SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses

Jaeseung Choi; Doyeon Kim; Soomin Kim; Gustavo Grieco; Alex Groce; Sang Kil Cha

doi:10.1109/ASE51524.2021.9678888

SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses

Jaeseung Choi, Doyeon Kim, Soomin Kim, Gustavo Grieco, Alex Groce, Sang Kil Cha

Informatics, Computing, and Cyber Systems, School of

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

104 Scopus citations

Abstract

Unlike traditional software, smart contracts have the unique organization in which a sequence of transactions shares persistent states. Unfortunately, such a characteristic makes it difficult for existing fuzzers to find out critical transaction sequences. To tackle this challenge, we employ both static and dynamic analyses for fuzzing smart contracts. First, we statically analyze smart contract bytecodes to predict which transaction sequences will lead to effective testing, and figure out if there is a certain constraint that each transaction should satisfy. Such information is then passed to the fuzzing phase and used to construct an initial seed corpus. During a fuzzing campaign, we perform a lightweight dynamic data-flow analysis to collect data-flow-based feedback to effectively guide fuzzing. We implement our ideas on a practical open-source fuzzer, named SMARTIAN. SMARTIAN can discover bugs in real-world smart contracts without the need for the source code. Our experimental results show that SMARTIAN is more effective than existing state-of-the-art tools in finding known CVEs from real-world contracts. SMARTIAN also outperforms other tools in terms of code coverage.

Original language	English (US)
Title of host publication	Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	227-239
Number of pages	13
ISBN (Electronic)	9781665403375
DOIs	https://doi.org/10.1109/ASE51524.2021.9678888
State	Published - 2021
Event	36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021 - Virtual, Online, Australia Duration: Nov 15 2021 → Nov 19 2021

Publication series

Name	Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021

Conference

Conference	36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021
Country/Territory	Australia
City	Virtual, Online
Period	11/15/21 → 11/19/21

Keywords

Fuzzing
Smart contract
Software testing
Static analysis

ASJC Scopus subject areas

Artificial Intelligence
Software
Safety, Risk, Reliability and Quality
Control and Optimization

Access to Document

10.1109/ASE51524.2021.9678888

Cite this

Choi, J., Kim, D., Kim, S., Grieco, G., Groce, A., & Cha, S. K. (2021). SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses. In Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021 (pp. 227-239). (Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ASE51524.2021.9678888

SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses. / Choi, Jaeseung; Kim, Doyeon; Kim, Soomin et al.
Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021. Institute of Electrical and Electronics Engineers Inc., 2021. p. 227-239 (Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Choi, J, Kim, D, Kim, S, Grieco, G, Groce, A & Cha, SK 2021, SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses. in Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021. Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021, Institute of Electrical and Electronics Engineers Inc., pp. 227-239, 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021, Virtual, Online, Australia, 11/15/21. https://doi.org/10.1109/ASE51524.2021.9678888

Choi J, Kim D, Kim S, Grieco G, Groce A, Cha SK. SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses. In Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021. Institute of Electrical and Electronics Engineers Inc. 2021. p. 227-239. (Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021). doi: 10.1109/ASE51524.2021.9678888

Choi, Jaeseung ; Kim, Doyeon ; Kim, Soomin et al. / SMARTIAN : Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses. Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021. Institute of Electrical and Electronics Engineers Inc., 2021. pp. 227-239 (Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021).

@inproceedings{9bc504fc02984c2f88164ef50d1e84b2,

title = "SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses",

abstract = "Unlike traditional software, smart contracts have the unique organization in which a sequence of transactions shares persistent states. Unfortunately, such a characteristic makes it difficult for existing fuzzers to find out critical transaction sequences. To tackle this challenge, we employ both static and dynamic analyses for fuzzing smart contracts. First, we statically analyze smart contract bytecodes to predict which transaction sequences will lead to effective testing, and figure out if there is a certain constraint that each transaction should satisfy. Such information is then passed to the fuzzing phase and used to construct an initial seed corpus. During a fuzzing campaign, we perform a lightweight dynamic data-flow analysis to collect data-flow-based feedback to effectively guide fuzzing. We implement our ideas on a practical open-source fuzzer, named SMARTIAN. SMARTIAN can discover bugs in real-world smart contracts without the need for the source code. Our experimental results show that SMARTIAN is more effective than existing state-of-the-art tools in finding known CVEs from real-world contracts. SMARTIAN also outperforms other tools in terms of code coverage.",

keywords = "Fuzzing, Smart contract, Software testing, Static analysis",

author = "Jaeseung Choi and Doyeon Kim and Soomin Kim and Gustavo Grieco and Alex Groce and Cha, {Sang Kil}",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021 ; Conference date: 15-11-2021 Through 19-11-2021",

year = "2021",

doi = "10.1109/ASE51524.2021.9678888",

language = "English (US)",

series = "Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "227--239",

booktitle = "Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021",

}

TY - GEN

T1 - SMARTIAN

T2 - 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021

AU - Choi, Jaeseung

AU - Kim, Doyeon

AU - Kim, Soomin

AU - Grieco, Gustavo

AU - Groce, Alex

AU - Cha, Sang Kil

PY - 2021

Y1 - 2021

N2 - Unlike traditional software, smart contracts have the unique organization in which a sequence of transactions shares persistent states. Unfortunately, such a characteristic makes it difficult for existing fuzzers to find out critical transaction sequences. To tackle this challenge, we employ both static and dynamic analyses for fuzzing smart contracts. First, we statically analyze smart contract bytecodes to predict which transaction sequences will lead to effective testing, and figure out if there is a certain constraint that each transaction should satisfy. Such information is then passed to the fuzzing phase and used to construct an initial seed corpus. During a fuzzing campaign, we perform a lightweight dynamic data-flow analysis to collect data-flow-based feedback to effectively guide fuzzing. We implement our ideas on a practical open-source fuzzer, named SMARTIAN. SMARTIAN can discover bugs in real-world smart contracts without the need for the source code. Our experimental results show that SMARTIAN is more effective than existing state-of-the-art tools in finding known CVEs from real-world contracts. SMARTIAN also outperforms other tools in terms of code coverage.

AB - Unlike traditional software, smart contracts have the unique organization in which a sequence of transactions shares persistent states. Unfortunately, such a characteristic makes it difficult for existing fuzzers to find out critical transaction sequences. To tackle this challenge, we employ both static and dynamic analyses for fuzzing smart contracts. First, we statically analyze smart contract bytecodes to predict which transaction sequences will lead to effective testing, and figure out if there is a certain constraint that each transaction should satisfy. Such information is then passed to the fuzzing phase and used to construct an initial seed corpus. During a fuzzing campaign, we perform a lightweight dynamic data-flow analysis to collect data-flow-based feedback to effectively guide fuzzing. We implement our ideas on a practical open-source fuzzer, named SMARTIAN. SMARTIAN can discover bugs in real-world smart contracts without the need for the source code. Our experimental results show that SMARTIAN is more effective than existing state-of-the-art tools in finding known CVEs from real-world contracts. SMARTIAN also outperforms other tools in terms of code coverage.

KW - Fuzzing

KW - Smart contract

KW - Software testing

KW - Static analysis

UR - http://www.scopus.com/inward/record.url?scp=85125471332&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85125471332&partnerID=8YFLogxK

U2 - 10.1109/ASE51524.2021.9678888

DO - 10.1109/ASE51524.2021.9678888

M3 - Conference contribution

AN - SCOPUS:85125471332

T3 - Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021

SP - 227

EP - 239

BT - Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 15 November 2021 through 19 November 2021

ER -

SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this