Metamorphic Testing for Smart Contract Vulnerabilities Detection

TL;DR

This paper introduces a metamorphic testing approach to identify vulnerabilities in smart contracts by defining relations that detect abnormal behaviors, demonstrating higher detection accuracy than existing tools on a benchmark of 67 contracts.

Contribution

It applies metamorphic testing to smart contracts, defining five relations for vulnerability detection, and shows improved detection performance over state-of-the-art methods.

Findings

Higher true positive rate compared to existing tools

Lower false discovery rate in vulnerability detection

Effective detection of gas consumption and account interaction issues

Abstract

Despite the rapid growth of smart contracts, they are suffering numerous security vulnerabilities due to the absence of reliable development and testing. In this article, we apply the metamorphic testing technique to detect smart contract vulnerabilities. Based on the anomalies we observed in vulnerable smart contracts, we define five metamorphic relations to detect abnormal gas consumption and account interaction inconsistency of the target smart contract. Through dynamically executing transactions and checking the final violation of metamorphic relations, we determine whether a smart contract is vulnerable. We evaluate our approach on a benchmark of 67 manually annotated smart contracts. The experimental results show that our approach achieves a higher detection rate (TPR, true positive rate) with a lower misreport rate (FDR, false discovery rate) than the other three state-of-the-art tools. These results further suggest that metamorphic testing is a promising method for detecting smart contract vulnerabilities.