problem is that in software testing,the ideal test determination(test prediction)usually must exist in order to be able to give a determination of whether the test result is correct,but the test prediction is not available(or easily available)in all application scenarios of testing,and sometimes the resources required to obtain the test determination far exceed the value of the test itself,and this kind of problem is called the test determination problem(Oracle problem).Due to the consensus mechanism in the blockchain system,invoking smart contracts requires additional expenses to ensure the collaboration and consensus among nodes.In the case of ethereum,for example,invoking a smart contract involves the payment of gasoline(Gas),which has more complicated conversion criteria with virtual tokens between ethereum and other trading institutions,thus further increasing the difficulty of obtaining test predictions.The second problem is that in metamorphic testing,the generation strategy of source test cases mostly comes from random generation,but the randomly generated source test cases will bring greater computational overhead and time consumption.In this thesis,we propose a metamorphic relationship construction method for blockchain smart contract security vulnerabilities,which is targeted to build metamorphic relationships based on the traditional metamorphic relationship construction method for the characteristics of common vulnerabilities in smart contracts,so that metamorphic testing has higher accuracy in blockchain smart contract testing.By using adaptive partition testing technology,we can adjust the metamorphic test profiles according to the feedback of test results and dynamically adjust the test case selection partition for metamorphic testing.The scientific and reasonable dynamic testing of blockchain smart contract security is realized,which provides a theoretical basis for the security evaluation of blockchain contract layer.Meanwhile,based on the main research results of this thesis,a security testing system for blockchain smart contracts is designed and implemented.The main work of this thesis is as follows:(1)To address the problem that test predictions are difficult to obtain,a metamorphic test-based security vulnerability detection method for blockchain smart contracts is proposed to analyze the frequent smart contract vulnerabilities in the blockchain smart contract layer and design six metamorphic relations according to the security vulnerability logic that may trigger vulnerabilities,all of which will work in specific smart contract application scenario types.The validity and feasibility of the metamorphic relationships are verified through experiments,which provide a basis for the implementation of a blockchain smart contract security vulnerability testing framework based on metamorphic testing.(2)To address the source test case generation problem,a blockchain smart contract security vulnerability testing framework is proposed to test the security of blockchain smart contracts based on metamorphic testing technology,and by introducing adaptive partition testing,the feedback information of metamorphic testing is used as the source test case generation for the next metamorphic testing,improving the metamorphic testing test case selection,and proposing a blockchain contract layer based metamorphic testing The original test case selection algorithm SCMT is proposed to further improve the efficiency and accuracy of metamorphic testing in blockchain smart contract security testing.(3)A blockchain smart contract security testing and evaluation system is designed and implemented.Firstly,it describes the smart contract entry and pre-processing,and details the process of data processing and flow between modules,then the main interface and important pages of the system are shown and elaborated.After repeated tests,the detection results of this system on the experimental objects are consistent with our experimental data,and this system has good interactive pages and easy operability,which greatly simplifies the operational difficulty of formal verification and It reduces the learning cost.