TY - JOUR
T1 - FunFuzz
T2 - A Function-Oriented Fuzzer for Smart Contract Vulnerability Detection with High Effectiveness and Efficiency
AU - Ye, Mingxi
AU - Nan, Yuhong
AU - Dai, Hong Ning
AU - Yang, Shuo
AU - Luo, Xiapu
AU - Zheng, Zibin
N1 - The research is supported by the National Key Research and Development Program of China (No. 2023YFB2704801), the National Natural Science Foundation of China (No. 62032025), and the Hong Kong RGC Project (No. PolyU15224121).
Publisher Copyright:
© 2024 Copyright held by the owner/author(s). Publication rights licensed to ACM.
PY - 2024/9/27
Y1 - 2024/9/27
N2 - With the increasing popularity of Decentralized Applications (DApps) in blockchain, securing smart contracts has been a long-term, high-priority subject in the domain. Among the various research directions for vulnerability detection, fuzzing has received extensive attention because of its high effectiveness. However, with the increasing complexity of smart contracts, existing fuzzers may waste substantial time exploring locations irrelevant to smart contract vulnerabilities. In this article, we present FunFuzz, a function-oriented fuzzer, which is dedicatedly tailored for detecting smart contract vulnerability with high effectiveness and efficiency. The key observation in our research is that most smart contract vulnerabilities exist in specific functions rather than randomly distributed in all program code like other traditional software. To this end, unlike traditional fuzzers which mainly target code coverage, FunFuzz identifies risky functions while pruning non-risky ones in smart contracts. In this way, it significantly narrows down the exploration scope during the fuzzing process. In addition, FunFuzz employs three unique strategies to direct itself toward effectively discovering vulnerabilities specific to smart contracts (e.g., reentrancy, block dependency, and gasless send). Extensive experiments on 170 real-world contracts demonstrate that FunFuzz outperforms state-of-the-art fuzzers in terms of effectiveness and efficiency.
AB - With the increasing popularity of Decentralized Applications (DApps) in blockchain, securing smart contracts has been a long-term, high-priority subject in the domain. Among the various research directions for vulnerability detection, fuzzing has received extensive attention because of its high effectiveness. However, with the increasing complexity of smart contracts, existing fuzzers may waste substantial time exploring locations irrelevant to smart contract vulnerabilities. In this article, we present FunFuzz, a function-oriented fuzzer, which is dedicatedly tailored for detecting smart contract vulnerability with high effectiveness and efficiency. The key observation in our research is that most smart contract vulnerabilities exist in specific functions rather than randomly distributed in all program code like other traditional software. To this end, unlike traditional fuzzers which mainly target code coverage, FunFuzz identifies risky functions while pruning non-risky ones in smart contracts. In this way, it significantly narrows down the exploration scope during the fuzzing process. In addition, FunFuzz employs three unique strategies to direct itself toward effectively discovering vulnerabilities specific to smart contracts (e.g., reentrancy, block dependency, and gasless send). Extensive experiments on 170 real-world contracts demonstrate that FunFuzz outperforms state-of-the-art fuzzers in terms of effectiveness and efficiency.
KW - Fuzz testing
KW - smart contract
KW - blockchain
KW - vulnerability detection
UR - http://www.scopus.com/inward/record.url?scp=85206218881&partnerID=8YFLogxK
U2 - 10.1145/3674725
DO - 10.1145/3674725
M3 - Journal article
AN - SCOPUS:85206218881
SN - 1049-331X
VL - 33
JO - ACM Transactions on Software Engineering and Methodology
JF - ACM Transactions on Software Engineering and Methodology
IS - 7
M1 - 191
ER -