Towards Automated Testing of Blockchain-Based Decentralized Applications

Blockchain-based decentralized applications (DApp) have been widely adopted in different areas and trusted by more and more users due to the fact that the back end code of a DApp is publicly run on the blockchain and cannot be modified implicitly. However, there are few effective methods and tools for testing DApps and bugs can be easily introduced by inexperienced developers. The existing testing techniques either focus on testing front-end programs or back-end code but ignore the interaction between them, which makes it difficult to apply the techniques directly on DApp. In this paper, we present an automated testing technique for DApps which works in a two-phase manner. First, we employ random events to infer an abstract relation between browser-side events and blockchain-side contracts. Second, our technique generates a set of test cases under the guidance of inferred relations and orders the test cases based on a read-write graph. We also use taint analysis to track data flow of the smart contract and feed it to the generation procedure for following test cases. We have developed a tool called Sungari to implement our approach, and evaluated it on representative real-world DApps. The preliminary evaluation results demonstrated the potential of Sungari in achieving a significant optimization compared to random testing approaches.

[1]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[2]  Steve Hanna,et al.  A Symbolic Execution Framework for JavaScript , 2010, 2010 IEEE Symposium on Security and Privacy.

[3]  Ali Mesbah,et al.  JSART: JavaScript Assertion-Based Regression Testing , 2012, ICWE.

[4]  Ye Liu,et al.  ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[5]  Arie van Deursen,et al.  Crawling Ajax-Based Web Applications through Dynamic Analysis of User Interface State Changes , 2012, TWEB.

[6]  Zhong Chen,et al.  ReGuard: Finding Reentrancy Bugs in Smart Contracts , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering: Companion (ICSE-Companion).

[7]  Koushik Sen,et al.  A Survey of Dynamic Analysis and Test Generation for JavaScript , 2017, ACM Comput. Surv..

[8]  Frank Tip,et al.  A framework for automated testing of javascript web applications , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[9]  Ali Mesbah,et al.  JSEFT: Automated Javascript Unit Test Generation , 2015, 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST).

[10]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[11]  Chao Liu,et al.  S-gram: Towards Semantic-Aware Security Auditing for Ethereum Smart Contracts , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[12]  Sukrit Kalra,et al.  ZEUS: Analyzing Safety of Smart Contracts , 2018, NDSS.

[13]  Ali Mesbah,et al.  PYTHIA: Generating test cases with oracles for JavaScript applications , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[14]  Chao Liu,et al.  EASYFLOW: Keep Ethereum Away from Overflow , 2018, 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion).

[15]  Zhendong Su,et al.  A Survey on Data-Flow Testing , 2017, ACM Comput. Surv..

[16]  Koushik Sen,et al.  Jalangi: a selective record-replay and dynamic analysis framework for JavaScript , 2013, ESEC/FSE 2013.

[17]  Amin Milani Fard,et al.  Leveraging existing tests in automated test generation for web applications , 2014, ASE.

[18]  Michael D. Ernst,et al.  Feedback-Directed Random Test Generation , 2007, 29th International Conference on Software Engineering (ICSE'07).

[19]  Ali Mesbah,et al.  Advances in Testing JavaScript-Based Web Applications , 2015, Adv. Comput..

[20]  Petar Tsankov,et al.  Securify: Practical Security Analysis of Smart Contracts , 2018, CCS.