WANA: Symbolic Execution of Wasm Bytecode for Cross-Platform Smart Contract Vulnerability Detection
This addresses the issue of financial loss from smart contract vulnerabilities for users on multiple blockchain platforms, though it is incremental as it builds on existing symbolic execution methods.
The paper tackles the problem of limited vulnerability detection tools for smart contracts, especially on the EOSIO blockchain, by presenting WANA, a cross-platform tool based on symbolic execution of WebAssembly bytecode. The result shows that WANA effectively detects vulnerabilities in both EOSIO and Ethereum smart contracts with high efficiency.
Many popular blockchain platforms are supporting smart contracts for building decentralized applications. However, the vulnerabilities within smart contracts have led to serious financial loss to their end users. For the EOSIO blockchain platform, effective vulnerability detectors are still limited. Furthermore, existing vulnerability detection tools can only support one blockchain platform. In this work, we present WANA, a cross-platform smart contract vulnerability detection tool based on the symbolic execution of WebAssembly bytecode. Furthermore, WANA proposes a set of test oracles to detect the vulnerabilities in EOSIO and Ethereum smart contracts based on WebAssembly bytecode analysis. Our experimental analysis shows that WANA can effectively detect vulnerabilities in both EOSIO and Ethereum smart contracts with high efficiency.