WACANA: A Concolic Analyzer for Detecting On-chain Data Vulnerabilities in WASM Smart Contracts
Wansen Wang, Caichang Tu, Zhaoyi Meng, Wenchao Huang, Yan Xiong
TL;DR
WACANA tackles vulnerabilities in EOSIO WASM smart contracts by combining fine-grained on-chain data API emulation with a multi-round concolic execution loop to balance accuracy and efficiency. The approach precisely models on-chain data tables and API operations, updating concrete on-chain state through a test chain while guiding symbolic exploration via coverage-driven state selection. Empirical results show WACANA exceeding state-of-the-art tools in precision and recall on a vulnerability dataset of 133 contracts, and achieving $100\%$ precision with $97.09\%$ recall on a real-world sample of $n=200$ contracts from a 5,602-contract corpus, demonstrating practical applicability. The work contributes a modular framework, including a fine-grained on-chain API emulator, a concolic execution strategy, and a vulnerability detector, with open-source code and data to advance reliable detection of on-chain data vulnerabilities in WASM smart contracts.
Abstract
WebAssembly (WASM) has emerged as a crucial technology in smart contract development for several blockchain platforms. Unfortunately, since their introduction, WASM smart contracts have been subject to several security incidents caused by contract vulnerabilities, resulting in substantial economic losses. However, existing tools for detecting WASM contract vulnerabilities have accuracy limitations, one of the main reasons being the coarse-grained emulation of the on-chain data APIs. In this paper, we introduce WACANA, an analyzer for WASM contracts that accurately detects vulnerabilities through fine-grained emulation of on-chain data APIs. WACANA precisely simulates both the structure of on-chain data tables and their corresponding API functions, and integrates concrete and symbolic execution within a coverage-guided loop to balance accuracy and efficiency. Evaluations on a vulnerability dataset of 133 contracts show WACANA outperforming state-of-the-art tools in accuracy. Further validation on 5,602 real-world contracts confirms WACANA's practical effectiveness.