sFuzz

Nguyen, Tai D.; Pham, Long Hoang; Sun, Jun; Lin, Yun; Minh, Quang Tran

doi:10.1145/3377811.3380334

Cited by 150 publications

(46 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Outside of ICSs and CPSs, many fuzzers are available for testing software, e.g. [39]- [43]. A common approach to improve test generation is to specify the class of valid inputs as a context-free grammar (CFG) [44], [45].…”

Section: Related Workmentioning

confidence: 99%

Finding Causally Different Tests for an Industrial Control System

Poskitt¹,

Chen²,

Sun³

et al. 2023

Preprint

View full text Add to dashboard Cite

Industrial control systems (ICSs) are types of cyberphysical systems in which programs, written in languages such as ladder logic or structured text, control industrial processes through sensing and actuating. Given the use of ICSs in critical infrastructure, it is important to test their resilience against manipulations of sensor/actuator inputs. Unfortunately, existing methods fail to test them comprehensively, as they typically focus on finding the simplest-to-craft manipulations for a testing goal, and are also unable to determine when a test is simply a minor permutation of another, i.e. based on the same causal events. In this work, we propose a guided fuzzing approach for finding 'meaningfully different' tests for an ICS via a general formalisation of sensor/actuator-manipulation strategies. Our algorithm identifies the causal events in a test, generalises them to an equivalence class, and then updates the fuzzing strategy so as to find new tests that are causally different from those already identified. An evaluation of our approach on a real-world water treatment system shows that it is able to find 106% more causally different tests than the most comparable fuzzer. While we focus on diversifying the test suite of an ICS, our formalisation may be useful for other fuzzers that intercept communication channels.

show abstract

Section: Related Workmentioning

confidence: 99%

Finding Causally Different Tests for an Industrial Control System

Poskitt¹,

Chen²,

Sun³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…It first converts the input to smart contracts into a C++ program via the Abstract Syntax Tree (AST) or CFG and generates random inputs to perform the fuzzing. sFuzz [4] employs an efficient, lightweight, adaptive strategy for selecting seeds to improve the fuzzing method based on random input generator [5]. EthPloit [34] adopts static taint analysis to generate exploittargeted transaction sequences.…”

Section: Detectors Using Fuzz Testingmentioning

confidence: 99%

“…Thus, other researchers performed empirical studies as shown in Table 2 to evaluate and compare the smart contract vulnerability detectors. 2020 [11] 2020 [16] 2021 [10] 2021 [19] SmartCheck [13] ✓ ✓ Oyente [2] ✓ ✓ ✓ ✓ ZEUS [20] ✓ Securify [3] ✓ ✓ ✓ Mythril [12] ✓ ✓ ✓ Slither [14] ✓ ✓ Manticore [15] ✓ ✓ MAIAN [17] ✓ ✓ Orisis [18] ✓ ✓ HONEYBADGER [9] ✓ ContractFuzzer [5] ✓ TEETHER [21] ✓ MadMax [22] ✓ sFuzz [4] ✓ Ghaleb et al [11] proposed SolidiFI to evaluate six static vulnerability detectors [2], [3], [12], [13], [14], [15] using a dataset with injected vulnerabilities. Experiment results on a set of 50 contracts injected with 9,369 distinct vulnerabilities show that the evaluated detectors do not detect several instances of vulnerabilities despite their claims of being able to detect such vulnerabilities.…”

Section: Empirical Evaluations Of Vulnerability Detectorsmentioning

confidence: 99%

“…Many methods and corresponding detectors, e.g., Oyente [2], Securify [3], sFuzz [4], ContractFuzzer [5], ContraMaster [6], DefectChecker [7], EXGEN [8], HONEYBADGER [9], have been proposed to detect smart contract vulnerabilities. Ren et al [10] point out that the detectors are evaluated by the tool authors using different datasets and metrics, which may result in biased conclusions.…”

Section: Introductionmentioning

confidence: 99%

“…• very little or no financial benefits for attacker Through selective coding, we concluded that the studied vulnerability detectors mainly adapted existing approaches to analyze OO applications. The detectors have not sufficiently considered Solidity's principle as a contractoriented programming language for applications running on Ethereum Virtual Machine (EVM) and blockchain to [20] ZEUS 7 types SC 2018 [18] Osiris Integer Vulnerability BC 2018 [12] Mythril SWC Registry SC 2018 [3] Securify 37 types SC/BC 2018 [21] TEETHER 4 types BC 2018 [17] MAIAN 3 types SC/BC 2019 [9] HONEYBADGER Honeypots BC 2021 [7] DefectChecker 8 types SC 2022 [8] EXGEN 4 types SC Data Flow Analysis 2018 [22] MadMax 3 types BC 2019 [14] Slither 71 types SC 2020 [28] Clairvoyance Reentrancy SC 2020 [29] Ethainter 5 types BC Machine Learning 2019 [30] GNN-based 3 types SC 2020 [31] ContractWard 6 types Opcode 2021 [32] VSCL 6 types BC Fuzzing 2018 [5] ContractFuzzer 7 types BC+ABI 2018 [33] Reguard Reentrancy SC/BC 2020 [4] sFuzz 9 types BC 2020 [34] Ethploit 3 types SC 2021 [26] ConFuzzius 10 types SC 2021 [27] Smartian 13 types BC 2022 [6] ContraMaster 5 types SC securely transfer assets or ether between supplier and client and minimize the gas cost of execution.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Why Smart Contracts Reported as Vulnerable were not Exploited?

Hu¹,

Li²,

Li³

et al. 2023

Preprint

View full text Add to dashboard Cite

<p>Smart contract security is essential for blockchain applications. Studies show that few of the reported vulnerabilities are exploited. However, no follow-up study is performed to why the reported vulnerabilities are not exploited. We aim to understand the reasons for the low exploitation rate to help improve vulnerability detection practices. We first collect 136,969 unique real-world smart contracts and analyze them using seven vulnerability detectors. Then, we apply Strauss’ grounded theory approach to understand if they are exploitable. In addition, we analyze the transaction logs of the exploitable vulnerabilities to understand their exploitations in history. Among the 4,364 smart contracts reported as vulnerable by the vulnerability detectors, 75.27% of them are unexploitable, and only 66 (0.015%) have been exploited. We uncover 11 reasons for making the detectors misidentify unexploitable vulnerabilities and six reasons for demotivating and preventing the attackers from exploiting the exploitable ones. We illustrate that: beyond treating the smart contracts as yet another Object Oriented (OO) application, it is essential to consider the Solidity programming language’s design principle, smart contracts' application scenarios, and their execution environments. Our results can help differentiate exploitable smart contracts to help allocate efforts to exploitable ones to mitigate emergent risks. </p>

show abstract

Security enhancement technologies for smart contracts in the blockchain: A survey

Wang

Zhu

et al. 2021

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Smart contract has shown its potential in cutting down the cost of administration through reshaping conventional business processes and in expanding the application of blockchain to areas that are beyond the cryptocurrency. However, with the rapid development and wide application of smart contracts, security issues have become a serious concern and have thus attracted widespread attention. As the result, a great deal of effort has been spent on improving and supporting secure development and on the application of smart contracts by introducing new and advanced vulnerability detection and privacy protection techniques in recent years. There is therefore the need for a comprehensive review of the new development on security enhancement technologies of smart contracts for the blockchain. This paper provides a review of the current research status and advances in smart contract security based on related literature published in recent years. Our review is divided into six categories along the line of the technology, which includes symbolic execution, abstract interpretation, fuzz testing, formal verification, deep learning, and privacy enhancement. A comparison of the various tools and methods developed to tackle security issues is provided. Challenges in the research of smart contract security as well as future directions are discussed. This paper intends to provide the inspiration and reference for follow-up research on the security issues of smart contracts in the blockchain.

show abstract

sFuzz

Cited by 150 publications

References 18 publications

Finding Causally Different Tests for an Industrial Control System

Finding Causally Different Tests for an Industrial Control System

Why Smart Contracts Reported as Vulnerable were not Exploited?

Security enhancement technologies for smart contracts in the blockchain: A survey

Contact Info

Product

Resources

About