We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
sFuzz2.0 : Storage‐access pattern guided smart contract fuzzing.
- Authors
Wang, Haoyu; Wang, Zan; Liu, Shuang; Sun, Jun; Zhao, Yingquan; Wan, Yan; Nguyen, Tai D.
- Abstract
Smart contracts are distributed self‐enforcing programs which execute on top of blockchain networks. They have the potential to revolutionize many industries and have already been adopted for applications such as distributed finance and crowdfunding. Because smart contracts are immutable once they are deployed, it is important to identify and eliminate code vulnerabilities in smart contracts systematically. In this work, we propose sFuzz2.0, a storage‐access‐pattern guided adaptive fuzzer based on sFuzz. sFuzz2.0 is motivated by the fact that certain vulnerabilities only manifest in the presence of certain function call sequences (as well as particular arguments). Given that there are exponentially many function call sequences, sFuzz randomly generates sequences without guidance. As a result, the probability of discovering those vulnerabilities is negligible. sFuzz2.0 tackles the problem with two approaches, that is, by generating function call sequences that trigger different storage‐access patterns passively (i.e., by prioritizing seeds which cover new patterns) or actively (i.e., by actively seeking out different patterns). The experiment results suggest that the passive strategy outperforms sFuzz by achieving better code coverage (i.e., 37.53%) and discovering more vulnerabilities (i.e., 20.49%).
- Subjects
GENERATING functions; CONTRACTS; BLOCKCHAINS
- Publication
Journal of Software: Evolution & Process, 2024, Vol 36, Issue 4, p1
- ISSN
2047-7473
- Publication type
Article
- DOI
10.1002/smr.2557