Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
194 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Fuzz on the Beach: Fuzzing Solana Smart Contracts (2309.03006v3)

Published 6 Sep 2023 in cs.CR

Abstract: Solana has quickly emerged as a popular platform for building decentralized applications (DApps), such as marketplaces for non-fungible tokens (NFTs). A key reason for its success are Solana's low transaction fees and high performance, which is achieved in part due to its stateless programming model. Although the literature features extensive tooling support for smart contract security, current solutions are largely tailored for the Ethereum Virtual Machine. Unfortunately, the very stateless nature of Solana's execution environment introduces novel attack patterns specific to Solana requiring a rethinking for building vulnerability analysis methods. In this paper, we address this gap and propose FuzzDelSol, the first binary-only coverage-guided fuzzing architecture for Solana smart contracts. FuzzDelSol faithfully models runtime specifics such as smart contract interactions. Moreover, since source code is not available for the large majority of Solana contracts, FuzzDelSol operates on the contract's binary code. Hence, due to the lack of semantic information, we carefully extracted low-level program and state information to develop a diverse set of bug oracles covering all major bug classes in Solana. Our extensive evaluation on 6049 smart contracts shows that FuzzDelSol's bug oracles find bugs with a high precision and recall. To the best of our knowledge, this is the largest evaluation of the security landscape on the Solana mainnet.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (61)
  1. Vector 35 “Binary Ninja”, 2016 URL: https://binary.ninja/
  2. National Security Agency “Ghidra”, 2019 URL: https://ghidra-sre.org/
  3. “REDQUEEN: Fuzzing with Input-to-State Correspondence” In NDSS Symp. react-h2020.eu, 2019
  4. “Making Smart Contracts Smarter” In 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), 2021, pp. 1–3
  5. “Synthesizing program input grammars” In SIGPLAN Not. 52.6 New York, NY, USA: Association for Computing Machinery, 2017, pp. 95–110
  6. Marcel Böhme, Van-Thuan Pham and Abhik Roychoudhury “Coverage-based Greybox Fuzzing as Markov Chain” In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16 Vienna, Austria: Association for Computing Machinery, 2016, pp. 1032–1043
  7. “Directed Greybox Fuzzing” In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS ’17 Dallas, Texas, USA: Association for Computing Machinery, 2017, pp. 2329–2344
  8. Budweiser “Budverse NFT” Accessed: 2023-4-22, https://nft.budweiser.com/, 2023
  9. “Angora: Efficient Fuzzing by Principled Search” In 2018 IEEE Symposium on Security and Privacy (SP), 2018, pp. 711–725
  10. “SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing” In USENIX Security, 2022
  11. “VRust: Automated Vulnerability Detection for Solana Smart Contracts” In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022
  12. “HFContractFuzzer: Fuzzing Hyperledger Fabric Smart Contracts for Vulnerability Detection” In Evaluation and Assessment in Software Engineering, EASE 2021 Trondheim, Norway: Association for Computing Machinery, 2021, pp. 321–328
  13. “A study of android application security.” In USENIX security symposium 2.2, 2011
  14. Bo Feng, Alejandro Mera and Long Lu “P 2 IM: Scalable and hardware-independent firmware testing via automatic peripheral interface modeling” Accessed: 2023-2-7 usenix.org, https://www.usenix.org/system/files/sec20-feng.pdf, 2020
  15. “AFL++: Combining Incremental Steps of Fuzzing Research” In 14th USENIX Workshop on Offensive Technologies (WOOT 20), 2020
  16. “LibAFL: A Framework to Build Modular and Reusable Fuzzers” In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS ’22, 2022
  17. Ethereum Foundation “Ethereum” Accessed: 2023-4-12, https://ethereum.org/, 2023
  18. Solana Foundation “Solana” Accessed: 2023-4-12, https://solana.com/, 2023
  19. Solana Foundation “Solana Documentaion” Accessed: 2023-4-16, https://docs.solana.com/, 2023
  20. Solana Foundation “solana_rbpf” Accessed: 2023-4-16, https://github.com/solana-labs/rbpf, 2023
  21. Joel Frank, Cornelius Aschermann and Thorsten Holz “ETHBMC: A Bounded Model Checker for Smart Contracts” In 29th USENIX Security Symposium (USENIX Security 20) USENIX Association, 2020, pp. 2757–2774 URL: https://www.usenix.org/conference/usenixsecurity20/presentation/frank
  22. Patrice Godefroid, Adam Kiezun and Michael Y Levin “Grammar-based whitebox fuzzing” In Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’08 Tucson, AZ, USA: Association for Computing Machinery, 2008, pp. 206–215
  23. Dan Goodin “How $323M in crypto was stolen from a blockchain bridge called Wormhole” Accessed: 2023-4-12 In Ars Technica, https://arstechnica.com/information-technology/2022/02/how-323-million-in-crypto-was-stolen-from-a-blockchain-bridge-called-wormhole/, 2022
  24. “Echidna: effective, usable, and fast fuzzing for smart contracts” In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2020 Virtual Event, USA: Association for Computing Machinery, 2020, pp. 557–560
  25. Samuel Groß “Fuzzil: Coverage guided fuzzing for javascript engines” In Department of Informatics, Karlsruhe Institute of Technology saelo.github.io, 2018
  26. “Dowsing for overflows: a guided fuzzer to find buffer boundary violations” In USENIX Security Symposium, 2013, pp. 49–64
  27. Hyungseok Han, Donghyeon Oh and Sang Kil Cha “CodeAlchemist: Semantics-aware code generation to find vulnerabilities in JavaScript engines” In Proceedings 2019 Network and Distributed System Security Symposium San Diego, CA: Internet Society, 2019
  28. “Learning to Fuzz from Symbolic Execution with Application to Smart Contracts” In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS ACM, 2019 DOI: 10.1145/3319535.3363230
  29. IMMUNI SOFTWARE PTE. LTD “Immunefi Bug Bounties” Accessed: 2023-3-30 In Immunefi, https://immunefi.com/, 2020
  30. Bo Jiang, Ye Liu and W.K. Chan “ContractFuzzer: fuzzing smart contracts for vulnerability detection” In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, ASE ACM, 2018 DOI: 10.1145/3238147.3238177
  31. Lacoste “Lacoste NFT” Accessed: 2023-4-22, https://www.lacoste.com/en/undw3.html, 2023
  32. Martin Lee “Solana: Scalability through speed” Accessed: 2023-4-12, https://www.nansen.ai/research/solana-scalability-through-speed, 2022
  33. “Fuzzing: State of the Art” In IEEE Trans. Reliab. 67.3 ieeexplore.ieee.org, 2018, pp. 1199–1218
  34. “PATA: Fuzzing with Path Aware Taint Analysis” In 2022 IEEE Symposium on Security and Privacy (SP), 2022, pp. 1–17
  35. OtterSec LLC. “BN-eBPF-Solana” Accessed: 2023-8-9, 2022 URL: https://github.com/otter-sec/bn-ebpf-solana
  36. Dominik Maier, Lukas Seidel and Shinjo Park “BaseSAFE: baseband sanitized fuzzing through emulation” In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec ’20 Linz, Austria: Association for Computing Machinery, 2020, pp. 122–132
  37. Niko Matsakis “Rust RFC 1211: MIR” Accessed: 2023-8-9, https://rust-lang.github.io/rfcs/1211-mir.html, 2015
  38. “Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts” In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2019, pp. 1186–1189
  39. NBA “NBA NFT” Accessed: 2023-4-20, https://nbatopshot.com/, 2023
  40. Neodyme “Introduction - Solana Security Workshop” Accessed: 2023-4-16, https://workshop.neodyme.io/, 2021
  41. Neodyme “Solana security.txt” Accessed: 2023-8-9, https://github.com/neodyme-labs/solana-security-txt, 2022
  42. “sFuzz: an efficient adaptive fuzzer for solidity smart contracts” In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, ICSE ’20 Seoul, South Korea: Association for Computing Machinery, 2020, pp. 778–788
  43. Nike “Nike NFT” Accessed: 2023-4-22, https://www.swoosh.nike/, 2023
  44. Richard Patel “ghidra-eBPF” Accessed: 2023-8-9, 2022 URL: https://github.com/terorie/ghidra-ebpf
  45. “USBFuzz: A framework for fuzzing USB drivers by device emulation” Accessed: 2023-2-7 usenix.org, https://www.usenix.org/system/files/sec20-peng_0.pdf, 2020
  46. “VUzzer: Application-aware evolutionary fuzzing” In Proceedings 2017 Network and Distributed System Security Symposium 17 San Diego, CA: Internet Society, 2017, pp. 1–14
  47. “EF/CF: High Performance Smart Contract Fuzzing for Exploit Generation”, 2023 arXiv:2304.06341 [cs.CR]
  48. “EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts” In USENIX Security Symposium, 2021, pp. 1289–1306
  49. “Sereum: Protecting existing smart contracts against re-entrancy attacks” In Proceedings 2019 Network and Distributed System Security Symposium San Diego, CA: Internet Society, 2019
  50. “Performance analysis of ethereum transactions in private blockchain” In 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS), 2017, pp. 70–74
  51. “Fuzzware: Using precise {MMIO} modeling for effective firmware fuzzing” In 31st USENIX Security Symposium (USENIX Security 22), 2022, pp. 1239–1256
  52. “eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts” In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, CCS ’20 New York, NY, USA: Association for Computing Machinery, 2020, pp. 621–640
  53. “Nyx: Greybox hypervisor fuzzing using fast snapshots and affine types” In 30th USENIX Security Symposium (USENIX Security 21), 2021, pp. 2597–2614
  54. Christof Ferreira Torres, Julian Schütte and Radu State “Osiris: Hunting for Integer Bugs in Ethereum Smart Contracts” In Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC ’18 San Juan, PR, USA: Association for Computing Machinery, 2018, pp. 664–676
  55. “ConFuzzius: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts” In IEEE European Symposium on Security and Privacy, EuroS&P IEEE, 2021 DOI: 10.1109/EuroSP51992.2021.00018
  56. “Securify: Practical Security Analysis of Smart Contracts” In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS ’18 Toronto, Canada: Association for Computing Machinery, 2018, pp. 67–82
  57. Molly White “Mango Markets exploiter arrested despite claiming all his actions were legal” Accessed: 2023-4-12 In Web3 Is Going Just Great, https://web3isgoinggreat.com/?blockchain=solana&id=mango-markets-exploiter-arrested-despite-claiming-all-his-actions-were-legal, 2022
  58. Molly White “Oracle attack on Solend costs the project $1.26 million” Accessed: 2023-4-12 In Web3 Is Going Just Great, https://web3isgoinggreat.com/?blockchain=solana&id=oracle-attack-on-solend-costs-the-project-1-26-million, 2022
  59. “Harvey: a greybox fuzzer for smart contracts” In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2020 ACM, 2020 DOI: 10.1145/3368089.3417064
  60. “ProFuzzer: On-the-fly Input Type Probing for Better Zero-Day Vulnerability Discovery” In 2019 IEEE Symposium on Security and Privacy (SP) ieeexplore.ieee.org, 2019, pp. 769–786
  61. Michal Zalewski “American Fuzzy Lop” URL: https://lcamtuf.coredump.cx/afl/
Citations (8)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now