WACANA: A Concolic Analyzer for Detecting On-chain Data Vulnerabilities in WASM Smart Contracts

TL;DR

WACANA is a novel concolic analysis tool that accurately detects on-chain data vulnerabilities in WASM smart contracts by fine-grained emulation and combined symbolic execution, outperforming existing tools in accuracy.

Contribution

The paper introduces WACANA, a new concolic analyzer that improves vulnerability detection in WASM smart contracts through precise on-chain data emulation and integrated execution techniques.

Findings

WACANA outperforms state-of-the-art tools in accuracy on a dataset of 133 contracts.

WACANA effectively detects vulnerabilities in 5,602 real-world contracts.

The approach balances accuracy and efficiency with coverage-guided execution.

Abstract

WebAssembly (WASM) has emerged as a crucial technology in smart contract development for several blockchain platforms. Unfortunately, since their introduction, WASM smart contracts have been subject to several security incidents caused by contract vulnerabilities, resulting in substantial economic losses. However, existing tools for detecting WASM contract vulnerabilities have accuracy limitations, one of the main reasons being the coarse-grained emulation of the on-chain data APIs. In this paper, we introduce WACANA, an analyzer for WASM contracts that accurately detects vulnerabilities through fine-grained emulation of on-chain data APIs. WACANA precisely simulates both the structure of on-chain data tables and their corresponding API functions, and integrates concrete and symbolic execution within a coverage-guided loop to balance accuracy and efficiency. Evaluations on a vulnerability dataset of 133 contracts show WACANA outperforming state-of-the-art tools in accuracy. Further validation on 5,602 real-world contracts confirms WACANA's practical effectiveness.