Paper published in a book (Scientific congresses, symposiums and conference proceedings)
ConFuzzius: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts
Ferreira Torres, Christof; Iannillo, Antonio Ken; Gervais, Arthur et al.
2021In European Symposium on Security and Privacy, Vienna 7-11 September 2021
Peer reviewed
 

Files


Full Text
EuroS&P_21_ConFuzzius_Torres.pdf
Author preprint (545.96 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
Ethereum; smart contracts; hybrid fuzzing; data dependency analysis; genetic algorithm; symbolic execution
Abstract :
[en] Smart contracts are Turing-complete programs that are executed across a blockchain. Unlike traditional programs, once deployed, they cannot be modified. As smart contracts carry more value, they become more of an exciting target for attackers. Over the last years, they suffered from exploits costing millions of dollars due to simple programming mistakes. As a result, a variety of tools for detecting bugs have been proposed. Most of these tools rely on symbolic execution, which may yield false positives due to over-approximation. Recently, many fuzzers have been proposed to detect bugs in smart contracts. However, these tend to be more effective in finding shallow bugs and less effective in finding bugs that lie deep in the execution, therefore achieving low code coverage and many false negatives. An alternative that has proven to achieve good results in traditional programs is hybrid fuzzing, a combination of symbolic execution and fuzzing. In this work, we study hybrid fuzzing on smart contracts and present ConFuzzius, the first hybrid fuzzer for smart contracts. ConFuzzius uses evolutionary fuzzing to exercise shallow parts of a smart contract and constraint solving to generate inputs that satisfy complex conditions that prevent evolutionary fuzzing from exploring deeper parts. Moreover, ConFuzzius leverages dynamic data dependency analysis to efficiently generate sequences of transactions that are more likely to result in contract states in which bugs may be hidden. We evaluate the effectiveness of ConFuzzius by comparing it with state-of-the-art symbolic execution tools and fuzzers for smart contracts. Our evaluation on a curated dataset of 128 contracts and a dataset of 21K real-world contracts shows that our hybrid approach detects more bugs than state-of-the-art tools (up to 23%) and that it outperforms existing tools in terms of code coverage (up to 69%). We also demonstrate that data dependency analysis can boost bug detection up to 18%.
Disciplines :
Computer science
Author, co-author :
Ferreira Torres, Christof ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN
Iannillo, Antonio Ken ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN
Gervais, Arthur;  Imperial College London
State, Radu  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN
External co-authors :
yes
Language :
English
Title :
ConFuzzius: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts
Publication date :
September 2021
Event name :
6th IEEE European Symposium on Security and Privacy
Event date :
from 07-09-2021 to 11-09-2021
Main work title :
European Symposium on Security and Privacy, Vienna 7-11 September 2021
Peer reviewed :
Peer reviewed
FnR Project :
FNR13192291 - Secure Blockchain Technologies For Finance, 2018 (01/10/2018-31/03/2022) - Christof Ferreira Torres
Available on ORBilu :
since 10 April 2021

Statistics


Number of views
404 (42 by Unilu)
Number of downloads
312 (18 by Unilu)

Bibliography


Similar publications



Contact ORBilu