Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
102 tokens/sec
GPT-4o
59 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
50 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection (1807.03932v2)

Published 11 Jul 2018 in cs.SE and cs.CR

Abstract: Decentralized cryptocurrencies feature the use of blockchain to transfer values among peers on networks without central agency. Smart contracts are programs running on top of the blockchain consensus protocol to enable people make agreements while minimizing trusts. Millions of smart contracts have been deployed in various decentralized applications. The security vulnerabilities within those smart contracts pose significant threats to their applications. Indeed, many critical security vulnerabilities within smart contracts on Ethereum platform have caused huge financial losses to their users. In this work, we present ContractFuzzer, a novel fuzzer to test Ethereum smart contracts for security vulnerabilities. ContractFuzzer generates fuzzing inputs based on the ABI specifications of smart contracts, defines test oracles to detect security vulnerabilities, instruments the EVM to log smart contracts runtime behaviors, and analyzes these logs to report security vulnerabilities. Our fuzzing of 6991 smart contracts has flagged more than 459 vulnerabilities with high precision. In particular, our fuzzing tool successfully detects the vulnerability of the DAO contract that leads to USD 60 million loss and the vulnerabilities of Parity Wallet that have led to the loss of $30 million and the freezing of USD 150 million worth of Ether.

View on arXiv
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (3)
  1. Bo Jiang (235 papers)
  2. Ye Liu (153 papers)
  3. W. K. Chan (9 papers)
Citations (622)
View on Semantic Scholar

Summary

ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection

The paper "ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection" presents an examination of security vulnerabilities in Ethereum smart contracts through the implementation of a fuzzing framework named ContractFuzzer. This framework operates by analyzing the Application Binary Interface (ABI) of smart contracts to generate inputs aimed at triggering potential vulnerabilities.

Motivation and Background

Smart contracts on platforms like Ethereum have become increasingly prevalent, offering decentralized solutions across various applications. However, their popularity also exposes them to significant security vulnerabilities, threatening financial and functional integrity. The DAO and Parity Wallet incidents exemplify such vulnerabilities, resulting in substantial financial losses.

Traditional methods of vulnerability detection, including symbolic execution and static analysis, often suffer from false positives and path explosion issues. Thus, a more precise and scalable approach is required to adequately address the inherent security risks.

Methodology

ContractFuzzer introduces a novel approach to identifying vulnerabilities by automatically generating and executing fuzzing inputs according to smart contract ABI specifications:

  • Input Generation: Inputs are generated to conform to the invocation grammar defined by the contract’s ABI. For contracts requiring interaction with other contracts, ContractFuzzer uses a unique indexing strategy based on function selectors.
  • Fuzzing and Monitoring: The framework instruments the Ethereum Virtual Machine (EVM) to execute the generated inputs and logs the runtime behaviors for vulnerability analysis. By defining specific test oracles, ContractFuzzer can pinpoint potential security issues effectively.
  • Test Oracles: These oracles detect vulnerabilities such as Gasless Send, Exception Disorder, Reentrancy, Timestamp Dependency, among others. Specific conditions and runtime data are used to trigger alarms when vulnerabilities are detected.

Experimental Results

ContractFuzzer was evaluated on 6991 real-world smart contracts, successfully identifying over 459 vulnerabilities with high precision. The findings include critical vulnerabilities similar to those exploited in notable past incidents, such as the DAO and Parity Wallet exploits.

Key Insights and Comparisons

  • Precision and Efficiency: ContractFuzzer demonstrated higher precision compared to existing tools like Oyente, particularly reducing false positives in Reentrancy and Timestamp Dependency vulnerabilities.
  • Enhanced Detection: Unlike many existing static and symbolic analysis tools, ContractFuzzer provides runtime analysis, capturing a wider array of vulnerabilities by executing the contracts in various states and scenarios.

Implications and Future Work

The introduction of ContractFuzzer marks a significant step toward improving the security landscape of smart contracts. Its precise execution-based approach addresses several limitations of existing tools. Future advancements could involve expanding coverage to include transaction-ordering dependency and other blockchain-specific vulnerabilities. Additionally, adapting this methodology to other blockchain platforms could enhance its applicability and relevance.

In conclusion, ContractFuzzer provides an important tool for enhancing the security of smart contracts, offering a scalable, precise, and practical solution to a growing problem in the blockchain technology domain.

File Document Download Save Streamline Icon: https://streamlinehq.com PDF File Document Download Save Streamline Icon: https://streamlinehq.com Markdown