EF/CF: High Performance Smart Contract Fuzzing for Exploit Generation

by   Michael Rodler, et al.

Smart contracts are increasingly being used to manage large numbers of high-value cryptocurrency accounts. There is a strong demand for automated, efficient, and comprehensive methods to detect security vulnerabilities in a given contract. While the literature features a plethora of analysis methods for smart contracts, the existing proposals do not address the increasing complexity of contracts. Existing analysis tools suffer from false alarms and missed bugs in today's smart contracts that are increasingly defined by complexity and interdependencies. To scale accurate analysis to modern smart contracts, we introduce EF/CF, a high-performance fuzzer for Ethereum smart contracts. In contrast to previous work, EF/CF efficiently and accurately models complex smart contract interactions, such as reentrancy and cross-contract interactions, at a very high fuzzing throughput rate. To achieve this, EF/CF transpiles smart contract bytecode into native C++ code, thereby enabling the reuse of existing, optimized fuzzing toolchains. Furthermore, EF/CF increases fuzzing efficiency by employing a structure-aware mutation engine for smart contract transaction sequences and using a contract's ABI to generate valid transaction inputs. In a comprehensive evaluation, we show that EF/CF scales better – without compromising accuracy – to complex contracts compared to state-of-the-art approaches, including other fuzzers, symbolic/concolic execution, and hybrid approaches. Moreover, we show that EF/CF can automatically generate transaction sequences that exploit reentrancy bugs to steal Ether.


page 1

page 2

page 3

page 4


DEFECTCHECKER: Automated Smart Contract Defect Detection by Analyzing EVM Bytecode

Smart contracts are Turing-complete programs running on the blockchain. ...

Fuzz on the Beach: Fuzzing Solana Smart Contracts

Solana has quickly emerged as a popular platform for building decentrali...

Towards Automated Security Analysis of Smart Contracts based on Execution Property Graph

Identifying and mitigating vulnerabilities in smart contracts is crucial...

MPro: Combining Static and Symbolic Analysis for Scalable Testing of Smart Contract

Smart contracts are executable programs that enable the building of a pr...

A Data Science Approach for Honeypot Detection in Ethereum

Ethereum smart contracts have recently drawn a considerable amount of at...

Cryptocurrency Smart Contracts for Distributed Consensus of Public Randomness

Most modern electronic devices can produce a random number. However, it ...

Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts

We introduce the Clockwork Finance Framework (CFF), a general purpose, f...

Please sign up or login with your details

Forgot password? Click here to reset