Mètodes de Testeig Avançat i Recerca de Vulnerabilitats en Contractes Intel·ligents Basats en Fuzzing

Abstract

Blockchain technologies allow the creation of digital scarcity, which has defined digital value. Security is a crucial factor in order to keep the integrity of that scarcity and ensure the maintenance of that value. Programmable blockchain technologies, such as Ethereum, allow through smart contracts the construction of autonomous financial protocols that have the capacity to own and transfer value between users and other protocols in a trustless manner. However, like any software component, smart contracts are not free from containing vulnerabilities, which in many cases put at risk the value contained within them. In this way, security becomes a fundamental factor to consider throughout the life cycle of smart contracts, especially during the development phase, due to the immutability of these once they are deployed on the blockchain. This work focuses on exploring the ecosystem of advanced fuzzing based testing tools for Ethereum smart contracts, and how these can be used both for vulnerability discovery and ensuring the correctness of the properties of smart contracts. Additionally, the integration and automation of these tools within the development process will be explored to enhance security throughout the entire development cycle of smart contracts. With the completion of this work, it is intended to document the theoretical-practical knowledge necessary for the construction and automation of advanced testing setups for smart contracts based on fuzzing in an efficient and professional manner.