Is My RPC Response Reliable? Detecting RPC Bugs in Blockchain Client under Context
Blockchain clients are fundamental software for running blockchain nodes. They provide users with various RPC (Remote Procedure Call) interfaces to interact with the blockchain. These RPC methods are expected to follow the same specification across different blockchain nodes, providing users with seamless interaction. However, there have been continuous reports on various RPC bugs that can cause unexpected responses or even Denial of Service weakness. Existing studies on blockchain RPC bug detection mainly focus on generating the RPC method calls for testing blockchain clients. However, a wide range of the reported RPC bugs are triggered in various blockchain contexts. To the best of our knowledge, little attention is paid to generating proper contexts that can trigger these context-dependent RPC bugs.
In this work, we propose EthCRAFT, a Context-aware RPC Analysis and Fuzzing Tool for client RPC bug detection. EthCRAFT first proposes to explore the state transition program space of blockchain clients and generate various transactions to construct the context. EthCRAFT then designs a context-aware RPC method call generation method to send RPC calls to the blockchain clients. The responses of 5 different client implementations are used as cross-referring oracles to detect the RPC bugs. We evaluate EthCRAFT on real-world RPC bugs collected from the GitHub issues of Ethereum client implementations. Experiment results show that EthCRAFT outperforms existing client RPC detectors by detecting more RPC bugs. Moreover, EthCRAFT has found six new bugs in major Ethereum clients and reported them to the developers. One of the bug fixes has been written into breaking changes in the client’s updates. Three of our bug reports have been offered a vulnerability bounty by the Ethereum Foundation.
Thu 16 AprDisplayed time zone: Brasilia, Distrito Federal, Brazil change
11:00 - 12:30 | Testing and Analysis 8Research Track at Oceania IX Chair(s): Luca Di Grazia University of St. Gallen | ||
11:00 15mTalk | RusyFuzz: Unhandled Exception Guided Fuzzing for Rust OS Kernel Research Track Yuwei Liu Ant Group, Yanhao Wang Independent Researcher, Minghua Wang Ant Group, Lin Huang Ant Group, Purui Su Institute of Software/CAS China, Tao Wei Ant Group | ||
11:15 15mTalk | VDBFuzz: Understanding and Detecting Crash Bugs in Vector Database Management Systems Research Track Shenao Wang Huazhong University of Science and Technology, Zhao Liu 360 AI Security Lab, Yanjie Zhao Huazhong University of Science and Technology, Quanchen Zou 360 AI Security Lab, Haoyu Wang Huazhong University of Science and Technology | ||
11:30 15mTalk | GPTrace: Effective Crash Deduplication Using LLM Embeddings Research Track Patrick Herter Fraunhofer AISEC, Vincent Ahlrichs Fraunhofer AISEC, Ridvan Açilan Technical University of Munich, Julian Horsch Fraunhofer AISEC Pre-print Media Attached | ||
11:45 15mTalk | Is My RPC Response Reliable? Detecting RPC Bugs in Blockchain Client under Context Research Track Zhijie Zhong School of Software Engineering, Sun Yat-sen University, Yuhong Nan Sun Yat-sen University, Mingxi Ye Sun Yat-sen University, Qing Xue Sun Yat-sen University, Jiashui Wang Zhejiang University, Long Liu , Xinlei Ying , Zibin Zheng Sun Yat-sen University | ||
12:00 15mTalk | EchoFuzz: Empowering Smart Contract Fuzzing with Large Language Models Research Track Juanen Li Tsinghua University, Peng Qian Zhejiang University, Guanyan Li University of Oxford, Rui Wang Beijing Normal University, Peixin Wang East China Normal University, Zhiqing Tang Beijing Normal University, Fuchen Ma Tsinghua University, Yuanliang Chen Tsinghua University, Lun Zhang GoPlus Security | ||
12:15 15mTalk | StorFuzz: Using Data Diversity to Overcome Fuzzing Plateaus Research Track Leon Weiß Ruhr University Bochum, Tobias Holl Ruhr University Bochum, Kevin Borgolte Ruhr University Bochum Pre-print Media Attached | ||