CSAFuzzer: Fuzzing smart contracts combining with static analysis

CSAFuzzer: Fuzzing smart contracts combining with static analysis

연구 분야: Strategies

학회: Empirical Software Engineering

Smart contracts are pivotal in blockchain technology. With enviable digital assets, they have long been targeted by hackers. Unlike traditional programs, once deployed, a contract cannot be modified. Therefore, it is particularly essential to conduct vulnerability detection before deploying smart contracts. Fuzzing is a classic technique for detecting security vulnerabilities. However, existing fuzzers are currently unable to capture vulnerabilities hidden in the deep states of smart contracts. In this paper, we propose CSAFuzzer, a fuzzing framework combined with static analysis. Our approach consists of three main steps: First, we statically extract function invocation sequences before dynamically fuzzing contracts, which explore bugs in deep contract states. Secondly, we iteratively generate high-quality test cases based on high code coverage as a metric. This helps in covering more branches within a limited time, thereby increasing the possibility of discovering potential vulnerabilities. Lastly, we design more accurate test oracles to detect smart contract vulnerabilities. We tested CSAFuzzer and other vulnerability detection tools on over 15K real-world smart contracts. Experimental results demonstrate that CSAFuzzer detects more vulnerabilities compared to other state-of-the-art tools, with an average improvement of about 10% in detection accuracy. Additionally, CSAFuzzer exhibits an average code coverage higher by 6% than other tools. Notably, 14% higher than the state-of-the-art fuzzing approach.