Log In Sign Up

ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection

by   Bo Jiang, et al.

Decentralized cryptocurrencies feature the use of blockchain technology to transfer value among peers on the network without central agency. Smart contracts are programs running on top of the blockchain consensus protocol to enable people make agreement via blockchain while minimizing trust. While millions of smart contracts exists to help build decentralized applications, the security vulnerabilities within the smart contracts pose big threat to their applications. Indeed, many critical security vulnerabilities within smart contracts on Ethereum platform have caused huge financial loss to its users. In this work, we build a fuzzing framework to test Ethereum smart contracts for security vulnerabilities. We propose test oracles for detecting security vulnerabilities, generate fuzzing input based on the ABI specifications of the smart contracts, instrument the EVM to collect executions logs characterizing smart contracts runtime behavior and analyze the logs to report vulnerabilities. Our fuzzing on 6991 smart contracts has flagged more than 459 vulnerabilities with high precision. In particular, our fuzzing tool can detect the vulnerability of the DAO contract that leads to 60 million US loss and the vulnerabilities of Parity Wallet that has lead to the loss of 30 million USD and the freezing of 150 million USD worth of Ether.


page 1

page 2

page 3

page 4


Reentrancy Vulnerability Identification in Ethereum Smart Contracts

Ethereum Smart contracts use blockchain to transfer values among peers o...

SmartScan: An approach to detect Denial of Service Vulnerability in Ethereum Smart Contracts

Blockchain technology (BT) Ethereum Smart Contracts allows programmable ...

Security Analysis of EOSIO Smart Contracts

The EOSIO blockchain, one of the representative Delegated Proof-of-Stake...

AGSolT: a Tool for Automated Test-Case Generation for Solidity Smart Contracts

Blockchain and smart contract technology are novel approaches to data an...

Empirical Vulnerability Analysis of Automated Smart Contracts Security Testing on Blockchains

The emerging blockchain technology supports decentralized computing para...

ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning

Ethereum smart contracts are automated decentralized applications on the...