Skip to main content

Advertisement

SpringerLink
Log in

Ethchecker: a context-guided fuzzing for smart contracts

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Ethereum is the most widely used open-source public chain project, with smart contracts serving as the pattern for developing decentralized applications. The prevalence of attacks against smart contracts has increased in recent years due to the attached amounts of high-value cryptocurrency. Various attacks against smart contracts have caused significant financial losses, amounting to hundreds of millions of dollars. As manual auditing of smart contracts is time-consuming and costly, automatic detection of vulnerabilities is crucial. Existing work does not dig deeper into contextual information contained in the program, which suffers from the difficulty of covering paths with more complex conditions. In this paper, we propose Ethchecker, a smart contract vulnerability detection tool which combines fuzzing and symbolic execution techniques together. Particularly, we propose an analysis module to extract static information from smart contracts. Besides, the tool introduces a genetic algorithm to enlarge code coverage, while considering the contextual information of the code. The results of the experiment show that in terms of F1-score for vulnerability detection, Ethchecker outperforms sFuzz by an average of 21.89% and outperforms Mythril by an average of 12.5%. Furthermore, in the comparison experiments on a dataset consisting of 1000 long smart contract codes (comprising over 3000 instructions), the proposed algorithm can improve the code coverage by 18.56% compared to the random fuzzing algorithm. In addition, we also used Ethchecker to test against 8922 randomly crawled real-world smart contracts. The result demonstrates the stability of this tool.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Data availability

All data included in this study are available upon request by contact with the corresponding author.

References

  1. Szabo N.: Smart Contracts. Accessed on 23 Jan 2024. Available from: https://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/smart.contracts.html

  2. Buterin V et al (2014) A next-generation smart contract and decentralized application platform. white paper. 3(37):2–1

  3. Liu C, Liu H, Cao Z, Chen Z, Chen B, Roscoe B (2018) Reguard: finding reentrancy bugs in smart contracts. In: Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings, pp 65–68

  4. Krupp J, Rossow C (2018) Teether: gnawing at ethereum to automatically exploit smart contracts. In: Proceedings of the 27th USENIX Conference on Security Symposium, pp 1317–1333

  5. Jiang B, Liu Y, Chan WK (2018) Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pp 259–269

  6. Zheng P, Zheng Z, Luo X (2022) Park: accelerating smart contract vulnerability detection via parallel-fork symbolic execution. In: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, pp 740–751

  7. Bose P, Das D, Chen Y, Feng Y, Kruegel C, Vigna G (2022) Sailfish: vetting smart contract state-inconsistency bugs in seconds. In: IEEE Symposium on Security and Privacy (SP). IEEE 2022:161–178

  8. Miao S, Wang J, Zhang C, Lin Z, Gong J, Zhang X, et al (2022) Deep learning in fuzzing: a literature survey. In: 2022 IEEE 2nd International Conference on Electronic Technology, Communication and Information (ICETCI). IEEE. pp 220–223

  9. Zhang C, Lin X, Li Y, Xue Y, Xie J, Chen H, et al (2021) APICraft: fuzz driver generation for closed-source SDK libraries. In: USENIX Security Symposium, pp 2811–2828

  10. Liu Z, Fang Y, Huang C, Xu Y (2022) GAXSS: effective payload generation method to detect XSS vulnerabilities based on genetic algorithm. Secur Commun Netw 2022:1–15. https://doi.org/10.1155/2022/2031924

    Article  CAS  Google Scholar 

  11. Olsthoorn M, Stallenberg D, Van Deursen A, Panichella A (2022) SynTest-solidity: automated test case generation and fuzzing for smart contracts. In: Proceedings of the ACM/IEEE 44th International Conference on Software Engineering: Companion Proceeding, pp 202–206

  12. Blair W, Mambretti A, Arshad S, Weissbacher M, Robertson W, Kirda E et al (2022) HotFuzz: discovering temporal and spatial denial-of-service vulnerabilities through guided micro-fuzzing. ACM Trans Privacy Secur 25(4):1–35. https://doi.org/10.1145/3532184

    Article  Google Scholar 

  13. Chen H, Guo S, Xue Y, Sui Y, Zhang C, Li Y, et al (2020) MUZZ: thread-aware grey-box fuzzing for effective bug hunting in multithreaded programs. In: 29th USENIX Security Symposium (USENIX Security 20), pp 2325–2342

  14. Li W, Ruan J, Yi G, Cheng L, Luo X, Cai H (2023) PolyFuzz: holistic greybox fuzzing of multi-language systems. In: 32nd USENIX Security Symposium (USENIX Security 23), pp 1379–1396

  15. Kim TE, Choi J, Heo K, Cha SK (2023) DAFL: directed grey-box fuzzing guided by data dependency. In: 32nd USENIX Security Symposium (USENIX Security 23), pp 4931–4948

  16. Vikram V, Laybourn I, Li A, Nair N, OBrien K, Sanna R, et al (2023) Guiding greybox fuzzing with mutation testing. In: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, 929–941

  17. Nguyen TD, Pham LH, Sun J, Lin Y, Minh QT (2020) sfuzz: an efficient adaptive fuzzer for solidity smart contracts. In: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, pp 778–788

  18. Wüstholz V, Christakis M. Harvey (2020) A greybox fuzzer for smart contracts. In: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp 1398–1409

  19. Zhang J, Zhang C, Xuan J, Xiong Y, Wang Q, Liang B, et al (2019) Recent progress in program analysis. J Softw 30(1):80–109. https://doi.org/10.13328/j.cnki.jos.005651

  20. Baldoni R, Coppa E, D’elia DC, Demetrescu C, Finocchi I (2018) A survey of symbolic execution techniques. ACM Comput Surv 51(3):1–39. https://doi.org/10.1145/3182657

    Article  Google Scholar 

  21. Luu L, Chu DH, Olickel H, Saxena P, Hobor A (2016) Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp 254–269

  22. Mueller B (2018) Smashing ethereum smart contracts for fun and real profit. HITB SECCONF Amsterdam. 9:54

  23. Mossberg M, Manzano F, Hennenfent E, Groce A, Grieco G, Feist J, et al. (2019)Manticore: a user-friendly symbolic execution framework for binaries and smart contracts. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, pp 1186–1189

  24. Bonnet F (2024) MoxyOneCrowdsale. Accessed on 23 Jan 2024. Available from: https://etherscan.io/address/0x6b609d9095d069c805650234ab67595b3a6ab934#code

  25. Torres CF, Iannillo AK, Gervais A, State R (2021) Confuzzius: a data dependency-aware hybrid fuzzer for smart contracts. In: IEEE European Symposium on Security and Privacy (EuroS &P). IEEE 2021, pp 103–119

  26. Stephens N, Grosen J, Salls C, Dutcher A, Wang R, Corbetta J, et al (2016) Driller: augmenting fuzzing through selective symbolic execution. In: NDSS. 16, 1–16

  27. Li Y, Xue Y, Chen H, Wu X, Zhang C, Xie X, et al (2019) Cerebro: context-aware adaptive fuzzing for effective vulnerability detection. In: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp 533–544

  28. Ebert C, Cain J, Antoniol G, Counsell S, Laplante P (2016) Cyclomatic complexity. IEEE Softw 33(6):27–29. https://doi.org/10.1109/MS.2016.147

    Article  Google Scholar 

  29. Hegedűs P ( 2018) Towards analyzing the complexity landscape of solidity based ethereum smart contracts. In: Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, pp 35–39

  30. Yu S, Zhou SA (2010) Survey on metric of software complexity. In: 2nd IEEE International Conference on Information Management and Engineering. IEEE 2010, pp 352–356

  31. Ren M, Yin Z, Ma F, Xu Z, Jiang Y, Sun C, et al (2021) Empirical evaluation of smart contract testing: What is the best choice? In: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp 566–579

  32. Labs S (2014) Awesome-buggy-erc20-tokens. Accessed on 23 Jan 2024. Available from: https://github.com/sec-bit/awesome-buggy-erc20-tokens/tree/master

  33. Etherscan.: Etherscan. Accessed on 23 Dec 2022. Available from: https://etherscan.io/contractsVerified

  34. Research M (2024) Z3 Theorem Prover. Accessed on 23 Jan 2024. Available from: https://github.com/Z3Prover/z3

  35. Torres CF, Schütte J, State R (2018) Osiris: hunting for integer bugs in ethereum smart contracts. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp 664–676

  36. So S, Hong S, Oh H (2021) SmarTest: effectively hunting vulnerable transaction sequences in smart contracts through language model-guided symbolic execution. In: USENIX Security Symposium, pp 1361–1378

  37. Jin L, Cao Y, Chen Y, Zhang D, Campanoni S (2022) Exgen: cross-platform, automated exploit generation for smart contract vulnerabilities. IEEE Trans Dependable Secure Comput 20(1):650–664. https://doi.org/10.1109/TDSC.2022.3141396

    Article  Google Scholar 

  38. Zhou T, Liu K, Li L, Liu Z, Klein J, Bissyandé TF (2021) SmartGift: learning to generate practical inputs for testing smart contracts. In: 2021 IEEE International Conference on Software Maintenance and Evolution (ICSME). IEEE, pp 23–34

  39. Shou C, Tan S, Sen K (2023) Ityfuzz: snapshot-based fuzzer for smart contract. In: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, pp 322–333

  40. Rodler M, PaaSSen D, Li W, Bernhard L, Holz T, Karame G, et al (2023) EF/CF: high performance smart contract fuzzing for exploit generation. In: IEEE European Symposium on Security and Privacy (EuroS &P), pp 449–471

  41. Zhang M, Zhang P, Luo X, Xiao F (2020) Source code obfuscation for smart contracts. In: 2020 27th Asia-Pacific Software Engineering Conference (APSEC), pp 513–514

  42. Yu Q, Zhang P, Dong H, Xiao Y, Ji S (2022) Bytecode obfuscation for smart contracts. In: 2022 29th Asia-Pacific Software Engineering Conference (APSEC), pp 566–567

  43. Zhang P, Yu Q, Xiao Y, Dong H, Luo X, Wang X et al (2023) BiAn: smart contract source code obfuscation. IEEE Trans Softw Eng 49(9):4456–4476. https://doi.org/10.1109/TSE.2023.3298609

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported in part by project ZR2019MF034 supported by Shandong Provincial Natural Science Foundation, the National Natural Science Foundation of China under Grant 62111530052.

Author information

Authors and Affiliations

  1. College of Computer Science and Technology, China University of Petroleum (East China), Qingdao, 266580, Shandong, China

    Qiang Han, Haoyu Zhang, Leyi Shi & Danxin Wang

  2. Faculty of Science, University of Amsterdam, 1012WX, Amsterdam, The Netherlands

    Lu Wang

Authors
  1. Qiang Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Haoyu Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Leyi Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Danxin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Qiang Han contributed to conceptualization, ideas, methodology, code, verification result, and writing-original draft. Lu Wang contributed to methodology, investigation, and writing. Haoyu Zhang contributed to program optimization design, the making of diagrams and tables, and their modification. Leyi Shi contributed to supervision, review, and funding acquisition. Danxin Wang contributed to review and validation.

Corresponding author

Correspondence to Leyi Shi.

Ethics declarations

Conflict of interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Ethics approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Han, Q., Wang, L., Zhang, H. et al. Ethchecker: a context-guided fuzzing for smart contracts. J Supercomput (2024). https://doi.org/10.1007/s11227-024-05954-9

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11227-024-05954-9

Keywords

Search

Navigation