sFuzz: An efficient adaptive fuzzer for solidity smart contracts

sFuzz: An efficient adaptive fuzzer for solidity smart contracts

Smart contracts are Turing-complete programs that execute on the infrastructure of the blockchain, which often manage valuable digital assets. Solidity is one of the most popular programming languages for writing smart contracts on the Ethereum platform. Like traditional programs, smart contracts ma...

Full description

Saved in:
Bibliographic Details
Main Authors: NGUYEN, Tai D., PHAM, Long H., SUN, Jun, LIN, Yun, TRAN, Minh Quang
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2020
Subjects:
Smart Contracts
Fuzzing
Code Vulnerabilities
Information Security
Software Engineering
Online Access:https://ink.library.smu.edu.sg/sis_research/5065
https://ink.library.smu.edu.sg/context/sis_research/article/6068/viewcontent/sFuzz_av.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-6068
record_format dspace
spelling sg-smu-ink.sis_research-60682021-01-19T03:35:58Z sFuzz: An efficient adaptive fuzzer for solidity smart contracts NGUYEN, Tai D. PHAM, Long H. SUN, Jun LIN, Yun TRAN, Minh Quang Smart contracts are Turing-complete programs that execute on the infrastructure of the blockchain, which often manage valuable digital assets. Solidity is one of the most popular programming languages for writing smart contracts on the Ethereum platform. Like traditional programs, smart contracts may contain vulnerabilities. Unlike traditional programs, smart contracts cannot be easily patched once they are deployed. It is thus important that smart contracts are tested thoroughly before deployment. In this work, we present an adaptive fuzzer for smart contracts on the Ethereum platform called sFuzz. Compared to existing Solidity fuzzers, sFuzz combines the strategy in the AFL fuzzer and an efficient lightweight multi-objective adaptive strategy targeting those hard-to-cover branches. sFuzz has been applied to more than 4 thousand smart contracts and the experimental results show that (1) sFuzz is efficient, e.g., two order of magnitudes faster than state-of-the-art tools; (2) sFuzz is effective in achieving high code coverage and discovering vulnerabilities; and (3) the different fuzzing strategies in sFuzz complement each other. 2020-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/5065 info:doi/10.1145/3377811.3380334 https://ink.library.smu.edu.sg/context/sis_research/article/6068/viewcontent/sFuzz_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Smart Contracts Fuzzing Code Vulnerabilities Information Security Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Smart Contracts
Fuzzing
Code Vulnerabilities
Information Security
Software Engineering
spellingShingle Smart Contracts
Fuzzing
Code Vulnerabilities
Information Security
Software Engineering
NGUYEN, Tai D.
PHAM, Long H.
SUN, Jun
LIN, Yun
TRAN, Minh Quang
sFuzz: An efficient adaptive fuzzer for solidity smart contracts
description Smart contracts are Turing-complete programs that execute on the infrastructure of the blockchain, which often manage valuable digital assets. Solidity is one of the most popular programming languages for writing smart contracts on the Ethereum platform. Like traditional programs, smart contracts may contain vulnerabilities. Unlike traditional programs, smart contracts cannot be easily patched once they are deployed. It is thus important that smart contracts are tested thoroughly before deployment. In this work, we present an adaptive fuzzer for smart contracts on the Ethereum platform called sFuzz. Compared to existing Solidity fuzzers, sFuzz combines the strategy in the AFL fuzzer and an efficient lightweight multi-objective adaptive strategy targeting those hard-to-cover branches. sFuzz has been applied to more than 4 thousand smart contracts and the experimental results show that (1) sFuzz is efficient, e.g., two order of magnitudes faster than state-of-the-art tools; (2) sFuzz is effective in achieving high code coverage and discovering vulnerabilities; and (3) the different fuzzing strategies in sFuzz complement each other.
format text
author NGUYEN, Tai D.
PHAM, Long H.
SUN, Jun
LIN, Yun
TRAN, Minh Quang
author_facet NGUYEN, Tai D.
PHAM, Long H.
SUN, Jun
LIN, Yun
TRAN, Minh Quang
author_sort NGUYEN, Tai D.
title sFuzz: An efficient adaptive fuzzer for solidity smart contracts
title_short sFuzz: An efficient adaptive fuzzer for solidity smart contracts
title_full sFuzz: An efficient adaptive fuzzer for solidity smart contracts
title_fullStr sFuzz: An efficient adaptive fuzzer for solidity smart contracts
title_full_unstemmed sFuzz: An efficient adaptive fuzzer for solidity smart contracts
title_sort sfuzz: an efficient adaptive fuzzer for solidity smart contracts
publisher Institutional Knowledge at Singapore Management University
publishDate 2020
url https://ink.library.smu.edu.sg/sis_research/5065
https://ink.library.smu.edu.sg/context/sis_research/article/6068/viewcontent/sFuzz_av.pdf
_version_ 1770575203686940672

Similar Items