{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T17:21:52Z","timestamp":1755796912254,"version":"3.44.0"},"reference-count":45,"publisher":"Association for Computing Machinery (ACM)","issue":"3","funder":[{"name":"Department for Territorial Cohesion, Presidency of the Council of Ministers, Italian Government","award":["E77G23000130001"],"award-info":[{"award-number":["E77G23000130001"]}]},{"name":"SERICS","award":["PE00000014"],"award-info":[{"award-number":["PE00000014"]}]},{"name":"MUR National Recovery and Resilience Plan funded by NextGenEu"},{"name":"Italian MUR PRIN 2022 Project: Domain","award":["#2022TSYYKJ"],"award-info":[{"award-number":["#2022TSYYKJ"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Technol."],"published-print":{"date-parts":[[2025,8,31]]},"abstract":"\n Blockchain technology is increasingly adopted in scenarios requiring trust and data integrity. On the Ethereum blockchain, the proxy pattern has become increasingly popular because it allows smart contract code to evolve while preserving stored data. However, a key challenge remains ensuring that such upgrades do not introduce breaking changes or cause disruptions to other contracts and off-chain systems. In this article, we introduce\n Catana<\/jats:sc>\n , a framework that leverages historical transactions for Capture-Replay testing of proxy-based Upgradeable Smart Contracts (USCs).\n Catana<\/jats:sc>\n assesses the potential impact of an upgrade by comparing the outcomes of replayed transactions with those from the previous version deployed on the main network. Additionally, it extracts and decodes contract state variables, providing deeper insights into how code changes affect the contract state, and helping developers mitigate issues before deployment. Experiments demonstrate that analyzing storage data accounts for the majority (about 86.5%) of detected disruptive upgrades. We also evaluate different policies for building replay test suites from historical transactions. Results identify a strategy that maximizes effectiveness while requiring a small number of replay test executions. Even a test suite containing just one transaction per each invoked method achieved good effectiveness (about 60%) in detecting disruptive upgrades.\n <\/jats:p>","DOI":"10.1145\/3737699","type":"journal-article","created":{"date-parts":[[2025,5,29]],"date-time":"2025-05-29T07:19:38Z","timestamp":1748503178000},"page":"1-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Wielding Blockchain Transactions for Capture-Replay Testing of Upgradeable Smart Contracts"],"prefix":"10.1145","volume":"25","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1281-4058","authenticated-orcid":false,"given":"Morena","family":"Barboni","sequence":"first","affiliation":[{"name":"Computer Science, University of Camerino","place":["Camerino, Italy"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1076-0076","authenticated-orcid":false,"given":"Guglielmo","family":"De Angelis","sequence":"additional","affiliation":[{"name":"IASI-CNR","place":["Rome, Italy"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1738-9043","authenticated-orcid":false,"given":"Andrea","family":"Morichetta","sequence":"additional","affiliation":[{"name":"Computer Science, University of Camerino","place":["Camerino, Italy"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2840-7561","authenticated-orcid":false,"given":"Andrea","family":"Polini","sequence":"additional","affiliation":[{"name":"Computer Science, University of Camerino","place":["Camerino, Italy"]}]}],"member":"320","published-online":{"date-parts":[[2025,8,18]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"crossref","first-page":"403","DOI":"10.1109\/DSN.2011.5958253","volume-title":"Proceedings of the 2011 IEEE\/IFIP 41st International Conference on Dependable Systems & Networks (DSN)","author":"Andrica Silviu","year":"2011","unstructured":"Silviu Andrica and George Candea. 2011. WaRR: A tool for high-fidelity web application record and replay. In Proceedings of the 2011 IEEE\/IFIP 41st International Conference on Dependable Systems & Networks (DSN). IEEE Compute Society, 403\u2013410."},{"key":"e_1_3_2_3_2","doi-asserted-by":"crossref","first-page":"89","DOI":"10.1109\/MODELS50736.2021.00018","volume-title":"Proceedings of the 2021 ACM\/IEEE 24th International Conference on Model Driven Engineering Languages and Systems (MODELS)","author":"Babaei Majid","year":"2021","unstructured":"Majid Babaei and Juergen Dingel. 2021. Efficient replay-based regression testing for distributed reactive systems in the context of model-driven development. In Proceedings of the 2021 ACM\/IEEE 24th International Conference on Model Driven Engineering Languages and Systems (MODELS). IEEE, 89\u2013100."},{"key":"e_1_3_2_4_2","doi-asserted-by":"crossref","first-page":"558","DOI":"10.1109\/ICBC59979.2024.10634403","volume-title":"Proceedings of the 2024 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)","author":"Banescu Sebastian","year":"2024","unstructured":"Sebastian Banescu, Morena Barboni, Andrea Morichetta, Andrea Polini, and Edward Zulkoski. 2024. Enhanced mutation testing of smart contracts in support of code inspection. In Proceedings of the 2024 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). IEEE, 558\u2013566."},{"key":"e_1_3_2_5_2","doi-asserted-by":"crossref","first-page":"257","DOI":"10.1007\/978-3-031-43240-8_17","volume-title":"Proceedings of the IFIP International Conference on Testing Software and Systems","author":"Barboni Morena","year":"2023","unstructured":"Morena Barboni, Guglielmo De Angelis, Andrea Morichetta, and Andrea Polini. 2023. CATANA: Replay testing for the ethereum blockchain. In Proceedings of the IFIP International Conference on Testing Software and Systems. Springer, 257\u2013265."},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2022.111445"},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11219-023-09637-1"},{"key":"e_1_3_2_8_2","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1109\/MOBILESoft.2017.13","volume-title":"Proceedings of the 2017 IEEE\/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)","author":"Bernaschina Carlo","year":"2017","unstructured":"Carlo Bernaschina, Roman Fedorov, Darian Frajberg, and Piero Fraternali. 2017. A framework for regression testing of outdoor mobile applications. In Proceedings of the 2017 IEEE\/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft). IEEE, 179\u2013181."},{"key":"e_1_3_2_9_2","first-page":"144","volume-title":"Proceedings of the IEEE ISSRE Workshops","author":"Bertolino Antonia","year":"2019","unstructured":"Antonia Bertolino, Guglielmo De Angelis, and Francesca Lonetti. 2019. Governing regression testing in systems of systems. In Proceedings of the IEEE ISSRE Workshops. IEEE, 144\u2013148."},{"key":"e_1_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1002\/STVR.1857"},{"key":"e_1_3_2_11_2","first-page":"252","volume-title":"Proceedings of the 2021 IEEE International Conference on Blockchain (Blockchain)","author":"Bui Van Cuong","year":"2021","unstructured":"Van Cuong Bui, Sheng Wen, Jiangshan Yu, Xin Xia, Mohammad Sayad Haghighi, and Yang Xiang. 2021. Evaluating upgradable smart contract. In Proceedings of the 2021 IEEE International Conference on Blockchain (Blockchain). IEEE, 252\u2013256."},{"issue":"37","key":"e_1_3_2_12_2","article-title":"A next-generation smart contract and decentralized application platform","volume":"3","author":"Buterin Vitalik","year":"2014","unstructured":"Vitalik Buterin. 2014. A next-generation smart contract and decentralized application platform. White Paper 3, 37 (2014), 2\u20131.","journal-title":"White Paper"},{"key":"e_1_3_2_13_2","unstructured":"Thomas Cook Alex Latham and Jae Hyung Lee. 2017. DappGuard : Active Monitoring and Defense for Solidity Smart Contracts. Retrieved 15 March 2025 from https:\/\/courses.csail.mit.edu\/6.857\/2017\/project\/23.pdf"},{"key":"e_1_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10586-024-04421-7"},{"key":"e_1_3_2_15_2","unstructured":"etherscan.io. 2024. Proxy Contract Verification Page \u2014 etherscan.io. Retrieved July 2024 from https:\/\/etherscan.io\/proxyContractChecker"},{"key":"e_1_3_2_16_2","doi-asserted-by":"crossref","first-page":"193","DOI":"10.1109\/SEC50012.2020.00033","volume-title":"Proceedings of the 2020 IEEE\/ACM Symposium on Edge Computing","author":"Fang Kaiming","year":"2020","unstructured":"Kaiming Fang and Guanhua Yan. 2020. IoTReplay: Troubleshooting COTS IoT devices with record and replay. In Proceedings of the 2020 IEEE\/ACM Symposium on Edge Computing. IEEE, 193\u2013205."},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/WETSEB.2019.00008"},{"key":"e_1_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510048"},{"key":"e_1_3_2_19_2","first-page":"138","volume-title":"Proceedings of the 2019 IEEE\/ACM 41st International Conference on Software Engineering: Companion Proceedings","author":"Gao Jianbo","year":"2019","unstructured":"Jianbo Gao. 2019. Guided, automated testing of blockchain-based decentralized applications. In Proceedings of the 2019 IEEE\/ACM 41st International Conference on Software Engineering: Companion Proceedings. IEEE\/ACM, 138\u2013140."},{"key":"e_1_3_2_20_2","first-page":"72","volume-title":"Proceedings of the 35th International Conference on Software Engineering, ICSE\u201913","author":"Gomez Lorenzo","year":"2013","unstructured":"Lorenzo Gomez, Iulian Neamtiu, Tanzirul Azim, and Todd Millstein. 2013. Reran: Timing-and touch-sensitive record and replay for android. In Proceedings of the 35th International Conference on Software Engineering, ICSE\u201913. IEEE Computer Society, San Francisco, CA, USA, 72\u201381."},{"key":"e_1_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3404366"},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2983942"},{"key":"e_1_3_2_23_2","article-title":"Truffle tests for free\u2013Replaying Ethereum smart contracts for transparency","author":"Hartel Pieter","year":"2019","unstructured":"Pieter Hartel and Mark van Staalduinen. 2019. Truffle tests for free\u2013Replaying Ethereum smart contracts for transparency. arXiv:1907.09208. Retrieved from https:\/\/arxiv.org\/abs\/1907.09208","journal-title":"arXiv:1907.09208"},{"key":"e_1_3_2_24_2","first-page":"1829","volume-title":"Proceedings of the 32nd USENIX Security Symposium, 2023","author":"III William Edward Bodell","year":"2023","unstructured":"William Edward Bodell III, Sajad Meisami, and Yue Duan. 2023. Proxy hunting: Understanding and characterizing proxy-based upgradeable smart contracts in blockchains. In Proceedings of the 32nd USENIX Security Symposium, 2023. USENIX Association, 1829\u20131846."},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1016\/J.JSS.2020.110841"},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635929"},{"key":"e_1_3_2_27_2","volume-title":"Proceedings of the Workshop on Runtime Environments, Systems, Layering and Virtualized Environments","author":"Kravets Ilia","year":"2012","unstructured":"Ilia Kravets and Dan Tsafrir. 2012. Feasibility of mutable replay for automated regression testing of security updates. In Proceedings of the Workshop on Runtime Environments, Systems, Layering and Virtualized Environments. IEEE."},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1145\/3589334.3645640"},{"key":"e_1_3_2_29_2","article-title":"Demystifying the characteristics for smart contract upgrades","author":"Liu Ye","year":"2024","unstructured":"Ye Liu, Shuo Li, Xiuheng Wu, Yi Li, Zhiyang Chen, and David Lo. 2024. Demystifying the characteristics for smart contract upgrades. arXiv:2406.05712. Retrieved from https:\/\/arxiv.org\/abs\/2406.05712","journal-title":"arXiv:2406.05712"},{"key":"e_1_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3417069"},{"key":"e_1_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978309"},{"key":"e_1_3_2_32_2","volume-title":"Foundations of Software Testing, 2\/e","author":"Mathur Aditya P.","year":"2013","unstructured":"Aditya P. Mathur. 2013. Foundations of Software Testing, 2\/e. Pearson Education India, India."},{"key":"e_1_3_2_33_2","unstructured":"OpenZeppelin. 2025. Proxies - OpenZeppelin Docs \u2014 docs.openzeppelin.com. Retrieved 15 March 2025 from https:\/\/docs.openzeppelin.com\/contracts\/5.x\/api\/proxy"},{"key":"e_1_3_2_34_2","unstructured":"OpenZeppelin. 2025. Upgrades Plugins - OpenZeppelin Docs \u2014 docs.openzeppelin.com. Retrieved 15 March 2025 from https:\/\/docs.openzeppelin.com\/upgrades-plugins\/"},{"key":"e_1_3_2_35_2","article-title":"Immutable in principle, upgradeable by design: Exploratory study of smart contract upgradeability","author":"Qasse Ilham","year":"2024","unstructured":"Ilham Qasse, Mohammad Hamdaqa, and Bj\u00f6rn \u00de\u00f3r J\u00f3nsson. 2024. Immutable in principle, upgradeable by design: Exploratory study of smart contract upgradeability. arXiv:2407.01493.Retrieved from https:\/\/arxiv.org\/abs\/2407.01493","journal-title":"arXiv:2407.01493"},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884854"},{"key":"e_1_3_2_37_2","volume-title":"Proceedings of the 31st Annual Network and Distributed System Security Symposium, NDSS","author":"Ruaro Nicola","year":"2024","unstructured":"Nicola Ruaro, Fabio Gritti, Robert McLaughlin, Ilya Grishchenko, Christopher Kruegel, and Giovanni Vigna. 2024. Not your type! Detecting storage collision vulnerabilities in ethereum smart contracts. In Proceedings of the 31st Annual Network and Distributed System Security Symposium, NDSS. The Internet Society, San Diego, California, USA. Retrieved from https:\/\/www.ndss-symposium.org\/ndss-paper\/not-your-type-detecting-storage-collision-vulnerabilities-in-ethereum-smart-contracts\/"},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-008-9102-8"},{"key":"e_1_3_2_39_2","first-page":"539","volume-title":"Proceedings of the International Conference on Financial Cryptography and Data Security","author":"Salehi Mehdi","year":"2022","unstructured":"Mehdi Salehi, Jeremy Clark, and Mohammad Mannan. 2022. Not so immutable: Upgradeability of smart contracts on ethereum. In Proceedings of the International Conference on Financial Cryptography and Data Security. Springer, Springer, 539\u2013554."},{"key":"e_1_3_2_40_2","first-page":"1410","volume-title":"Proceedings of the 2021 IEEE\/ACM 43rd International Conference on Software Engineering","author":"Wan Zhiyuan","year":"2021","unstructured":"Zhiyuan Wan, Xin Xia, David Lo, Jiachi Chen, Xiapu Luo, and Xiaohu Yang. 2021. Smart contract security: A practitioners\u2019 perspective. In Proceedings of the 2021 IEEE\/ACM 43rd International Conference on Software Engineering. IEEE, 1410\u20131422."},{"key":"e_1_3_2_41_2","first-page":"1","article-title":"Ethereum: A secure decentralised generalised transaction ledger","volume":"151","author":"Wood Gavin","year":"2014","unstructured":"Gavin Wood. 2014. Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151 (2014), 1\u201332.","journal-title":"Ethereum Project Yellow Paper"},{"key":"e_1_3_2_42_2","article-title":"EthScope: A transaction-centric security analytics framework to detect malicious smart contracts on Ethereum","author":"Wu Lei","year":"2020","unstructured":"Lei Wu, Siwei Wu, Yajin Zhou, Runhuai Li, Zhi Wang, Xiapu Luo, Cong Wang, and Kui Ren. 2020. EthScope: A transaction-centric security analytics framework to detect malicious smart contracts on Ethereum. arXiv:2005.08278. Retrieved from https:\/\/arxiv.org\/abs\/2005.08278","journal-title":"arXiv:2005.08278"},{"key":"e_1_3_2_43_2","first-page":"826","volume-title":"Proceedings of the 2020 IEEE International Conference on Software Maintenance and Evolution","author":"Wu Zhenhao","year":"2020","unstructured":"Zhenhao Wu, Jiashuo Zhang, Jianbo Gao, Yue Li, Qingshan Li, Zhi Guan, and Zhong Chen. 2020. Kaya: A testing framework for blockchain-based decentralized applications. In Proceedings of the 2020 IEEE International Conference on Software Maintenance and Evolution. IEEE, 826\u2013829."},{"key":"e_1_3_2_44_2","first-page":"2775","volume-title":"Proceedings of the 29th USENIX Security Symposium","author":"Zhang Mengya","year":"2020","unstructured":"Mengya Zhang, Xiaokuan Zhang, Yinqian Zhang, and Zhiqiang Lin. 2020. TXSPECTOR: Uncovering attacks in ethereum from transactions. In Proceedings of the 29th USENIX Security Symposium. USENIX Association, Virtual, 2775\u20132792."},{"key":"e_1_3_2_45_2","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468546"},{"key":"e_1_3_2_46_2","first-page":"23","volume-title":"Proceedings of the 2021 IEEE International Conference on Software Maintenance and Evolution","author":"Zhou Teng","year":"2021","unstructured":"Teng Zhou, Kui Liu, Li Li, Zhe Liu, Jacques Klein, and Tegawend\u00e9 F. Bissyand\u00e9. 2021. SmartGift: Learning to generate practical inputs for testing smart contracts. In Proceedings of the 2021 IEEE International Conference on Software Maintenance and Evolution. IEEE, 23\u201334."}],"container-title":["ACM Transactions on Internet Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3737699","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,18]],"date-time":"2025-08-18T13:04:30Z","timestamp":1755522270000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3737699"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,18]]},"references-count":45,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,8,31]]}},"alternative-id":["10.1145\/3737699"],"URL":"https:\/\/doi.org\/10.1145\/3737699","relation":{},"ISSN":["1533-5399","1557-6051"],"issn-type":[{"type":"print","value":"1533-5399"},{"type":"electronic","value":"1557-6051"}],"subject":[],"published":{"date-parts":[[2025,8,18]]},"assertion":[{"value":"2025-01-24","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-05-15","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-08-18","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}