Harvey: A Greybox Fuzzer for Smart Contracts (1905.06944v1)

Abstract: We present Harvey, an industrial greybox fuzzer for smart contracts, which are programs managing accounts on a blockchain. Greybox fuzzing is a lightweight test-generation approach that effectively detects bugs and security vulnerabilities. However, greybox fuzzers randomly mutate program inputs to exercise new paths; this makes it challenging to cover code that is guarded by narrow checks, which are satisfied by no more than a few input values. Moreover, most real-world smart contracts transition through many different states during their lifetime, e.g., for every bid in an auction. To explore these states and thereby detect deep vulnerabilities, a greybox fuzzer would need to generate sequences of contract transactions, e.g., by creating bids from multiple users, while at the same time keeping the search space and test suite tractable. In this experience paper, we explain how Harvey alleviates both challenges with two key fuzzing techniques and distill the main lessons learned. First, Harvey extends standard greybox fuzzing with a method for predicting new inputs that are more likely to cover new paths or reveal vulnerabilities in smart contracts. Second, it fuzzes transaction sequences in a targeted and demand-driven way. We have evaluated our approach on 27 real-world contracts. Our experiments show that the underlying techniques significantly increase Harvey's effectiveness in achieving high coverage and detecting vulnerabilities, in most cases orders-of-magnitude faster; they also reveal new insights about contract code.

• The paper introduces an adaptive input prediction method that uses cost metrics to guide fuzz testing, achieving nearly 99% branch coverage.
• The paper presents demand-driven sequence fuzzing to manage interdependent transactions, significantly expanding state-space exploration in smart contracts.
• Experimental results on 27 Ethereum contracts demonstrate faster vulnerability detection and improved coverage, affirming Harvey's practical impact on security testing.

Analysis of "Harvey: A Greybox Fuzzer for Smart Contracts"

This paper presents Harvey, a greybox fuzzer specifically tailored for the analysis and testing of smart contracts. Smart contracts, executed on blockchain platforms such as Ethereum, face the dual pressures of ensuring both security and reliability. The distinctive challenges arise from their immutable nature once deployed and their potential to manage significant financial resources or sensitive data. Harvey utilizes greybox fuzzing—an approach that sits between blackbox and whitebox testing—aiming to balance performance with the effectiveness in vulnerability detection without the overhead of heavyweight program analysis.

Key Contributions

1. Adaptive Input Prediction: Harvey introduces a novel method to enhance the greybox fuzzing paradigm through adaptive input prediction. This technique leverages cost metrics that infer desirable input values likely to traverse new execution paths or expose vulnerabilities. Given the lack of constraint solving, this method facilitates efficient discovery of critical execution paths, maintaining a lightweight footprint suitable for smart contracts.
2. Demand-driven Sequence Fuzzing: Harvey addresses the complexity of testing smart contracts which often require simulating sequences of interdependent transactions. The demand-driven sequence fuzzing component significantly aids in managing the vast state space of smart contracts by intelligently generating transaction sequences that optimize for coverage and depth of testing. This capability is essential for identifying vulnerabilities that manifest over sequences of contract states.

Experimental Findings

The efficacy of Harvey was validated on 27 Ethereum based smart contracts, where its fuzzing techniques were compared against baseline configurations. The results were compelling, demonstrating significant improvements in both code coverage and speed of vulnerability detection—sometimes orders of magnitude faster than traditional methods. Specifically, the paper categorizes 74% of real-world contract bugs as necessitating multiple transactions for their discovery, underscoring the importance of Harvey’s sequence fuzzing capability.

Furthermore, the input prediction approach within Harvey shows a high accuracy, with a nearly 99% success rate in covering branch conditions through predictor-driven input changes. This finding suggests that most conditional statements within smart contracts are effectively linear, making Harvey’s prediction algorithm well-suited for broad application.

Implications and Future Directions

The impact of Harvey on smart contract security testing is multifaceted. Practically, it enhances the ability of security auditors and developers to identify and rectify vulnerabilities before deployment—which is crucial given the non-modifiable nature of contracts on the blockchain. Theoretically, it pushes forward the boundary of what is achievable with greybox fuzzing, proving that lightweight prediction methods can effectively substitute for more cumbersome symbolic execution strategies under specific conditions.

Looking ahead, Harvey could be augmented through integration with static analysis and lightweight symbolic execution to further enhance its detection capabilities. Exploring hybrid fuzzing models that leverage static insights to guide dynamic test generation, or incorporating deeper semantic analysis through symbolic techniques, could address more complex vulnerability patterns not currently within Harvey’s reach.

In conclusion, Harvey exemplifies a balanced and scalable approach to smart contract testing, harnessing the strengths of greybox fuzzing while innovatively solving domain-specific challenges. This research serves as a worthy roadmap for future advancements in the automated verification and validation of blockchain-based technologies.