Publication Type
Conference Proceeding Article
Version
acceptedVersion
Publication Date
11-2020
Abstract
Smart contracts are Turing-complete programs that execute on the infrastructure of the blockchain, which often manage valuable digital assets. Solidity is one of the most popular programming languages for writing smart contracts on the Ethereum platform. Like traditional programs, smart contracts may contain vulnerabilities. Unlike traditional programs, smart contracts cannot be easily patched once they are deployed. It is thus important that smart contracts are tested thoroughly before deployment. In this work, we present an adaptive fuzzer for smart contracts on the Ethereum platform called sFuzz. Compared to existing Solidity fuzzers, sFuzz combines the strategy in the AFL fuzzer and an efficient lightweight multi-objective adaptive strategy targeting those hard-to-cover branches. sFuzz has been applied to more than 4 thousand smart contracts and the experimental results show that (1) sFuzz is efficient, e.g., two order of magnitudes faster than state-of-the-art tools; (2) sFuzz is effective in achieving high code coverage and discovering vulnerabilities; and (3) the different fuzzing strategies in sFuzz complement each other.
Keywords
Smart Contracts, Fuzzing, Code Vulnerabilities
Discipline
Information Security | Software Engineering
Research Areas
Software and Cyber-Physical Systems
Publication
ISCE '20: Proceedings of the 42nd International Conference on Software Engineering, Seoul, South Korea, October 5-11
First Page
778
Last Page
788
ISBN
9781450371216
Identifier
10.1145/3377811.3380334
Publisher
ACM
City or Country
New York
Citation
NGUYEN, Tai D.; PHAM, Long H.; SUN, Jun; LIN, Yun; and TRAN, Minh Quang.
sFuzz: An efficient adaptive fuzzer for solidity smart contracts. (2020). ISCE '20: Proceedings of the 42nd International Conference on Software Engineering, Seoul, South Korea, October 5-11. 778-788.
Available at: https://ink.library.smu.edu.sg/sis_research/5065
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1145/3377811.3380334