2020
DOI: 10.1109/access.2020.2995183
|View full text |Cite
|
Sign up to set email alerts
|

GasFuzzer: Fuzzing Ethereum Smart Contract Binaries to Expose Gas-Oriented Exception Security Vulnerabilities

Abstract: Ethereum is a kind of blockchain platform where developers may develop and run programs called smart contracts. It inherently relies on gas consumption within a specified allowance to constrain code execution, making every instruction along an execution path to be a location for raising an exception. In this paper, we present GasFuzzer, the first work in exploring the effects of gas allowance manipulation to expose gas-oriented exception security vulnerabilities. GasFuzzer consists of two phases. The first pha… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
14
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
4
3
2

Relationship

0
9

Authors

Journals

citations
Cited by 39 publications
(14 citation statements)
references
References 14 publications
0
14
0
Order By: Relevance
“…SPL -V8 (Gasless 'send') [26]: Gas is required in Ethereum smart contract as an execution fee. When ethers are transferred to a smart contract via send and if the fallback function in the Calle contract has the maximum gas limit [80] of twenty-three hundred units, then an out-of-gas exception can be thrown. If this exception is not handled properly, then malicious users can take benefit from this vulnerability by keeping non-transferred ethers wrongfully even though it was assumed to give them away.…”
Section: Ethereum Smart Contract Vulnerabilities and Preventive Methodsmentioning
confidence: 99%
“…SPL -V8 (Gasless 'send') [26]: Gas is required in Ethereum smart contract as an execution fee. When ethers are transferred to a smart contract via send and if the fallback function in the Calle contract has the maximum gas limit [80] of twenty-three hundred units, then an out-of-gas exception can be thrown. If this exception is not handled properly, then malicious users can take benefit from this vulnerability by keeping non-transferred ethers wrongfully even though it was assumed to give them away.…”
Section: Ethereum Smart Contract Vulnerabilities and Preventive Methodsmentioning
confidence: 99%
“…Vulnerabilities in smart contracts are further critical since they are immutable once deployed. To improve the robustness of smart contract programs, various testing approaches [25], [29], [30], [31], [33]. have been proposed in the literature for detecting the vulnerabilities in smart contracts.…”
Section: Related Workmentioning
confidence: 99%
“…In the literature, the generation of test inputs for smart contracts mainly relies on fuzzing and mutation [27], [28], [25], [29], [30], [31], [32], [33]. For example, Jiang et al [34] proposed to build seed inputs with the valid input domain and the inputs frequently used by some data types in smart contracts, to further fuzz inputs for testing ABI of smart contracts.…”
Section: Introductionmentioning
confidence: 99%
“…Fuzzing is a powerful automatic testing tool to detect software vulnerabilities. After decades of development, fuzzing has been widely used as a base in several security testing domains, such as the OS kernel [12,36], servers [33], and the blockchain [3].…”
Section: Background 21 Fuzz Testingmentioning
confidence: 99%