Harvey: a greybox fuzzer for smart contracts

Wüstholz, Valentin; Christakis, Maria

doi:10.1145/3368089.3417064

Cited by 114 publications

(57 citation statements)

References 77 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A more automated form of testing is fuzzing [149], which generates unexpected, undefined, random, or invalid inputs to trigger a crash or reveal defects and vulnerabilities. Fuzzers, like ContractFuzzer [150], Echidna, 16 and Harvey [151] can be used for automated smart contract testing as well. Another technique of dynamic analysis is symbolic execution [152], where a program is executed with symbolic values (i.e., logical expressions) that make it possible to explore all reachable paths of a program.…”

Section: ) Security Threats and Countermeasuresmentioning

confidence: 99%

The Security Reference Architecture for Blockchains: Toward a Standardized Model for Studying Vulnerabilities, Threats, and Defenses

Homoliak

Venugopalan

Reijsbergen

et al. 2021

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

Blockchains are distributed systems, in which security is a critical factor for their success. However, despite their increasing popularity and adoption, there is a lack of standardized models that study blockchain-related security threats. To fill this gap, the main focus of our work is to systematize and extend the knowledge about the security and privacy aspects of blockchains and contribute to the standardization of this domain.We propose the security reference architecture (SRA) for blockchains, which adopts a stacked model (similar to the ISO/OSI) describing the nature and hierarchy of various security and privacy aspects. The SRA contains four layers: (1) the network layer, (2) the consensus layer, (3) the replicated state machine layer, and (4) the application layer. At each of these layers, we identify known security threats, their origin, and countermeasures, while we also analyze several cross-layer dependencies. Next, to enable better reasoning about security aspects of blockchains by the practitioners, we propose a blockchain-specific version of the threat-risk assessment standard ISO/IEC 15408 by embedding the stacked model into this standard. Finally, we provide designers of blockchain platforms and applications with a design methodology following the model of SRA and its hierarchy.

show abstract

Section: ) Security Threats and Countermeasuresmentioning

confidence: 99%

The Security Reference Architecture for Blockchains: Toward a Standardized Model for Studying Vulnerabilities, Threats, and Defenses

Homoliak

Venugopalan

Reijsbergen

et al. 2021

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

show abstract

“…We further closely look at the test cases provided in smart contract projects. We select a benchmark dataset, built by Wustholz et al [27] for testing smart contracts, which includes 17 projects that are popular projects carefully picked from the Ethereum community and Github. Six of them do not contain any test cases, the remaining 11 projects shown in Table II (1) All of these 11 projects have tests with manually-specified inputs.…”

Section: A Smart Contractmentioning

confidence: 99%

“…In the literature, the generation of test inputs for smart contracts mainly relies on fuzzing and mutation [27], [28], [25], [29], [30], [31], [32], [33]. For example, Jiang et al [34] proposed to build seed inputs with the valid input domain and the inputs frequently used by some data types in smart contracts, to further fuzz inputs for testing ABI of smart contracts.…”

Section: Introductionmentioning

confidence: 99%

SmartGift: Learning to Generate Practical Inputs for Testing Smart Contracts

Zhou

Liu

et al. 2021

2021 IEEE International Conference on Software Maintenance and Evolution (ICSME)

View full text Add to dashboard Cite

“…Existing smart contract fuzzers such as HARVEY [50] instrument the code and compute cost metrics for every branch to mutate the inputs. Our approach applies constraint solving to generate values for complex conditions on-demand.…”

Section: B Input Generationmentioning

confidence: 99%

“…ECHIDNA requires user-defined predicates in the form of Solidity assertions and does not automatically check for vulnerabilities. HARVEY [50] predicts new inputs based on instructiongranularity cost metrics. In contrast, CONFUZZIUS exploits lightweight symbolic execution when the population fitness does not increase (see Section IV-D).…”

Section: Related Workmentioning

confidence: 99%

CONFUZZIUS: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts

Torres¹,

Iannillo²,

Gervais³

et al. 2021

Preprint

View full text Add to dashboard Cite

<div> <div> <p>Smart contracts are Turing-complete programs that are executed across a blockchain. Unlike traditional programs, once deployed, they cannot be modified. As smart contracts carry more value, they become more of an exciting target for attackers. Over the last years, they suffered from exploits costing millions of dollars due to simple programming mistakes. As a result, a variety of tools for detecting bugs have been proposed. Most of these tools rely on symbolic execution, which may yield false positives due to over-approximation. Recently, many fuzzers have been proposed to detect bugs in smart contracts. However, these tend to be more effective in finding shallow bugs and less effective in finding bugs that lie deep in the execution, therefore achieving low code coverage and many false negatives. An alternative that has proven to achieve good results in traditional programs is hybrid fuzzing, a combination of symbolic execution and fuzzing. In this work, we study hybrid fuzzing on smart contracts and present ConFuzzius, the first hybrid fuzzer for smart contracts. ConFuzzius uses evolutionary fuzzing to exercise shallow parts of a smart contract and constraint solving to generate inputs that satisfy complex conditions that prevent evolutionary fuzzing from exploring deeper parts. Moreover, ConFuzzius leverages dynamic data dependency analysis to efficiently generate sequences of transactions that are more likely to result in contract states in which bugs may be hidden. We evaluate the effectiveness of ConFuzzius by comparing it with state-of-the-art symbolic execution tools and fuzzers for smart contracts. Our evaluation on a curated dataset of 128 contracts and a dataset of 21K real-world contracts shows that our hybrid approach detects more bugs than state-of-the-art tools (up to 23%) and that it outperforms existing tools in terms of code coverage (up to 69%). We also demonstrate that data dependency analysis can boost bug detection up to 18%.</p> </div> </div>

show abstract

Harvey: a greybox fuzzer for smart contracts

Cited by 114 publications

References 77 publications

The Security Reference Architecture for Blockchains: Toward a Standardized Model for Studying Vulnerabilities, Threats, and Defenses

The Security Reference Architecture for Blockchains: Toward a Standardized Model for Studying Vulnerabilities, Threats, and Defenses

SmartGift: Learning to Generate Practical Inputs for Testing Smart Contracts

CONFUZZIUS: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts

Contact Info

Product

Resources

About