DogeFuzz: A Simple Yet Efficient Grey-box Fuzzer for Ethereum Smart Contracts
Resumo
Ethereum is a distributed, peer-to-peer blockchain infrastructure that has attracted billions of dollars. Perhaps due to its success, Ethereum has become a target for various kinds of attacks, motivating researchers to explore different techniques to identify vulnerabilities in EVM bytecode (the language of the Ethereum Virtual Machine)—including formal verification, symbolic execution, and fuzz testing. Although recent studies empirically compare smart contract fuzzers, there is a lack of literature investigating how simpler grey-box fuzzers compare to more advanced ones. To fill this gap, in this paper, we present DogeFuzz, an extensible infrastructure for fuzzing Ethereum smart contracts, currently supporting black-box fuzzing and two grey-box fuzzing strategies: coverage-guided grey-box fuzzing (DogeFuzz-G) and directed grey-box fuzzing (DogeFuzz-DG). We conduct a series of experiments using benchmarks already available in the literature and compare the DogeFuzz strategies with state-of-the-art fuzzers for smart contracts. Surprisingly, although DogeFuzz does not leverage advanced techniques for improving input generation (such as symbolic execution or machine learning), DogeFuzz outperforms sFuzz and ILF, two state-of-the-art fuzzers. Nonetheless, the Smartian fuzzer shows higher code coverage and bug-finding capabilities than DogeFuzz.
Referências
AFL (2013). American fuzzy lop. [link]. Accessed: April 02, 2024.
Atzei, N., Bartoletti, M., and Cimoli, T. (2017). A survey of attacks on ethereum smart contracts (sok). In Principles of Security and Trust: 6th International Conference, POST 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings 6, pages 164–186, Berlin, Heidelberg. Springer, Springer-Verlag.
Böhme, M., Pham, V., Nguyen, M., and Roychoudhury, A. (2017). Directed greybox fuzzing. In Thuraisingham, B., Evans, D., Malkin, T., and Xu, D., editors, Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, pages 2329–2344, New York, NY, USA. ACM.
Böhme, M., Pham, V.-T., and Roychoudhury, A. (2016). Coverage-based greybox fuzzing as markov chain. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, page 1032–1043, New York, NY, USA. Association for Computing Machinery.
Brent, L., Jurisevic, A., Kong, M., Liu, E., Gauthier, F., Gramoli, V., Holz, R., and Scholz, B. (2018). Vandal: A scalable security analysis framework for smart contracts.
Choi, J., Jang, J., Han, C., and Cha, S. K. (2019). Grey-box concolic testing on binary code. In 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE), pages 736–747, Montreal, Quebec, Canada. IEEE Press.
Choi, J., Kim, D., Kim, S., Grieco, G., Groce, A., and Cha, S. K. (2021). SMARTIAN: enhancing smart contract fuzzing with static and dynamic data-flow analyses. In 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021, Melbourne, Australia, November 15-19, 2021, pages 227–239, Melbourne, Australia. IEEE.
Chu, H., Zhang, P., Dong, H., Xiao, Y., Ji, S., and Li, W. (2023). A survey on smart contract vulnerabilities: Data sources, detection and repair. Inf. Softw. Technol., 159:107221.
Durieux, T., Ferreira, J. a. F., Abreu, R., and Cruz, P. (2020). Empirical review of automated analysis tools on 47,587 ethereum smart contracts. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, ICSE ’20, page 530–541, New York, NY, USA. Association for Computing Machinery.
Ethereum, G. (2019). go-ethereum. [link]. Accessed: April 09, 2024.
Etherscan (2013). Etherscan. [link]. Accessed: April 02, 2024.
Grieco, G., Song, W., Cygan, A., Feist, J., and Groce, A. (2020). Echidna: effective, usable, and fast fuzzing for smart contracts. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2020, page 557–560, New York, NY, USA. Association for Computing Machinery.
He, J., Balunovic, M., Ambroladze, N., Tsankov, P., and Vechev, M. T. (2019). Learning to fuzz from symbolic execution with application to smart contracts. In Cavallaro, L., Kinder, J., Wang, X., and Katz, J., editors, Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, November 11-15, 2019, pages 531–548, New York, NY, USA. ACM.
Hussein, A., Gaber, M. M., Elyan, E., and Jayne, C. (2017). Imitation learning: A survey of learning methods. ACM Comput. Surv., 50(2):21:1–21:35.
Ji, S., Wu, J., Qiu, J., and Dong, J. (2023). Effuzz: Efficient fuzzing by directed search for smart contracts. Information and Software Technology, 159:107213.
Jiang, B., Liu, Y., and Chan, W. K. (2018). ContractFuzzer: fuzzing smart contracts for vulnerability detection. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pages 259–269, New York, NY, USA. ACM.
Krupp, J. and Rossow, C. (2018). teEther: Gnawing at ethereum to automatically exploit smart contracts. In 27th USENIX Security Symposium (USENIX Security 18), pages 1317–1333, Baltimore, MD. USENIX Association.
Li, B., Pan, Z., and Hu, T. (2022). Redefender: detecting reentrancy vulnerabilities in smart contracts automatically. IEEE Transactions on Reliability, 71(2):984–999.
Luu, L., Chu, D., Olickel, H., Saxena, P., and Hobor, A. (2016). Making smart contracts smarter. In Weippl, E. R., Katzenbeisser, S., Kruegel, C., Myers, A. C., and Halevi, S., editors, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, pages 254–269, New York, NY, USA. ACM.
Miller, B. P., Fredriksen, L., and So, B. (1990). An empirical study of the reliability of UNIX utilities. Commun. ACM, 33(12):32–44.
Nguyen, T. D., Pham, L. H., Sun, J., Lin, Y., and Minh, Q. T. (2020). sfuzz: an efficient adaptive fuzzer for solidity smart contracts. In Rothermel, G. and Bae, D., editors, ICSE ’20: 42nd International Conference on Software Engineering, Seoul, South Korea, 27 June - 19 July, 2020, pages 778–788, New York, NY, USA. ACM.
OpenZeppelin (2017). On the parity wallet multisig hack. [link]. Accessed: April 09, 2024.
OpenZeppelin (2020). Exploiting uniswap: From reentrancy to actual profit. [link]. Accessed: April 09, 2024.
Wu, S., Li, Z., Yan, L., Chen, W., Jiang, M., Wang, C., Luo, X., and Zhou, H. (2024). Are we there yet? unraveling the state-of-the-art smart contract fuzzers. In Proceedings of the 46th IEEE/ACM International Conference on Software Engineering, ICSE 2024, Lisbon, Portugal, April 14-20, 2024, pages 127:1–127:13. ACM.
Wüstholz, V. and Christakis, M. (2020). Harvey: a greybox fuzzer for smart contracts. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2020, page 1398–1409, New York, NY, USA. Association for Computing Machinery.
Xue, Y., Ye, J., Zhang, W., Sun, J., Ma, L., Wang, H., and Zhao, J. (2024). xfuzz: Machine learning guided cross-contract fuzzing. IEEE Transactions on Dependable and Secure Computing, 21(2):515–529.
Zeller, A., Gopinath, R., Böhme, M., Fraser, G., and Holler, C. (2024). Fuzzing: Breaking things with random inputs. In The Fuzzing Book. CISPA Helmholtz Center for Information Security. Retrieved 2024-01-18 18:11:45+01:00.
Atzei, N., Bartoletti, M., and Cimoli, T. (2017). A survey of attacks on ethereum smart contracts (sok). In Principles of Security and Trust: 6th International Conference, POST 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings 6, pages 164–186, Berlin, Heidelberg. Springer, Springer-Verlag.
Böhme, M., Pham, V., Nguyen, M., and Roychoudhury, A. (2017). Directed greybox fuzzing. In Thuraisingham, B., Evans, D., Malkin, T., and Xu, D., editors, Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, pages 2329–2344, New York, NY, USA. ACM.
Böhme, M., Pham, V.-T., and Roychoudhury, A. (2016). Coverage-based greybox fuzzing as markov chain. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, page 1032–1043, New York, NY, USA. Association for Computing Machinery.
Brent, L., Jurisevic, A., Kong, M., Liu, E., Gauthier, F., Gramoli, V., Holz, R., and Scholz, B. (2018). Vandal: A scalable security analysis framework for smart contracts.
Choi, J., Jang, J., Han, C., and Cha, S. K. (2019). Grey-box concolic testing on binary code. In 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE), pages 736–747, Montreal, Quebec, Canada. IEEE Press.
Choi, J., Kim, D., Kim, S., Grieco, G., Groce, A., and Cha, S. K. (2021). SMARTIAN: enhancing smart contract fuzzing with static and dynamic data-flow analyses. In 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021, Melbourne, Australia, November 15-19, 2021, pages 227–239, Melbourne, Australia. IEEE.
Chu, H., Zhang, P., Dong, H., Xiao, Y., Ji, S., and Li, W. (2023). A survey on smart contract vulnerabilities: Data sources, detection and repair. Inf. Softw. Technol., 159:107221.
Durieux, T., Ferreira, J. a. F., Abreu, R., and Cruz, P. (2020). Empirical review of automated analysis tools on 47,587 ethereum smart contracts. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, ICSE ’20, page 530–541, New York, NY, USA. Association for Computing Machinery.
Ethereum, G. (2019). go-ethereum. [link]. Accessed: April 09, 2024.
Etherscan (2013). Etherscan. [link]. Accessed: April 02, 2024.
Grieco, G., Song, W., Cygan, A., Feist, J., and Groce, A. (2020). Echidna: effective, usable, and fast fuzzing for smart contracts. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2020, page 557–560, New York, NY, USA. Association for Computing Machinery.
He, J., Balunovic, M., Ambroladze, N., Tsankov, P., and Vechev, M. T. (2019). Learning to fuzz from symbolic execution with application to smart contracts. In Cavallaro, L., Kinder, J., Wang, X., and Katz, J., editors, Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, November 11-15, 2019, pages 531–548, New York, NY, USA. ACM.
Hussein, A., Gaber, M. M., Elyan, E., and Jayne, C. (2017). Imitation learning: A survey of learning methods. ACM Comput. Surv., 50(2):21:1–21:35.
Ji, S., Wu, J., Qiu, J., and Dong, J. (2023). Effuzz: Efficient fuzzing by directed search for smart contracts. Information and Software Technology, 159:107213.
Jiang, B., Liu, Y., and Chan, W. K. (2018). ContractFuzzer: fuzzing smart contracts for vulnerability detection. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pages 259–269, New York, NY, USA. ACM.
Krupp, J. and Rossow, C. (2018). teEther: Gnawing at ethereum to automatically exploit smart contracts. In 27th USENIX Security Symposium (USENIX Security 18), pages 1317–1333, Baltimore, MD. USENIX Association.
Li, B., Pan, Z., and Hu, T. (2022). Redefender: detecting reentrancy vulnerabilities in smart contracts automatically. IEEE Transactions on Reliability, 71(2):984–999.
Luu, L., Chu, D., Olickel, H., Saxena, P., and Hobor, A. (2016). Making smart contracts smarter. In Weippl, E. R., Katzenbeisser, S., Kruegel, C., Myers, A. C., and Halevi, S., editors, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, pages 254–269, New York, NY, USA. ACM.
Miller, B. P., Fredriksen, L., and So, B. (1990). An empirical study of the reliability of UNIX utilities. Commun. ACM, 33(12):32–44.
Nguyen, T. D., Pham, L. H., Sun, J., Lin, Y., and Minh, Q. T. (2020). sfuzz: an efficient adaptive fuzzer for solidity smart contracts. In Rothermel, G. and Bae, D., editors, ICSE ’20: 42nd International Conference on Software Engineering, Seoul, South Korea, 27 June - 19 July, 2020, pages 778–788, New York, NY, USA. ACM.
OpenZeppelin (2017). On the parity wallet multisig hack. [link]. Accessed: April 09, 2024.
OpenZeppelin (2020). Exploiting uniswap: From reentrancy to actual profit. [link]. Accessed: April 09, 2024.
Wu, S., Li, Z., Yan, L., Chen, W., Jiang, M., Wang, C., Luo, X., and Zhou, H. (2024). Are we there yet? unraveling the state-of-the-art smart contract fuzzers. In Proceedings of the 46th IEEE/ACM International Conference on Software Engineering, ICSE 2024, Lisbon, Portugal, April 14-20, 2024, pages 127:1–127:13. ACM.
Wüstholz, V. and Christakis, M. (2020). Harvey: a greybox fuzzer for smart contracts. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2020, page 1398–1409, New York, NY, USA. Association for Computing Machinery.
Xue, Y., Ye, J., Zhang, W., Sun, J., Ma, L., Wang, H., and Zhao, J. (2024). xfuzz: Machine learning guided cross-contract fuzzing. IEEE Transactions on Dependable and Secure Computing, 21(2):515–529.
Zeller, A., Gopinath, R., Böhme, M., Fraser, G., and Holler, C. (2024). Fuzzing: Breaking things with random inputs. In The Fuzzing Book. CISPA Helmholtz Center for Information Security. Retrieved 2024-01-18 18:11:45+01:00.
Publicado
16/09/2024
Como Citar
MEDEIROS, Ismael; CARVALHO, Fausto; FERREIRA, Alexandre; BONIFÁCIO, Rodrigo; FERNANDES, Fabiano Cavalcanti.
DogeFuzz: A Simple Yet Efficient Grey-box Fuzzer for Ethereum Smart Contracts. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 303-318.
DOI: https://doi.org/10.5753/sbseg.2024.241431.
