WebAssembly (WASM) has emerged as a crucial technology in smart contract development for several blockchain platforms. Unfortunately, since their introduction, WASM smart contracts have been subject to several security incidents caused by contract vulnerabilities, resulting in substantial economic losses. However, existing tools for detecting WASM contract vulnerabilities have accuracy limitations, one of the main reasons being the coarse-grained emulation of the on-chain data APIs. In this paper, we introduce WACANA, an analyzer for WASM contracts that accurately detects vulnerabilities through fine-grained emulation of on-chain data APIs. WACANA precisely simulates both the structure of on-chain data tables and their corresponding API functions, and integrates concrete and symbolic execution within a coverage-guided loop to balance accuracy and efficiency. Evaluations on a vulnerability dataset of 133 contracts show WACANA outperforming state-of-the-art tools in accuracy. Further validation on 5,602 real-world contracts confirms WACANA's practical effectiveness.

翻译：WebAssembly (WASM) 已成为多个区块链平台智能合约开发的关键技术。然而，自其引入以来，WASM智能合约已多次因合约漏洞引发安全事件，造成了重大的经济损失。现有WASM合约漏洞检测工具存在准确性局限，主要原因之一是对链上数据API的模拟粒度较粗。本文提出WACANA，一种通过细粒度模拟链上数据API来精确检测漏洞的WASM合约分析器。WACANA精确模拟链上数据表的结构及其对应的API函数，并将具体执行与符号执行集成在覆盖率引导的循环中，以平衡准确性与效率。在包含133个合约的漏洞数据集上的评估表明，WACANA在准确性上优于现有最先进的工具。对5,602个真实世界合约的进一步验证证实了WACANA的实际有效性。