ITYFUZZ: Snapshot-Based Fuzzer for Smart Contract

PROCEEDINGS OF THE 32ND ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON SOFTWARE TESTING AND ANALYSIS, ISSTA 2023(2023)

引用 4|浏览35
暂无评分
摘要
Smart contracts are critical financial instruments, and their security is of utmost importance. However, smart contract programs are difficult to fuzz due to the persistent blockchain state behind all transactions. Mutating sequences of transactions are complex and often lead to a suboptimal exploration for both input and program spaces. In this paper, we introduce a novel snapshot-based fuzzer ITYFUZZ for testing smart contracts. In ITYFUZZ, instead of storing sequences of transactions and mutating from them, we snapshot states and singleton transactions. To explore interesting states, ITYFUZZ introduces a dataflow waypoint mechanism to identify states with more potential momentum. ITYFUZZ also incorporates comparison waypoints to prune the space of states. By maintaining snapshots of the states, ITYFUZZ can synthesize concrete exploits like reentrancy attacks quickly. Because ITYFUZZ has second-level response time to test a smart contract, it can be used for on-chain testing, which has many benefits compared to local development testing. Finally, we evaluate ITYFUZZ on real-world smart contracts and some hacked on-chain DeFi projects. ITYFUZZ outperforms existing fuzzers in terms of instructional coverage and can find and generate realistic exploits for on-chain projects quickly.
更多
查看译文
关键词
fuzzing,on-chain testing,smart contract,blockchain,DeFi security
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络