ICSE 2024
Fri 12 - Sun 21 April 2024 Lisbon, Portugal
Fri 19 Apr 2024 11:00 - 11:15 at Fernando Pessoa - Testing: various bug types 2 Chair(s): João F. Ferreira

Bugs in smart contracts may have devastating effects as they tend to cause financial loss. According to a recent study, accounting bugs are the most common kind of bugs in smart contracts that are beyond automated tools during pre-deployment auditing. The reason lies in that these bugs are usually in the core business logic and hence contract-specific. They are analogous to functional bugs in traditional software, which are largely beyond automated bug finding tools whose effectiveness hinges on uniform and machine checkable characteristics of bugs. It was also reported that accounting bugs are the second-most difficult to find through manual auditing, due to the need of understanding underlying business models. We observe that a large part of business logic in smart contracts can be modeled by a few primitive operations like those in a bank, such as deposit, withdraw, loan, and pay-off, or by their combinations. The properties of these operations can be clearly defined and checked by an abstract type system that models high-order information such as token units, scaling factors, and financial types. We hence develop a novel type propagation and checking system with the aim of identifying accounting bugs. Our evaluation on a large set of 57 existing accounting bugs in 29 real-world projects shows that 58% of the accounting bugs are type errors. Our system catches 87.9% of these type errors. In addition, applying our technique to auditing a large project in a very recent auditing contest has yielded the identification of 6 zero-day accounting bugs with 4 leading to direct fund loss.

Fri 19 Apr

Displayed time zone: Lisbon change

11:00 - 12:30
Testing: various bug types 2Research Track / Software Engineering in Practice at Fernando Pessoa
Chair(s): João F. Ferreira INESC-ID and IST, University of Lisbon
11:00
15m
Talk
Towards Finding Accounting Errors in Smart ContractsACM SIGSOFT Distinguished Paper Award
Research Track
Brian Zhang Purdue University
11:15
15m
Talk
MultiTest: Physical-Aware Object Insertion for Testing Multi-sensor Fusion Perception Systems
Research Track
Xinyu Gao , Zhijie Wang University of Alberta, Yang Feng Nanjing University, Lei Ma The University of Tokyo & University of Alberta, Zhenyu Chen Nanjing University, Baowen Xu Nanjing University
Pre-print
11:30
15m
Talk
JLeaks: A Featured Resource Leak Repository Collected From Hundreds of Open-Source Java Projects
Research Track
Tianyang Liu Beijing Institute of Technology, Weixing Ji Beijing Institute of Technology, Xiaohui Dong Beijing Institute of Technology, Wuhuang Yao Beijing Institute of Technology, Yizhuo Wang Beijing Institute of Technology, Hui Liu Beijing Institute of Technology, Haiyang Peng Beijing Institute of Technology, Yuxuan Wang Beijing Institute of Technology
11:45
15m
Talk
S3C: Spatial Semantic Scene Coverage for Autonomous Vehicles
Research Track
Trey Woodlief University of Virginia, Felipe Toledo , Sebastian Elbaum University of Virginia, Matthew B Dwyer University of Virginia
Pre-print
12:00
15m
Talk
FlashSyn: Flash Loan Attack Synthesis via Counter Example Driven Approximation
Research Track
Zhiyang Chen University of Toronto, Sidi Mohamed Beillahi University of Toronto, Fan Long University of Toronto
Pre-print
12:15
15m
Talk
Hawkeye: Change-targeted Testing for Android Apps based on Deep Reinforcement Learning
Software Engineering in Practice
Chao Peng ByteDance, China, Zhengwei Lv ByteDance, Jiarong Fu ByteDance, Jiayuan Liang ByteDance, Zhao Zhang Bytedance Network Technology, Ajitha Rajan University of Edinburgh, Ping Yang Bytedance Network Technology