Integer overflow is a common vulnerability in Ethereum Smart Contracts (ESCs) and often causes huge economic losses.Smart contracts cannot be changed once it is deployed on the blockchain and thus demand further testing.Mutation testing is a fault-based testing method that can effectively improve the sufficiency of a test for smart contracts.However,existing methods cannot efficiently perform mutation testing specifically for integer overflow in ESCs.Therefore,by analyzing integer overflow in ESCs,we propose five special mutation operators to address such vulnerability in terms of detecting sufficiency in ESC testing.An empirical study on 40 open-source ESCs is conducted to evaluate the effectiveness of the proposed mutation operators.Results show that (1) our proposed mutation operators can reproduce all 179 integer overflow vulnerabilities in 40 smart contracts,and the generated mutants have high compilation pass rate and integer overflow vulnerability generation rate;moreover,(2) the generated mutants can find the shortcomings of existing testing methods for integer overflow vulnerability,thereby providing effective support to improve the sufficiency of the test.

Jinlei Sun;Song Huang;Changyou Zheng;Tingyong Wang;Cheng Zong;Zhanwei Hui

Command & Control Engineering College,Army Engineering University of PLA,Nanjing 210000,China;Institute of Evaluation and Assessment Research,Academy of Military Science,Beijing 100091,China

清华大学学报自然科学版（英文版）

[1]Jinlei Sun;Song Huang;Changyou Zheng;Tingyong Wang;Cheng Zong;Zhanwei Hui-.Mutation Testing for Integer Overflow in Ethereum Smart Contracts)[J].清华大学学报自然科学版（英文版）,2022(01):27-40

Mutation,Testing,Integer,Overflow,Ethereum,Smart,Contracts,overflow,common,vulnerability,ESCs,often,causes,huge,economic,losses,contracts,cannot,be,changed,once,deployed,blockchain,thus,demand,further,testing,fault,that,effectively,improve,sufficiency,smart,However,existing,methods,efficiently,perform,mutation,specifically,integer,Therefore,analyzing,five,special,operators,address,such,terms,detecting,An,empirical,study,open,source,conducted,evaluate,effectiveness,proposed,Results,show,reproduce,vulnerabilities,generated,mutants,have,high,compilation,pass,generation,moreover,find,shortcomings,thereby,providing,support

0.482811