Increasing Fuzz Testing Coverage for Smart Contracts with Dynamic Taint Analysis

Ji, Songyan; Dong, Jian; Qiu, Junfu; Gu, Bin; Wang, Ye; Wang, Tongqi

doi:10.1109/qrs54544.2021.00035

Cited by 6 publications

(7 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Distance is also a popular fitness metric, which helps identify seeds that are more likely to reach unexplored areas. Branch distance [53,67,74,75,87,99,104] and code distance [104] are two commonly used distance metrics in smart contract fuzzing, Branch distance evaluates how close a seed is to satisfy a missed branch by assessing the proximity of the seed to the branch condition. For example, in the code below, if the value of msg.value in a seed is 5, its branch distance for the then-branch is 95 .…”

Section: Seed Schedulingmentioning

confidence: 99%

See 1 more Smart Citation

Are We There Yet? Unraveling the State-of-the-Art Smart Contract Fuzzers

Wu,

Li,

Yan

et al. 2024

Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

View full text Add to dashboard Cite

Given the growing importance of smart contracts in various applications, ensuring their security and reliability is critical. Fuzzing, an effective vulnerability detection technique, has recently been widely applied to smart contracts. Despite numerous studies, a systematic investigation of smart contract fuzzing techniques remains lacking. In this paper, we fill this gap by: 1) providing a comprehensive review of current research in contract fuzzing, and 2) conducting an in-depth empirical study to evaluate state-of-the-art contract fuzzers' usability. To guarantee a fair evaluation, we employ a carefully-labeled benchmark and introduce a set of pragmatic performance metrics, evaluating fuzzers from five complementary perspectives. Based on our findings, we provide direction for the future research and development of contract fuzzers.

show abstract

Section: Seed Schedulingmentioning

confidence: 99%

“…To address this issue, Harvey [99] chooses to mutate only a single argument at a time. Similarly, Targy [53] and effuzz [54] use taint analysis to find the arguments that are relevant to the target conditional branch and mutate only those arguments (e.g., argument b in example).…”

Section: Seed Mutationmentioning

confidence: 99%

Are We There Yet? Unraveling the State-of-the-Art Smart Contract Fuzzers

Wu,

Li,

Yan

et al. 2024

Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

View full text Add to dashboard Cite

show abstract

“…Mutation testing is a fault-based testing method [17]. Fuzz testing is providing invalid or incorrect input data to the smart contract to observe its quality [20]. Validation testing ensures that the smart contract provides the use case required.…”

Section: Classification Schemementioning

confidence: 99%

“…In the papers [17], [19], [29], [30], [31], [34], [45], and [61], a newer method called mutation testing was introduced for the specific purpose of testing smart contracts. In addition, in the papers [20], [21], [23], [24], [26], [41], [42], [48], [53], [54], [55], and [56], another method called fuzz testing was introduced as well.…”

Section: ) Testing Data Challengesmentioning

confidence: 99%

Systematic Mapping of Testing Smart Contracts for Blockchain Applications

Imperius

Alahmar

2022

IEEE Access

View full text Add to dashboard Cite

In the last few years, the technological future becoming apparent by the introduction of smart contracts into mainstream technology, specifically in the development of Web3 and the metaverse. Smart contracts will play a vital role in the decentralization and autonomy of the day-to-day tasks that must be completed. Several literature reviews, considered secondary sources, highlight the current state of testing methods for smart contracts made for Blockchain applications. In this paper, we present the results from a systematic mapping study to give structure to the information found from primary sources. Systematic mapping is a well-known method to identify and categorize research papers in a field with an increasing amount of literature. For this systematic mapping, we searched for studies between 2017 and present-day (March 2022) and were able to find 303 results, from which 47 were selected, by specific inclusion and exclusion criteria, to be relevant to this study. A concept map was created from the information gathered from primary sources to the attributes such as research type, contribution type, blockchain network, smart contract language, development process, testing methods, and testing environment. We also categorized the trends and demographics found in the selected papers based on publication year, author's country, and more. The results of this systematic mapping showed that this field is very new and quickly increasing with new research. The researchers that are interested in this field could use the results found to create opportunities for their future work.

show abstract

“…Nguyen et al 70 proposed a feedback-based adaptive fuzzer called sFuzz to improve the branch coverage efficiency. Ji et al 71 extended sFuzz using dynamic taint analysis, which increases the covered branches by 6%. Echidna 72 and Foundry 73 are fuzzing frameworks widely used in industry, both of which feature efficient test generation with simple configuration and user-friendly manuals.…”

Section: Testingmentioning

confidence: 99%

A large‐scale empirical study of low‐level function use in Ethereum smart contracts and automated replacement

Pattabiraman

2022

Softw Pract Exp

View full text Add to dashboard Cite

The Ethereum blockchain stores and executes complex logic via smart contracts written in Solidity, a high‐level programming language. The Solidity language (in its early versions) provides features to exercise fine‐grained control over smart contracts, whose usage is discouraged by later‐released Solidity documentation, but nonetheless supported in later versions for backward compatibility. We define these features as low‐level functions. However, the high‐volume of transactions and the improper use of low‐level functions lead to security exploits with heavy financial loss. Consequently, the documentation suggests secure alternatives to the use of low‐level functions. In this article, we first perform an empirical study on the use of low‐level functions in Ethereum smart contracts. We study a smart contract dataset consisting of over 2,100,000 real‐world smart contracts. We find that low‐level functions are widely used and that the majority of these uses are gratuitous. We then propose GoHigh, a source‐to‐source transformation tool to eliminate low‐level function‐related vulnerabilities, by replacing low‐level functions with secure alternatives. Our experimental evaluation on the dataset shows that GoHigh successfully replaces all low‐level functions with 4.9% fewer compiler warnings. Further, no unintended side‐effects are introduced in 80% of the contracts, and the remaining 20% are not verifiable due to their external dependency. GoHigh saves more than 5% of the gas cost of the contract. Finally, GoHigh takes 7 s on average per contract.

show abstract

Increasing Fuzz Testing Coverage for Smart Contracts with Dynamic Taint Analysis

Cited by 6 publications

References 13 publications

Are We There Yet? Unraveling the State-of-the-Art Smart Contract Fuzzers

Are We There Yet? Unraveling the State-of-the-Art Smart Contract Fuzzers

Systematic Mapping of Testing Smart Contracts for Blockchain Applications

A large‐scale empirical study of low‐level function use in Ethereum smart contracts and automated replacement

Contact Info

Product

Resources

About