FunFuzz: A Function-Oriented Fuzzer for Smart Contract Vulnerability Detection with High Effectiveness and Efficiency
Authors: 
Mingxi Ye, Yuhong Nan, 
Hong-Ning Dai, Shuo Yang, Xiapu Luo, Zibin ZhengAuthors Info & Claims
Mingxi Ye, Yuhong Nan, Hong-Ning Dai, Shuo Yang, Xiapu Luo, Zibin ZhengAuthors Info & ClaimsArticle No.: 191, Pages 1 - 20
Abstract
With the increasing popularity of Decentralized Applications (DApps) in blockchain, securing smart contracts has been a long-term, high-priority subject in the domain. Among the various research directions for vulnerability detection, fuzzing has received extensive attention because of its high effectiveness. However, with the increasing complexity of smart contracts, existing fuzzers may waste substantial time exploring locations irrelevant to smart contract vulnerabilities. In this article, we present FunFuzz, a function-oriented fuzzer, which is dedicatedly tailored for detecting smart contract vulnerability with high effectiveness and efficiency. The key observation in our research is that most smart contract vulnerabilities exist in specific functions rather than randomly distributed in all program code like other traditional software. To this end, unlike traditional fuzzers which mainly target code coverage, FunFuzz identifies risky functions while pruning non-risky ones in smart contracts. In this way, it significantly narrows down the exploration scope during the fuzzing process. In addition, FunFuzz employs three unique strategies to direct itself toward effectively discovering vulnerabilities specific to smart contracts (e.g., reentrancy, block dependency, and gasless send). Extensive experiments on 170 real-world contracts demonstrate that FunFuzz outperforms state-of-the-art fuzzers in terms of effectiveness and efficiency.
References
[1]
[n.d.]. Block Values as a Proxy for Time. Retrieved from https://swcregistry.io/docs/SWC-116
[2]
[n.d.]. Delegatecall to Untrusted Callee. Retrieved from https://swcregistry.io/docs/SWC-112
[3]
Earl T. Barr, Mark Harman, Phil McMinn, Muzammil Shahbaz, and Shin Yoo. 2014. The oracle problem in software testing: A survey. IEEE Transactions on Software Engineering 41, 5 (2014), 507–525.
[4]
Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, and Abhik Roychoudhury. 2017b. Directed greybox fuzzing. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2329–2344.
[5]
Marcel Böhme, Van-Thuan Pham, and Abhik Roychoudhury. 2017a. Coverage-based greybox fuzzing as markov chain. IEEE Transactions on Software Engineering 45, 5 (2017), 489–506.
[6]
Cristian Cadar, Daniel Dunbar, and Dawson R. Engler. 2008. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the OSDI, Vol. 8. 209–224.
[7]
Chen Chen, Baojiang Cui, Jinxin Ma, Runpu Wu, Jianchao Guo, and Wenqian Liu. 2018a. A systematic review of fuzzing techniques. Computers & Security 75, 118–137.
[8]
Hongxu Chen, Yinxing Xue, Yuekang Li, Bihuan Chen, Xiaofei Xie, Xiuheng Wu, and Yang Liu. 2018b. Hawkeye: Towards a desired directed grey-box fuzzer. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2095–2108.
[9]
Yan Chen and Cristiano Bellavitis. 2020. Blockchain disruption and decentralized finance: The rise of decentralized business models. Journal of Business Venturing Insights 13, e00151.
[10]
Jaeseung Choi, Gustavo Grieco, Doyeon Kim, Alex Groce, Soomin Kim, and Sang Kil Cha. 2021. Smartian: Enhancing smart contract fuzzing with static and dynamic data-flow analyses. In Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering. IEEE/ACM, 227–239.
[11]
DappRadar. 2022. DappRadar—The World’s Dapp Store—Blockchain Dapps Ranked. Retrieved from https://dappradar.com/
[12]
EvmCodes. 2024. An Ethereum Virtual Machine Opcodes Interactive Reference. Retrieved from https://www.evm.codes/
[13]
Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: A static analysis framework for smart contracts. In Proceedings of the IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB ’19). IEEE, 8–15.
[14]
Gustavo Grieco, Will Song, Artur Cygan, Josselin Feist, and Alex Groce. 2020. Echidna: Effective, usable, and fast fuzzing for smart contracts. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. 557–560.
[15]
Jingxuan He, Mislav Balunović, Nodar Ambroladze, Petar Tsankov, and Martin Vechev. 2019. Learning to fuzz from symbolic execution with application to smart contracts. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 531–548.
[16]
Bo Jiang, Ye Liu, and W. K. Chan. 2018. Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In Proceedings of the 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE ’18). IEEE, 259–269.
[17]
Johannes Krupp and Christian Rossow. 2018. Teether: Gnawing at ethereum to automatically exploit smart contracts. In Proceedings of the 27th USENIX Security Symposium (USENIX Security’18). 1317–1333.
[18]
Xiaoqi Li, Ting Chen, Xiapu Luo, Tao Zhang, Le Yu, and Zhou Xu. 2020. Stan: Towards describing bytecodes of smart contract. In Proceedings of the IEEE 20th International Conference on Software Quality, Reliability and Security (QRS ’20). IEEE, 273–284.
[19]
Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 254–269.
[20]
Eddington Michael. 2014. Peach Fuzzing Platform. Retrieved from https://peachtech.gitlab.io/peach-fuzzer-community/WhatIsPeach.html
[21]
Michal Zalewski. 2014. American Fuzzy Lop. Retrieved from https://lcamtuf.coredump.cx/afl/
[22]
Barton Miller, Mengxiao Zhang, and Elisa Heymann. 2020. The relevance of classic fuzz testing: Have we solved this one? IEEE Transactions on Software Engineering 48, 6 (2020), 2028–2039.
[23]
Mark New. 2002. Data Flow Testing. Advance Topics in Computer Science. Swansea University, Wales, UK.
[24]
Manh-Dung Nguyen, Sébastien Bardin, Richard Bonichon, Roland Groz, and Matthieu Lemerre. 2020a. Binary-level Directed Fuzzing for \(\{\)Use-After-Free\(\}\) Vulnerabilities. In Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID’20). 47–62.
[25]
Tai D Nguyen, Long H Pham, Jun Sun, Yun Lin, and Quang Tran Minh. 2020b. sfuzz: An efficient adaptive fuzzer for solidity smart contracts. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. 778–788.
[26]
Ivica Nikolić, Aashish Kolluri, Ilya Sergey, Prateek Saxena, and Aquinas Hobor. 2018. Finding the greedy, prodigal, and suicidal contracts at scale. In Proceedings of the 34th Annual Computer Security Applications Conference. 653–663.
[27]
Gustavo A. Oliva, Ahmed E. Hassan, and Zhen Ming (Jack) Jiang. 2020. An exploratory study of smart contracts in the ethereum blockchain platform. Empirical Software Engineering 25, 3 (May 2020), 1864–1904. DOI:
[28]
Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, and Herbert Bos. 2017. VUzzer: Application-aware evolutionary fuzzing. In Proceedings of the Network and Distributed System Security Symposium (NDSS’17), Vol. 17. 1–14.
[29]
Xavier Rival and Kwangkeun Yi. 2020. Introduction to Static Analysis: An Abstract Interpretation Perspective. Mit Press.
[30]
Hocevar Sam. 2006. Zzuf. Retrieved from https://github.com/samhocevar/zzuf
[31]
Zisis Sialveras and Nikolaos Naziridis. 2015. Introducing Choronzon: An approach at knowledge-based evolutionary fuzzing. In Proceedings of the ZeroNights.
[32]
Lingyun Situ, Linzhang Wang, Xuandong Li, Le Guan, Wenhui Zhang, and Peng Liu. 2019. Energy distribution matters in greybox fuzzing. In Proceedings of the IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion’19). IEEE, 270–271.
[33]
Mozhan Soltani, Annibale Panichella, and Arie Van Deursen. 2017. A guided genetic algorithm for automated crash reproduction. In Proceedings of the IEEE/ACM 39th International Conference on Software Engineering (ICSE’17). IEEE, 209–220.
[34]
Christof Ferreira Torres, Antonio Ken Iannillo, Arthur Gervais, and Radu State. 2021. ConFuzzius: A data dependency-aware hybrid fuzzer for smart contracts. In Proceedings of the IEEE European Symposium on Security and Privacy (EuroS & P’21). IEEE, 103–119.
[35]
Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Buenzli, and Martin Vechev. 2018. Securify: Practical security analysis of smart contracts. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 67–82.
[36]
Mingyuan Wu, Ling Jiang, Jiahong Xiang, Yanwei Huang, Heming Cui, Lingming Zhang, and Yuqun Zhang. 2022. One fuzzing strategy to rule them all. In Proceedings of the 44th International Conference on Software Engineering. 1634–1645.
[37]
Valentin Wüstholz and Maria Christakis. 2020a. Harvey: A greybox fuzzer for smart contracts. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 1398–1409.
[38]
Valentin Wüstholz and Maria Christakis. 2020b. Targeted greybox fuzzing with static lookahead analysis. In Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering (ICSE’20). IEEE, 789–800.
[39]
Yinxing Xue, Mingliang Ma, Yun Lin, Yulei Sui, Jiaming Ye, and Tianyong Peng. 2020. Cross-contract static analysis for detecting practical reentrancy vulnerabilities in smart contracts. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering. 1029–1040.
[40]
Qingzhao Zhang, Yizhuo Wang, Juanru Li, and Siqi Ma. 2020. Ethploit: From fuzzing to efficient exploit generation against smart contracts. In Proceedings of the IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER’20). IEEE, 116–126.
[41]
Peiyuan Zong, Tao Lv, Dawei Wang, Zizhuang Deng, Ruigang Liang, and Kai Chen. 2020. Fuzzguard: Filtering out unreachable inputs in directed grey-box fuzzing through deep learning. In Proceedings of the 29th USENIX Security Symposium (USENIX Security’20). 2255–2269.
Index Terms
- FunFuzz: A Function-Oriented Fuzzer for Smart Contract Vulnerability Detection with High Effectiveness and Efficiency
Recommendations
SCVHunter: Smart Contract Vulnerability Detection Based on Heterogeneous Graph Attention Network
ICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software EngineeringSmart contracts are integral to blockchain's growth, but their vulnerabilities pose a significant threat. Traditional vulnerability detection methods rely heavily on expert-defined complex rules that are labor-intensive and dificult to adapt to the ...
ContractFuzzer: fuzzing smart contracts for vulnerability detection
ASE '18: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software EngineeringDecentralized cryptocurrencies feature the use of blockchain to transfer values among peers on networks without central agency. Smart contracts are programs running on top of the blockchain consensus protocol to enable people make agreements while ...
Poster: A Privacy-Preserving Smart Contract Vulnerability Detection Framework for Permissioned Blockchain
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications SecurityThe two main types of blockchains that are currently widely deployed are public blockchains and permissioned blockchains. The research that has been conducted for blockchain vulnerability detection is mainly oriented to public blockchains. Less ...
Comments
Information & Contributors
Information
Published In
September 2024
943 pages
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 27 September 2024
Online AM: 28 June 2024
Accepted: 20 May 2024
Revised: 15 March 2024
Received: 11 June 2023
Published in TOSEM Volume 33, Issue 7
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- National Key Research and Development Program of China
- National Natural Science Foundation of China
- Hong Kong RGC
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 349Total Downloads
- Downloads (Last 12 months)349
- Downloads (Last 6 weeks)119
Reflects downloads up to 09 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in