xFuzz: Machine learning guided cross-contract fuzzing

Author

Yinxing XUE
Jiaming YE
Wei ZHANG
Jun SUN, Singapore Management UniversityFollow
Lei MA
Haijun WANG
Jianjun ZHAO

Publication Type

Journal Article

Version

acceptedVersion

Publication Date

3-2024

Abstract

Smart contract transactions are increasingly interleaved by cross-contract calls. While many tools have been developed to identify a common set of vulnerabilities, the cross-contract vulnerability is overlooked by existing tools. Cross-contract vulnerabilities are exploitable bugs that manifest in the presence of more than two interacting contracts. Existing methods are however limited to analyze a maximum of two contracts at the same time. Detecting cross-contract vulnerabilities is highly non-trivial. With multiple interacting contracts, the search space is much larger than that of a single contract. To address this problem, we present xFuzz , a machine learning guided smart contract fuzzing framework. The machine learning models are trained with novel features (e.g., word vectors and instructions) and are used to filter likely benign program paths. Comparing with existing static tools, machine learning model is proven to be more robust, avoiding directly adopting manually-defined rules in specific tools. We compare xFuzz with three state-of-the-art tools on 7,391 contracts. xFuzz detects 18 exploitable cross-contract vulnerabilities, of which 15 vulnerabilities are exposed for the first time. Furthermore, our approach is shown to be efficient in detecting non-cross-contract vulnerabilities as well—using less than 20% time as that of other fuzzing tools, xFuzz detects twice as many vulnerabilities.

Keywords

Smart Contract, Fuzzing, Cross-contract Vulnerability, Machine Learning

Discipline

Databases and Information Systems | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Areas of Excellence

Digital transformation

Publication

IEEE Transactions on Dependable and Secure Computing

Volume

21

Issue

2

First Page

515

Last Page

529

ISSN

1545-5971

Identifier

10.1109/TDSC.2022.3182373

Publisher

Institute of Electrical and Electronics Engineers

Citation

XUE, Yinxing; YE, Jiaming; ZHANG, Wei; SUN, Jun; MA, Lei; WANG, Haijun; and ZHAO, Jianjun. xFuzz: Machine learning guided cross-contract fuzzing. (2024). IEEE Transactions on Dependable and Secure Computing. 21, (2), 515-529.
Available at: https://ink.library.smu.edu.sg/sis_research/9213

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/TDSC.2022.3182373