DAppFL: Just-in-Time Fault Localization for Decentralized Applications in Web3
Web3 describes an idea for the next evolution of the Internet, where blockchain technology enables the Internet of Value. As Web3 software, decentralized applications (DApps) have emerged in recent years. There exists a natural link between DApps and cryptocurrencies, where faults in DApps could directly lead to monetary losses associated with cryptocurrencies. Hence, efficient fault localization technology is of paramount importance for urgent DApp rescue operations and the mitigation of financial losses. However, fault localization methods applied in traditional applications are not well-suited for this specific field, due to their inability to identify DApp-specific fault features, e.g., a substantial amount of cryptocurrency is transferred from DApps to hackers. In order to explore the root cause of DApp faults, some researchers try to identify suspicious code snippets through mutation testing. Nonetheless, applying mutation testing for DApp fault localization is time-consuming and thus limited in practice. This paper conducts the first comprehensive study of DApp fault localization. We introduce DAppFL, a learning-based DApp fault localization tool that performs reverse engineering to gather executed source code and then trace cryptocurrency flow to assist in locating faulty functions. We also present the inaugural dataset for DApp fault localization, providing a new benchmark for this domain.Our experimental results demonstrate that DAppFL locates 63% of faults within the Top-5, 23%#dappfl. more than the state-of-the-art method. To facilitate further research, our code and dataset are freely available online: https://github.com/xplanet-sysu/awesome-works
Thu 19 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 11:50 | BlockchainTechnical Papers at EI 3 Sahulka Chair(s): Konstantinos (Kostis) Sagonas Uppsala University and Nat. Tech. Univ. of Athens | ||
10:30 20mTalk | DAppFL: Just-in-Time Fault Localization for Decentralized Applications in Web3 Technical Papers Zhiying Wu Sun Yat-sen University, Jiajing Wu Sun Yat-sen University, Hui Zhang Sun Yat-sen University, Ziwei Li Sun Yat-sen University, Jiachi Chen Sun Yat-sen University, Zibin Zheng Sun Yat-sen University, Qing Xia Institute of Software at Chinese Academy of Sciences, Gang Fan Ant Group, Yi Zhen Independent DOI | ||
10:50 20mTalk | LENT-SSE: Leveraging Executed and Near Transactions for Speculative Symbolic Execution of Smart Contracts Technical Papers Peilin Zheng Sun Yat-sen University, Bowei Su Sun Yat-sen University, Xiapu Luo Hong Kong Polytechnic University, Ting Chen University of Electronic Science and Technology of China, Neng Zhang Sun Yat-sen University, Zibin Zheng Sun Yat-sen University DOI File Attached | ||
11:10 20mTalk | Following the “Thread”: Toward Finding Manipulatable Bottlenecks in Blockchain Clients Technical Papers Shuohan Wu Hong Kong Polytechnic University, Zihao Li Hong Kong Polytechnic University, Hao Zhou Hong Kong Polytechnic University, Xiapu Luo Hong Kong Polytechnic University, Jianfeng Li Xi’an Jiaotong University, Haoyu Wang Huazhong University of Science and Technology DOI | ||
11:30 20mTalk | DeFort: Automatic Detection and Analysis of Price Manipulation Attacks in DeFi Applications Technical Papers Maoyi Xie Nanyang Technological University, Ming Hu Nanyang Technological University, Ziqiao Kong Nanyang Technological University, Cen Zhang Nanyang Technological University, Yebo Feng Nanyang Technological University, Haijun Wang Xi’an Jiaotong University, Yue Xue MetaTrust Labs, Hao Zhang MetaTrust Labs, Ye Liu Nanyang Technological University, Yang Liu Nanyang Technological University DOI | ||