Zheyuan He, University of Electronic Science and Technology of China; Zihao Li, The Hong Kong Polytechnic University; Jiahao Luo, University of Electronic Science and Technology of China; Feng Luo, The Hong Kong Polytechnic University; Junhan Duan, Carnegie Mellon University; Jingwei Li and Shuwei Song, University of Electronic Science and Technology of China; Xiapu Luo, The Hong Kong Polytechnic University; Ting Chen and Xiaosong Zhang, University of Electronic Science and Technology of China
The transaction fee mechanism (TFM) in blockchain prevents resource abuse by charging users based on resource usage, but inconsistencies between charged fees and actual resource consumption, termed as TFM inconsistency bugs, introduce significant security and financial risks.
In this paper, we present Auspex, the first tool that automatically detects TFM inconsistency bugs in Ethereum ecosystem by leveraging fuzzing technology. To efficiently trigger and identify TFM inconsistency bugs, Auspex introduces three novel technologies: (i) a chain-based test case generation strategy that enables Auspex to efficiently generate the test cases; (ii) a charging-guided fuzzing approach that guides Auspex to explore more code logic; and (iii) fee consistency property and resource consistency property, two general bug oracles for automatically detecting bugs. We evaluate Auspex on Ethereum and demonstrate its effectiveness by discovering 13 previously unknown TFM inconsistency bugs, and achieving 3.5 times more code branches than state-of-the-art tools. We further explore the financial and security impact of the bugs. On one hand, these bugs have caused losses exceeding millions of dollars for users on both Ethereum and BSC. On the other hand, the denial-of-service (DoS) attack exploiting these bugs can prolong transaction wait time by 4.5 times during the attack period.
