Abstract
The transaction fee mechanism (TFM) in blockchain prevents resource abuse by charging users based on resource usage, but inconsistencies between charged fees and actual resource consumption, termed as TFM inconsistency bugs, introduce significant security and financial risks.
In this paper, we present Auspex, the first tool that automatically detects TFM inconsistency bugs in Ethereum ecosystem by leveraging fuzzing technology. To efficiently trigger and identify TFM inconsistency bugs, Auspex introduces three novel technologies: (i) a chain-based test case generation strategy that enables Auspex to efficiently generate the test cases; (ii) a charging-guided fuzzing approach that guides Auspex to explore more code logic; and (iii) fee consistency property and resource consistency property, two general bug oracles for automatically detecting bugs. We evaluate Auspex on Ethereum and demonstrate its effectiveness by discovering 13 previously unknown TFM inconsistency bugs, and achieving 3.5 times more code branches than state-of-the-art tools. We further explore the financial and security impact of the bugs. On one hand, these bugs have caused losses exceeding millions of dollars for users on both Ethereum and BSC. On the other hand, the denial-of-service (DoS) attack exploiting these bugs can prolong transaction wait time by 4.5 times during the attack period.
In this paper, we present Auspex, the first tool that automatically detects TFM inconsistency bugs in Ethereum ecosystem by leveraging fuzzing technology. To efficiently trigger and identify TFM inconsistency bugs, Auspex introduces three novel technologies: (i) a chain-based test case generation strategy that enables Auspex to efficiently generate the test cases; (ii) a charging-guided fuzzing approach that guides Auspex to explore more code logic; and (iii) fee consistency property and resource consistency property, two general bug oracles for automatically detecting bugs. We evaluate Auspex on Ethereum and demonstrate its effectiveness by discovering 13 previously unknown TFM inconsistency bugs, and achieving 3.5 times more code branches than state-of-the-art tools. We further explore the financial and security impact of the bugs. On one hand, these bugs have caused losses exceeding millions of dollars for users on both Ethereum and BSC. On the other hand, the denial-of-service (DoS) attack exploiting these bugs can prolong transaction wait time by 4.5 times during the attack period.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 23rd USENIX Conference on File and Storage Technologies |
| Publication status | Accepted/In press - 2025 |