Uncovering Vulnerabilities in Wasm Smart Contracts

WebAssembly (Wasm) smart contracts have shown growing popularity across blockchains (e.g., EOSIO and NEAR) recently. Wasm smart contracts have been suffering from various attacks exploiting their vulnerabilities. Even worse, few developers released the source code of their Wasm smart contracts for security review, raising the bar for uncovering vulnerable contracts. Although a few approaches have been proposed to detect vulnerable Wasm smart contracts, they have several major limitations, e.g., low code coverage, low accuracy and lack of scalability, unable to produce exploit payloads, etc. To fill the gap, we design and implement WASAI, a new concolic fuzzer for uncovering vulnerabilities in Wasm smart contract. We conduct extensive experiments to evaluate WASAI, and the results show that it outperforms the state-of-the-art methods. WASAI achieves 2x code coverage than the baselines and surpasses them in detection accuracy, with an F1-measure of 99.2%. Applying WASAI to all deployed smart contracts in the wild, we find that over 707 smart contracts are vulnerable. One Fake EOS vulnerability reported to the EOSIO ecosystem was recently assigned a CVE identifier (CVE-2022-27134).

Automated summary

WebAssembly (Wasm) smart contracts have gained popularity in the blockchain field, but they also face vulnerabilities. To address the limitations of existing methods, researchers have developed a new tool called WASAI, which can accurately detect vulnerabilities in Wasm smart contracts.