ItyFuzz: Snapshot-Based Fuzzer for Smart Contract
- URL: http://arxiv.org/abs/2306.17135v1
- Date: Thu, 29 Jun 2023 17:36:08 GMT
- Title: ItyFuzz: Snapshot-Based Fuzzer for Smart Contract
- Authors: Chaofan Shou, Shangyin Tan, Koushik Sen
- Abstract summary: We introduce a novel snapshot-based fuzzer ItyFuzz for testing smart contracts.
In ItyFuzz, instead of storing sequences of transactions and mutating from them, we snapshot states and singleton transactions.
ItyFuzz outperforms existing fuzzers in terms of instructional coverage and can find and generate realistic exploits for on-chain projects quickly.
- Score: 5.43042231820643
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Smart contracts are critical financial instruments, and their security is of
utmost importance. However, smart contract programs are difficult to fuzz due
to the persistent blockchain state behind all transactions. Mutating sequences
of transactions are complex and often lead to a suboptimal exploration for both
input and program spaces. In this paper, we introduce a novel snapshot-based
fuzzer ItyFuzz for testing smart contracts. In ItyFuzz, instead of storing
sequences of transactions and mutating from them, we snapshot states and
singleton transactions. To explore interesting states, ItyFuzz introduces a
dataflow waypoint mechanism to identify states with more potential momentum.
ItyFuzz also incorporates comparison waypoints to prune the space of states. By
maintaining snapshots of the states, ItyFuzz can synthesize concrete exploits
like reentrancy attacks quickly. Because ItyFuzz has second-level response time
to test a smart contract, it can be used for on-chain testing, which has many
benefits compared to local development testing. Finally, we evaluate ItyFuzz on
real-world smart contracts and some hacked on-chain DeFi projects. ItyFuzz
outperforms existing fuzzers in terms of instructional coverage and can find
and generate realistic exploits for on-chain projects quickly.
Related papers
- Versioned Analysis of Software Quality Indicators and Self-admitted Technical Debt in Ethereum Smart Contracts with Ethstractor [2.052808596154225]
This paper proposes Ethstractor, the first smart contract collection tool for gathering a dataset of versioned smart contracts.
The collected dataset is then used to evaluate the reliability of code metrics as indicators of vulnerabilities in smart contracts.
arXiv Detail & Related papers (2024-07-22T18:27:29Z) - Effective Targeted Testing of Smart Contracts [0.0]
Since smart contracts are immutable, their bugs cannot be fixed, which may lead to significant monetary losses.
Our framework, Griffin, tackles this deficiency by employing a targeted symbolic execution technique for generating test data.
This paper discusses how smart contracts differ from legacy software in targeted symbolic execution and how these differences can affect the tool structure.
arXiv Detail & Related papers (2024-07-05T04:38:11Z) - Vulnerabilities of smart contracts and mitigation schemes: A Comprehensive Survey [0.6554326244334866]
This paper presents a literature review combined with an experimental report that aims to assist developers in developing secure smarts.
It provides a list of frequent vulnerabilities and corresponding mitigation solutions.
It evaluates the community most widely used tools by executing and testing them on sample smart contracts.
arXiv Detail & Related papers (2024-03-28T19:36:53Z) - Specification Mining for Smart Contracts with Trace Slicing and Predicate Abstraction [10.723903783651537]
We propose a specification mining approach to infer contract specifications from past transactionhistories.
Our approach derives high-level behavioral automata of function invocations, accompanied byprogram invariants statistically inferred from the transaction histories.
arXiv Detail & Related papers (2024-03-20T03:39:51Z) - Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study [44.25093111430751]
In 2023 alone, such vulnerabilities led to substantial financial losses exceeding a billion of US dollars.
Various tools have been developed to detect and mitigate vulnerabilities in smart contracts.
This study investigates the gap between the effectiveness of existing security scanners and the vulnerabilities that still persist in practice.
arXiv Detail & Related papers (2023-12-27T11:26:26Z) - MuFuzz: Sequence-Aware Mutation and Seed Mask Guidance for Blockchain Smart Contract Fuzzing [19.606053533275958]
We develop a sequence-aware mutation and seed mask guidance strategy for smart contract fuzzing.
We implement our designs into a new smart contract fuzzer named MuFuzz, and extensively evaluate it on three benchmarks.
Overall, MuFuzz achieves higher branch coverage than state-of-the-art fuzzers (up to 25%) and detects 30% more bugs than existing bug detectors.
arXiv Detail & Related papers (2023-12-07T18:32:19Z) - Formally Verifying a Real World Smart Contract [52.30656867727018]
We search for a tool capable of formally verifying a real-world smart contract written in a recent version of Solidity.
In this article, we present our search for a tool capable of formally verifying a real-world smart contract written in a recent version of Solidity.
arXiv Detail & Related papers (2023-07-05T14:30:21Z) - Smart Contract Vulnerability Detection: From Pure Neural Network to
Interpretable Graph Feature and Expert Pattern Fusion [48.744359070088166]
Conventional smart contract vulnerability detection methods heavily rely on fixed expert rules.
Recent deep learning approaches alleviate this issue but fail to encode useful expert knowledge.
We develop automatic tools to extract expert patterns from the source code.
We then cast the code into a semantic graph to extract deep graph features.
arXiv Detail & Related papers (2021-06-17T07:12:13Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z) - Acting in Delayed Environments with Non-Stationary Markov Policies [57.52103323209643]
We introduce a framework for learning and planning in MDPs where the decision-maker commits actions that are executed with a delay of $m$ steps.
We prove that with execution delay, deterministic Markov policies in the original state-space are sufficient for attaining maximal reward, but need to be non-stationary.
We devise a non-stationary Q-learning style model-based algorithm that solves delayed execution tasks without resorting to state-augmentation.
arXiv Detail & Related papers (2021-01-28T13:35:37Z) - DeFuzz: Deep Learning Guided Directed Fuzzing [41.61500799890691]
We propose a deep learning (DL) guided directed fuzzing for software vulnerability detection, named DeFuzz.
DeFuzz includes two main schemes: (1) we employ a pre-trained DL prediction model to identify the potentially vulnerable functions and the locations (i.e., vulnerable addresses)
Precisely, we employ Bidirectional-LSTM (BiLSTM) to identify attention words, and the vulnerabilities are associated with these attention words in functions.
arXiv Detail & Related papers (2020-10-23T03:44:03Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.