ConFuzzius: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts

Torres, Christof Ferreira; Iannillo, Antonio Ken; Gervais, Arthur; State, Radu

doi:10.1109/eurosp51992.2021.00018

Cited by 74 publications

(62 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We compare TxT with 13 state-of-the-art defenses based on their self-reported coverage disclosure. Tool Oyente [7] Securify [21] Mythril [24] Sereum [11] Vandal [25] sGuard [42] ZEUS [6] ConFuzzius [8] VeriSmart [43] SmarTest [27] Osiris [44] ECFChecker [45] Maian [28] TxT (this work) -full support; -partial support; -no support; -explicit detection of vulnerability. † https://swcregistry.io/.…”

Section: B Vulnerability Coverage By Txtmentioning

confidence: 99%

“…Following the common vulnerabilities and exposures (CVE) database, the smart contract weakness classification and test cases (SWC) registry [3] identifies 37 classes of known smart contract vulnerabilities (as of January 2022). To counter the security threats, different types of defense tools have been developed, including syntactic analyzers [4], [5], security scanners based on symbolic execution [6], [7], fuzzing tools [8], [9], transaction analyzers [10], [11], security libraries [12], [13], formal defense methods [14], [15], and various hybrid analysis approaches [16], [17]. In this work, we scrutinize 106 existing smart contract security defense solutions, and find that each of them only addresses very few classes of known vulnerabilities.…”

mentioning

confidence: 99%

“…Generally, all the existing smart contract defense methods have two design choices: 1) heuristic versus deterministic; and 2) detection versus verification (see Table I). Heuristic approaches use the best-effort judgement applied to all cases (e.g., Confuzzius [8], sFuzz [18], Harvey [19]), while deterministic designs guarantee the correctness at the expense of rejecting a small number of cases (such as KEVM [20], SeRIF [14], and eThor [5]). Detection tools identify known vulnerabilities (e.g., Oyente [7], Securify [21]), while verification tools aim at confirming various safety properties (examples are VerX [22] and ZEUS [6]).…”

mentioning

confidence: 99%

See 2 more Smart Citations

TxT: Real-time Transaction Encapsulation for Ethereum Smart Contracts

Ivanov,

Yan,

Kompalli

2023

Preprint

View full text Add to dashboard Cite

Section: B Vulnerability Coverage By Txtmentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

TxT: Real-time Transaction Encapsulation for Ethereum Smart Contracts

Ivanov,

Yan,

Kompalli

2023

Preprint

View full text Add to dashboard Cite

“…They usually use static analysis approaches, such as symbolic execution, to uncover vulnerabilities and bugs in smart contracts. Some other works [15], [38], [40], [41], [43], [44], [53], [57], [72], [84] make use of fuzzing techniques to discover bugs in smart contracts. In contrast, our work analyzes private transactions to understand their mechanisms, incentives, and security risks.…”

Section: Bug Detection On Smart Contractsmentioning

confidence: 99%

“…However, private transactions have not attracted much attention from the research community. There are several works that have analyzed the Ethereum blockchain and DeFi platforms, but they mainly focus on 1) detecting bugs from smart contracts [37], [46], [47], [55], [58], [72], [73], [76], 2) measuring Ethereum networks and transactions [4], [14], [49], [52], [67], [86], [88], and 3) analyzing transactions to uncover attacks [63], [66], [83], [87].…”

Section: Introductionmentioning

confidence: 99%

An Empirical Study on Ethereum Private Transactions and the Security Implications

Lyu¹,

Zhang²,

Zhang³

et al. 2022

Preprint

View full text Add to dashboard Cite

Recently, Decentralized Finance (DeFi) platforms on Ethereum are booming, and numerous traders are trying to capitalize on the opportunity for maximizing their benefits by launching front-running attacks and extracting Miner Extractable Values (MEVs) based on information in the public mempool. To protect end users from being harmed and hide transactions from the mempool, private transactions, a special type of transactions that are sent directly to miners, were invented. Private transactions have a high probability of being packed to the front positions of a block and being added to the blockchain by the target miner, without going through the public mempool, thus reducing the risk of being attacked by malicious entities.Despite the good intention of inventing private transactions, due to their stealthy nature, private transactions have also been used by attackers to launch attacks, which has a negative impact on the Ethereum ecosystem. However, existing works only touch upon private transactions as by-products when studying MEV, while a systematic study on private transactions is still missing. To fill this gap and paint a complete picture of private transactions, we take the first step towards investigating the private transactions on Ethereum. In particular, we collect largescale private transaction datasets and perform analysis on their characteristics, transaction costs and miner profits, as well as security impacts. This work provides deep insights on different aspects of private transactions.

show abstract

sFuzz2.0: Storage‐access pattern guided smart contract fuzzing

Wang

Liu

et al. 2023

J Software Evolu Process

View full text Add to dashboard Cite

Smart contracts are distributed self‐enforcing programs which execute on top of blockchain networks. They have the potential to revolutionize many industries and have already been adopted for applications such as distributed finance and crowdfunding. Because smart contracts are immutable once they are deployed, it is important to identify and eliminate code vulnerabilities in smart contracts systematically. In this work, we propose sFuzz2.0, a storage‐access‐pattern guided adaptive fuzzer based on sFuzz. sFuzz2.0 is motivated by the fact that certain vulnerabilities only manifest in the presence of certain function call sequences (as well as particular arguments). Given that there are exponentially many function call sequences, sFuzz randomly generates sequences without guidance. As a result, the probability of discovering those vulnerabilities is negligible. sFuzz2.0 tackles the problem with two approaches, that is, by generating function call sequences that trigger different storage‐access patterns passively (i.e., by prioritizing seeds which cover new patterns) or actively (i.e., by actively seeking out different patterns). The experiment results suggest that the passive strategy outperforms sFuzz by achieving better code coverage (i.e., 37.53%) and discovering more vulnerabilities (i.e., 20.49%).

show abstract

ConFuzzius: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts

Cited by 74 publications

References 28 publications

TxT: Real-time Transaction Encapsulation for Ethereum Smart Contracts

TxT: Real-time Transaction Encapsulation for Ethereum Smart Contracts

An Empirical Study on Ethereum Private Transactions and the Security Implications

sFuzz2.0: Storage‐access pattern guided smart contract fuzzing

Contact Info

Product

Resources

About