TxT: Real-Time Transaction Encapsulation for Ethereum Smart Contracts

Ethereum is a permissionless blockchain ecosystem that supports execution of smart contracts, the key enablers decentralized finance (DeFi) and non-fungible tokens (NFT). However, expressiveness contracts double-edged sword: while it enables programmability, also introduces security vulnerabilities, i.e., exploitable discrepancies between expected actual behaviors contract code. To address these increase vulnerability coverage, we propose new testing approach called transaction encapsulation. The core idea lies in local transactions on fully-synchronized yet isolated node, which creates preview outcomes sequences current state blockchain. This poses critical technical challenge — well-known time-of-check/time-of-use (TOCTOU) problem, assurance final will exhibit same paths as encapsulated test transactions. In this work, determine exact conditions for guaranteed path replicability tested demonstrate encapsulation, implement tool, TxT, reveals (either benign or malicious) ensure correctness testing, TxT deterministically verifies whether given sequence ensues an identical We analyze over 1.3 billion 96.5% them can be verified by TxT. further show successfully suspicious associated with 31 out 37 vulnerabilities (83.8% coverage) weakness classification (SWC) registry. comparison, coverage all existing defense approaches combined only reaches 40.5%.