V-Gas: Generating High Gas Consumption Inputs to Avoid Out-of-Gas Vulnerability

Out-of-gas errors occur when smart contract programs are provided with inputs that cause excessive gas consumption and which will be easily exploited to perform Denial-of-Service attacks. Various approaches have been proposed to estimate the gas limit of a function in smart contracts to avoid such error. However, underestimation often occurs when the contract is complex In this work, we propose V-Gas, which automatically generates inputs that maximize the gas cost and reduce underestimation. V-Gas is designed based on static analysis and feedback-directedmutational fuzz testing. First, V-Gas builds the gasweighted control flow graph of functions in smart contracts. Then, V-Gas develops gas consumption guided selection and mutation strategies to generate the input that maximize the gas consumption. For evaluation, we implement V-Gas based on js-evm, a widely used Ethereum virtual machine written in Javascript, and conduct experiments on 736 real-world transactions recorded on Ethereum. A total of 44.02% of the transactions would have out-of-gas errors based on the estimation results given by solc, meaning that the recorded real gas consumption for those transactions is larger than the gas limit estimated by solc. In comparison, V-Gas could reduce the underestimation ratio to 13.86%. To evaluate the performance of feedback-directed engine in V-Gas, we implemented other directed fuzzing engines and compared their performance with that of V-Gas. The results showed that V-Gas generates the same or higher gas estimation value on 97.8% of the transactions with less time, usually within 5 minutes. Furthermore, V-Gas has exposed 25 previously unknown out-of-gas vulnerabilities in widely used smart contracts, 6 of which have been assigned unique CVE identifiers in the U.S. National Vulnerability Database.