Despite the rapid growth of smart contracts, they are suffering numerous security vulnerabilities due to the absence of reliable development and testing. In this article, we apply the metamorphic testing technique to detect smart contract vulnerabilities. Based on the anomalies we observed in vulnerable smart contracts, we define five metamorphic relations to detect abnormal gas consumption and account interaction inconsistency of the target smart contract. Through dynamically executing transactions and checking the final violation of metamorphic relations, we determine whether a smart contract is vulnerable. We evaluate our approach on a benchmark of 67 manually annotated smart contracts. The experimental results show that our approach achieves a higher detection rate (TPR, true positive rate) with a lower misreport rate (FDR, false discovery rate) than the other three state-of-the-art tools. These results further suggest that metamorphic testing is a promising method for detecting smart contract vulnerabilities.

翻译：尽管智能合约发展迅速，但由于缺乏可靠的开发与测试手段，其面临众多安全漏洞问题。本文采用蜕变测试技术检测智能合约漏洞。基于对脆弱智能合约中观察到的异常现象，我们定义了五条蜕变关系来检测目标智能合约的异常Gas消耗与账户交互不一致性。通过动态执行交易并检查蜕变关系的最终违反情况，我们判定智能合约是否存在漏洞。我们在包含67份人工标注智能合约的基准数据集上评估了该方法。实验结果表明，与三种现有最优工具相比，本方法在实现更高检测率（真阳性率TPR）的同时保持了更低误报率（错误发现率FDR）。这些结果进一步表明，蜕变测试是一种极具前景的智能合约漏洞检测方法。