Find in Library

Abstract Over the past few years, blockchain platforms supporting WebAssembly (Wasm) smart contracts are gaining popularity. However, Wasm smart contracts are often compiled from memory‐unsafe languages (e.g. C and C++). And there is a lack of effective defense against integer overflow and stack overflow at the compiler and virtual machine (VM) layers, making Wasm smart contracts even more exploitable than native C and C++ programs. In this paper, the authors propose wasm overflow detector (WASMOD) to address the integer overflow and stack overflow vulnerabilities. The authors’ approach combines bytecode instrumentation, run‐time validation, and grey‐box fuzzing to detect these vulnerabilities. The authors applied their approach to the popular EOSIO blockchain and evaluated it on 4616 deployed Wasm smart contracts. The authors’ approach detected 13 real‐world vulnerable smart contracts.