The out-of-gas error occurs when smart contract programs are provided with
inputs that cause excessive gas consumption, and would be easily exploited to
make the DoS attack. Multiple approaches have been proposed to estimate the gas
limit of a function in smart contracts to avoid such error. However, under
estimation often happens when the contract is complicated. In this work, we
propose V-Gas, which could automatically generate inputs that maximizes the gas
cost and reduce the under estimation cases. V-Gas is designed based on
feedback-directed mutational fuzz testing. First, V-Gas builds the gas weighted
control flow graph (CFG) of functions in smart contracts. Then, V-Gas develops
gas consumption guided selection and mutation strategies to generate the input
that maximize the gas consumption. For evaluation, we implement V-Gas based on
js-evm, a widely used ethereum virtual machine written in javascript, and
conduct experiments on 736 real-world transactions recorded on Ethereum.
44.02% of the transactions would have out-of-gas errors under the estimation
results given by solc, means that the recorded real gas consumption for those
recorded transactions is larger than the gas limit value estimated by solc.
While V-Gas could reduce the under estimation ratio to 13.86%. Furthermore,
V-Gas has exposed 25 previously unknown out-of-gas vulnerabilities in those
widely-used smart contracts, 5 of which have been assigned unique CVE
identifiers in the US National Vulnerability Database.

By admin