Grey-box Fuzzing Based on Execution Feedback for EOSIO Smart Contracts

【Author】 Li, Wenyin; Wang, Meng; Yu, Bin; Shi, Yuhang; Fu, Mingxin; Shao, You

【Source】2022 29TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE, APSEC

【影响因子】

【Abstract】As one of the representative Delegated Proof-of-Stake (DPoS) blockchain platforms, EOSIO blockchain platform is developing rapidly in recent years due to its excellent features, such as the scalability of transaction speed and support for smart contracts and decentralized applications. However, vulnerabilities in EOSIO smart contracts have caused serious economic losses and moreover vulnerability detection tools for EOSIO contracts are limited. To overcome the above shortcomings, we implement a grey-box fuzzer called GFuzzer based on WebAssembly for smart contracts on the EOSIO platform considering that EOSIO contracts are not open-sourced. In order to generate more test cases for branches that are difficult to cover, GFuzzer selects test cases with the minimum distance to explore uncovered branches for mutation. We evaluate GFuzzer on 3963 real-world smart contracts and the experimental results show that GFuzzer can detect more vulnerabilities in EOSIO contracts than the existing tools EOSFuzzer and EVulHunter, and is efficient in achieving high branch coverage during vulnerability detection.

【Keywords】Smart contract; Wasm; Fuzzing; Vulnerability detection

【发表时间】2022

【收录时间】2023-07-04

【文献类型】

【主题类别】

--