Blockchain clients are fundamental software for running blockchain nodes. They provide users with various RPC (Remote Procedure Call) interfaces to interact with the blockchain. These RPC methods are expected to follow the same specification across different blockchain nodes, providing users with seamless interaction. However, there have been continuous reports on various RPC bugs that can cause unexpected responses or even Denial of Service weakness. Existing studies on blockchain RPC bug detection mainly focus on generating the RPC method calls for testing blockchain clients. However, a wide range of the reported RPC bugs are triggered in various blockchain contexts. To the best of our knowledge, little attention is paid to generating proper contexts that can trigger these context-dependent RPC bugs. In this work, we propose EthCRAFT, a Context-aware RPC Analysis and Fuzzing Tool for client RPC bug detection. EthCRAFT first proposes to explore the state transition program space of blockchain clients and generate various transactions to construct the context. EthCRAFT then designs a context-aware RPC method call generation method to send RPC calls to the blockchain clients. The responses of 5 different client implementations are used as cross-referring oracles to detect the RPC bugs. We evaluate EthCRAFT on real-world RPC bugs collected from the GitHub issues of Ethereum client implementations. Experiment results show that EthCRAFT outperforms existing client RPC detectors by detecting more RPC bugs. Moreover, EthCRAFT has found six new bugs in major Ethereum clients and reported them to the developers. One of the bug fixes has been written into breaking changes in the client's updates. Three of our bug reports have been offered a vulnerability bounty by the Ethereum Foundation.

翻译：区块链客户端是运行区块链节点的核心软件。它们为用户提供多种RPC（远程过程调用）接口以与区块链进行交互。这些RPC方法在不同区块链节点间应遵循统一规范，为用户提供无缝交互体验。然而，各类RPC漏洞的持续报告表明，其可能导致异常响应甚至拒绝服务攻击。现有区块链RPC漏洞检测研究主要集中于生成RPC方法调用来测试区块链客户端，但大量已报告的RPC漏洞需要在特定区块链上下文中触发。据我们所知，当前研究很少关注如何生成能触发这类上下文相关RPC漏洞的适当上下文。本研究提出EthCRAFT——一种面向客户端RPC漏洞检测的上下文感知RPC分析与模糊测试工具。EthCRAFT首先探索区块链客户端的状态转移程序空间，通过生成多样化交易构建上下文环境；随后设计上下文感知的RPC方法调用生成机制，向区块链客户端发送RPC调用；最后通过交叉比对5种不同客户端实现的响应结果来检测RPC漏洞。我们在从以太坊客户端GitHub问题中收集的真实RPC漏洞上评估EthCRAFT，实验结果表明其能检测出更多RPC漏洞，性能优于现有客户端RPC检测器。此外，EthCRAFT已在主流以太坊客户端中发现6个新漏洞并报告给开发团队，其中1个漏洞修复已被纳入客户端的重大变更更新，3个漏洞报告获得了以太坊基金会提供的漏洞赏金。