Precision-guided Smart Contract Fuzzing by static Analyses

Precision-guided Smart Contract Fuzzing by static Analyses

연구 분야: Strategies

학회: BDICN '25: Proceedings of the 2025 4th International Conference on Big Data, Information and Computer Network

Different from traditional software, smart contracts operate on a world state and are driven by transactions. Therefore, classic fuzzing techniques cannot easily find the critical transaction chains in the above process. Specifically, we leverage static analysis to guide the fuzzing. We build a CFG based on smart contract bytecode and perform a symbolic execution to calculate the constraint conditions of critical paths. We also do data flow analysis on transaction dependencies. The former helps optimize the fuzz testing seed generation so that the testing space can be reduced. The latter assists the fuzz testing process in generating more targeted transaction chains that can trigger deeper vulnerabilities within the smart contract. We implement our approach in an efficient open-source fuzzer, "smartfuzz", which can discover vulnerabilities in industrial smart contracts when the original source code is unavailable. We evaluate smartfuzz with Oyente, one of the most widely-used smart contract vulnerability detector tools on two data sets of 546 total contracts. Results clearly indicate that smartfuzz is much more effective than the state-of-the-art tools and it also performs much better regarding code coverage.