sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart ContractsTechnical
Smart contracts are Turing-complete programs that execute on the infrastructure of the blockchain, which often manage valuable digital assets. Solidity is one of the most popular programming languages for writing smart contracts on the Ethereum platform.Like traditional programs, smart contracts may contain vulnerabilities. Unlike traditional programs, smart contracts cannot be easily patched once they are deployed. It is thus important that smart contracts are tested thoroughly before deployment. In this work, we present an adaptive fuzzer for smart contracts on the Ethereum platform called sFuzz. Compared to existing Solidity fuzzers, sFuzz combines the strategy in the AFL fuzzer and an efficient lightweight multi-objective adaptive strategy targeting those hard-to-cover branches. sFuzz has been applied to more than 4 thousand smart contracts and the experimental results show that (1) sFuzz is efficient, e.g., two order of magnitudes faster than state-of-the-art tools; (2) sFuzz is effective in achieving high code coverage and discovering vulnerabilities; and (3) the different fuzzing strategies in sFuzz complement each other.
Sat 11 JulDisplayed time zone: (UTC) Coordinated Universal Time change
00:00 - 01:00 | |||
00:00 12mTalk | Typestate-Guided Fuzzer for Discovering Use-after-Free VulnerabilitiesTechnical Technical Papers Haijun Wang Ant Financial Services Group, China; CSSE, Shenzhen University, China, Xiaofei Xie Nanyang Technological University, Yi Li Nanyang Technological University, Cheng Wen Xidian University, Yuekang Li Nanyang Technological University, Yang Liu Nanyang Technological University, Singapore, Shengchao Qin University of Teesside, Hongxu Chen Research Associate, Yulei Sui University of Technology Sydney, Australia Link to publication DOI Pre-print | ||
00:12 12mTalk | sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart ContractsTechnical Technical Papers Tai D. Nguyen Singapore Management University, Long H. Pham Singapore University of Technology and Design, Jun Sun Singapore Management University, Yun Lin National University of Singapore, Minh Quang Tran Ho Chi Minh City University of Technology | ||
00:24 12mTalk | Planning for Untangling: Predicting the Difficulty of Merge ConflictsTechnical Technical Papers Caius Brindescu Oregon State University, Iftekhar Ahmed University of California at Irvine, USA, Rafael Leano Oregon State University, Anita Sarma Oregon State University | ||
00:36 12mTalk | Gang of Eight: A Defect Taxonomy for Infrastructure as Code ScriptsTechnical Technical Papers Akond Rahman Tennessee Tech University, Effat Farhana North Carolina State University, Chris Parnin North Carolina State University, Laurie Williams North Carolina State University Pre-print | ||
00:48 12mTalk | JVM Fuzzing for JIT-Induced Side-Channel DetectionTechnical Technical Papers Tegan Brennan University of California, Santa Barbara, Seemanta Saha University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara | ||