DogeFuzz: A Simple Yet Efficient Grey-box Fuzzer for Ethereum Smart Contracts

Springer, Springer-Verlag

A survey of attacks on ethereum smart contracts (sok)

N. Atzei, M. Bartoletti, T. Cimoli

Published: 2017

ACM

Directed greybox fuzzing

M. Böhme, V. Pham, M. Nguyen, A. Roychoudhury

Published: 2017

Association for Computing Machinery

Coverage-based greybox fuzzing as markov chain

M. Böhme, V.-T. Pham, A. Roychoudhury

Published: 2016

arXiv

Vandal: A scalable security analysis framework for smart contracts

L. Brent, A. Jurisevic, M. Kong, E. Liu, F. Gauthier, V. Gramoli, R. Holz, B. Scholz

Published: 2018

2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE)

Grey-box concolic testing on binary code

J. Choi, J. Jang, C. Han, S. K. Cha

Published: 2019

IEEE/ACM International Conference on Automated Software Engineering (ASE)

Smartian: Enhancing smart contract fuzzing with static and dynamic dataflow analyses

J. Choi, D. Kim, S. Kim, G. Grieco, A. Groce, S. K. Cha

Published: 2021

Inf. Softw. Technol.

A survey on smart contract vulnerabilities: Data sources, detection and repair

H. Chu, P. Zhang, H. Dong, Y. Xiao, S. Ji, W. Li

Published: 2023

Proceedings of the ACM/IEEE International Conference on Software Engineering (ICSE)

Empirical review of automated analysis tools on 47,587 Ethereum smart contracts

T. Durieux, J. F. Ferreira, R. Abreu, P. Cruz

Published: 2020

Association for Computing Machinery

Echidna: effective, usable, and fast fuzzing for smart contracts

G. Grieco, W. Song, A. Cygan, J. Feist, A. Groce

Published: 2020

Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS)

Learning to fuzz from symbolic execution with application to smart contracts

J. He, M. Balunovic, N. Ambroladze, P. Tsankov, M. Vechev

Published: 2019

ACM Comput. Surv.

Imitation learning: A survey of learning methods

A. Hussein, M. M. Gaber, E. Elyan, C. Jayne

Published: 2017

Information and Software Technology

Effuzz: Efficient fuzzing by directed search for smart contracts

S. Ji, J. Wu, J. Qiu, J. Dong

Published: 2023

ACM

ContractFuzzer: fuzzing smart contracts for vulnerability detection

B. Jiang, Y. Liu, W. K. Chan

Published: 2018

USENIX Association

teEther: Gnawing at ethereum to automatically exploit smart contracts

J. Krupp, C. Rossow

Published: 2018

IEEE Transactions on Reliability

Redefender: detecting reentrancy vulnerabilities in smart contracts automatically

B. Li, Z. Pan, T. Hu

Published: 2022

Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS)

Making smart contracts smarter

L. Luu, D.-H. Chu, H. Olickel, P. Saxena, A. Hobor

Published: 2016

Communications of the ACM (CACM)

An empirical study of the reliability of UNIX utilities

B. P. Miller, L. Fredriksen, B. So

Published: 1990

Proceedings of the ACM/IEEE International Conference on Software Engineering (ICSE)

sfuzz: An efficient adaptive fuzzer for solidity smart contracts

T. D. Nguyen, L. H. Pham, J. Sun, Y. Lin, Q. T. Minh

Published: 2020

On the parity wallet multisig hack

Published: 2017

Exploiting uniswap: From reentrancy to actual profit

Published: 2020

ACM

Are we there yet? unraveling the state-of-the-art smart contract fuzzers

S. Wu, Z. Li, L. Yan, W. Chen, M. Jiang, C. Wang, X. Luo, H. Zhou

Published: 2024

Association for Computing Machinery

Harvey: a greybox fuzzer for smart contracts

V. Wüstholz, M. Christakis

Published: 2020

arxiv

被引用数 1

IEEE Trans. Dependable Secur. Comput.

xFuzz: Machine Learning Guided Cross-Contract Fuzzing

Yinxing Xue, Jiaming Ye, Wei Zhang, Jun Sun, Lei Ma, Haijun Wang, Jianjun Zhao

Published: 2021.11.24

Smart contract transactions are increasingly interleaved by cross-contract calls. While many tools have been developed to identify a common set of vulnerabilities, the cross-contract vulnerability is overlooked by existing tools. Cross-contract vulnerabilities are exploitable bugs that manifest in the presence of more than two interacting contracts. Existing methods are however limited to analyze a maximum of two contracts at the same time. Detecting cross-contract vulnerabilities is highly non-trivial. With multiple interacting contracts, the search space is much larger than that of a single contract. To address this problem, we present xFuzz, a machine learning guided smart contract fuzzing framework. The machine learning models are trained with novel features (e.g., word vectors and instructions) and are used to filter likely benign program paths. Comparing with existing static tools, machine learning model is proven to be more robust, avoiding directly adopting manually-defined rules in specific tools. We compare xFuzz with three state-of-the-art tools on 7,391 contracts. xFuzz detects 18 exploitable cross-contract vulnerabilities, of which 15 vulnerabilities are exposed for the first time. Furthermore, our approach is shown to be efficient in detecting non-cross-contract vulnerabilities as well -- using less than 20% time as that of other fuzzing tools, xFuzz detects twice as many vulnerabilities.

スマートコントラクト脆弱性管理静的分析

The Fuzzing Book. CISPA Helmholtz Center for Information Security

Fuzzing: Breaking things with random inputs

A. Zeller, R. Gopinath, M. Böhme, G. Fraser, C. Holler

Published: 2024