Abstract
Ethereum is the most widely used open-source public chain project, with smart contracts serving as the pattern for developing decentralized applications. The prevalence of attacks against smart contracts has increased in recent years due to the attached amounts of high-value cryptocurrency. Various attacks against smart contracts have caused significant financial losses, amounting to hundreds of millions of dollars. As manual auditing of smart contracts is time-consuming and costly, automatic detection of vulnerabilities is crucial. Existing work does not dig deeper into contextual information contained in the program, which suffers from the difficulty of covering paths with more complex conditions. In this paper, we propose Ethchecker, a smart contract vulnerability detection tool which combines fuzzing and symbolic execution techniques together. Particularly, we propose an analysis module to extract static information from smart contracts. Besides, the tool introduces a genetic algorithm to enlarge code coverage, while considering the contextual information of the code. The results of the experiment show that in terms of F1-score for vulnerability detection, Ethchecker outperforms sFuzz by an average of 21.89% and outperforms Mythril by an average of 12.5%. Furthermore, in the comparison experiments on a dataset consisting of 1000 long smart contract codes (comprising over 3000 instructions), the proposed algorithm can improve the code coverage by 18.56% compared to the random fuzzing algorithm. In addition, we also used Ethchecker to test against 8922 randomly crawled real-world smart contracts. The result demonstrates the stability of this tool.
Similar content being viewed by others
Data availability
All data included in this study are available upon request by contact with the corresponding author.
References
Szabo N.: Smart Contracts. Accessed on 23 Jan 2024. Available from: https://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/smart.contracts.html
Buterin V et al (2014) A next-generation smart contract and decentralized application platform. white paper. 3(37):2–1
Liu C, Liu H, Cao Z, Chen Z, Chen B, Roscoe B (2018) Reguard: finding reentrancy bugs in smart contracts. In: Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings, pp 65–68
Krupp J, Rossow C (2018) Teether: gnawing at ethereum to automatically exploit smart contracts. In: Proceedings of the 27th USENIX Conference on Security Symposium, pp 1317–1333
Jiang B, Liu Y, Chan WK (2018) Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pp 259–269
Zheng P, Zheng Z, Luo X (2022) Park: accelerating smart contract vulnerability detection via parallel-fork symbolic execution. In: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, pp 740–751
Bose P, Das D, Chen Y, Feng Y, Kruegel C, Vigna G (2022) Sailfish: vetting smart contract state-inconsistency bugs in seconds. In: IEEE Symposium on Security and Privacy (SP). IEEE 2022:161–178
Miao S, Wang J, Zhang C, Lin Z, Gong J, Zhang X, et al (2022) Deep learning in fuzzing: a literature survey. In: 2022 IEEE 2nd International Conference on Electronic Technology, Communication and Information (ICETCI). IEEE. pp 220–223
Zhang C, Lin X, Li Y, Xue Y, Xie J, Chen H, et al (2021) APICraft: fuzz driver generation for closed-source SDK libraries. In: USENIX Security Symposium, pp 2811–2828
Liu Z, Fang Y, Huang C, Xu Y (2022) GAXSS: effective payload generation method to detect XSS vulnerabilities based on genetic algorithm. Secur Commun Netw 2022:1–15. https://doi.org/10.1155/2022/2031924
Olsthoorn M, Stallenberg D, Van Deursen A, Panichella A (2022) SynTest-solidity: automated test case generation and fuzzing for smart contracts. In: Proceedings of the ACM/IEEE 44th International Conference on Software Engineering: Companion Proceeding, pp 202–206
Blair W, Mambretti A, Arshad S, Weissbacher M, Robertson W, Kirda E et al (2022) HotFuzz: discovering temporal and spatial denial-of-service vulnerabilities through guided micro-fuzzing. ACM Trans Privacy Secur 25(4):1–35. https://doi.org/10.1145/3532184
Chen H, Guo S, Xue Y, Sui Y, Zhang C, Li Y, et al (2020) MUZZ: thread-aware grey-box fuzzing for effective bug hunting in multithreaded programs. In: 29th USENIX Security Symposium (USENIX Security 20), pp 2325–2342
Li W, Ruan J, Yi G, Cheng L, Luo X, Cai H (2023) PolyFuzz: holistic greybox fuzzing of multi-language systems. In: 32nd USENIX Security Symposium (USENIX Security 23), pp 1379–1396
Kim TE, Choi J, Heo K, Cha SK (2023) DAFL: directed grey-box fuzzing guided by data dependency. In: 32nd USENIX Security Symposium (USENIX Security 23), pp 4931–4948
Vikram V, Laybourn I, Li A, Nair N, OBrien K, Sanna R, et al (2023) Guiding greybox fuzzing with mutation testing. In: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, 929–941
Nguyen TD, Pham LH, Sun J, Lin Y, Minh QT (2020) sfuzz: an efficient adaptive fuzzer for solidity smart contracts. In: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, pp 778–788
Wüstholz V, Christakis M. Harvey (2020) A greybox fuzzer for smart contracts. In: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp 1398–1409
Zhang J, Zhang C, Xuan J, Xiong Y, Wang Q, Liang B, et al (2019) Recent progress in program analysis. J Softw 30(1):80–109. https://doi.org/10.13328/j.cnki.jos.005651
Baldoni R, Coppa E, D’elia DC, Demetrescu C, Finocchi I (2018) A survey of symbolic execution techniques. ACM Comput Surv 51(3):1–39. https://doi.org/10.1145/3182657
Luu L, Chu DH, Olickel H, Saxena P, Hobor A (2016) Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp 254–269
Mueller B (2018) Smashing ethereum smart contracts for fun and real profit. HITB SECCONF Amsterdam. 9:54
Mossberg M, Manzano F, Hennenfent E, Groce A, Grieco G, Feist J, et al. (2019)Manticore: a user-friendly symbolic execution framework for binaries and smart contracts. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, pp 1186–1189
Bonnet F (2024) MoxyOneCrowdsale. Accessed on 23 Jan 2024. Available from: https://etherscan.io/address/0x6b609d9095d069c805650234ab67595b3a6ab934#code
Torres CF, Iannillo AK, Gervais A, State R (2021) Confuzzius: a data dependency-aware hybrid fuzzer for smart contracts. In: IEEE European Symposium on Security and Privacy (EuroS &P). IEEE 2021, pp 103–119
Stephens N, Grosen J, Salls C, Dutcher A, Wang R, Corbetta J, et al (2016) Driller: augmenting fuzzing through selective symbolic execution. In: NDSS. 16, 1–16
Li Y, Xue Y, Chen H, Wu X, Zhang C, Xie X, et al (2019) Cerebro: context-aware adaptive fuzzing for effective vulnerability detection. In: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp 533–544
Ebert C, Cain J, Antoniol G, Counsell S, Laplante P (2016) Cyclomatic complexity. IEEE Softw 33(6):27–29. https://doi.org/10.1109/MS.2016.147
Hegedűs P ( 2018) Towards analyzing the complexity landscape of solidity based ethereum smart contracts. In: Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, pp 35–39
Yu S, Zhou SA (2010) Survey on metric of software complexity. In: 2nd IEEE International Conference on Information Management and Engineering. IEEE 2010, pp 352–356
Ren M, Yin Z, Ma F, Xu Z, Jiang Y, Sun C, et al (2021) Empirical evaluation of smart contract testing: What is the best choice? In: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp 566–579
Labs S (2014) Awesome-buggy-erc20-tokens. Accessed on 23 Jan 2024. Available from: https://github.com/sec-bit/awesome-buggy-erc20-tokens/tree/master
Etherscan.: Etherscan. Accessed on 23 Dec 2022. Available from: https://etherscan.io/contractsVerified
Research M (2024) Z3 Theorem Prover. Accessed on 23 Jan 2024. Available from: https://github.com/Z3Prover/z3
Torres CF, Schütte J, State R (2018) Osiris: hunting for integer bugs in ethereum smart contracts. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp 664–676
So S, Hong S, Oh H (2021) SmarTest: effectively hunting vulnerable transaction sequences in smart contracts through language model-guided symbolic execution. In: USENIX Security Symposium, pp 1361–1378
Jin L, Cao Y, Chen Y, Zhang D, Campanoni S (2022) Exgen: cross-platform, automated exploit generation for smart contract vulnerabilities. IEEE Trans Dependable Secure Comput 20(1):650–664. https://doi.org/10.1109/TDSC.2022.3141396
Zhou T, Liu K, Li L, Liu Z, Klein J, Bissyandé TF (2021) SmartGift: learning to generate practical inputs for testing smart contracts. In: 2021 IEEE International Conference on Software Maintenance and Evolution (ICSME). IEEE, pp 23–34
Shou C, Tan S, Sen K (2023) Ityfuzz: snapshot-based fuzzer for smart contract. In: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, pp 322–333
Rodler M, PaaSSen D, Li W, Bernhard L, Holz T, Karame G, et al (2023) EF/CF: high performance smart contract fuzzing for exploit generation. In: IEEE European Symposium on Security and Privacy (EuroS &P), pp 449–471
Zhang M, Zhang P, Luo X, Xiao F (2020) Source code obfuscation for smart contracts. In: 2020 27th Asia-Pacific Software Engineering Conference (APSEC), pp 513–514
Yu Q, Zhang P, Dong H, Xiao Y, Ji S (2022) Bytecode obfuscation for smart contracts. In: 2022 29th Asia-Pacific Software Engineering Conference (APSEC), pp 566–567
Zhang P, Yu Q, Xiao Y, Dong H, Luo X, Wang X et al (2023) BiAn: smart contract source code obfuscation. IEEE Trans Softw Eng 49(9):4456–4476. https://doi.org/10.1109/TSE.2023.3298609
Acknowledgements
This work was supported in part by project ZR2019MF034 supported by Shandong Provincial Natural Science Foundation, the National Natural Science Foundation of China under Grant 62111530052.
Author information
Authors and Affiliations
Contributions
Qiang Han contributed to conceptualization, ideas, methodology, code, verification result, and writing-original draft. Lu Wang contributed to methodology, investigation, and writing. Haoyu Zhang contributed to program optimization design, the making of diagrams and tables, and their modification. Leyi Shi contributed to supervision, review, and funding acquisition. Danxin Wang contributed to review and validation.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Ethics approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Han, Q., Wang, L., Zhang, H. et al. Ethchecker: a context-guided fuzzing for smart contracts. J Supercomput (2024). https://doi.org/10.1007/s11227-024-05954-9
Accepted:
Published:
DOI: https://doi.org/10.1007/s11227-024-05954-9