ItyFuzz: Snapshot-Based Fuzzer for Smart Contract
Smart contracts are critical financial instruments, and their security is of utmost importance. However, smart contract programs are difficult to fuzz due to the persistent blockchain state behind all transactions. Mutating sequences of transactions are complex and often lead to a suboptimal exploration for both input and program spaces. In this paper, we introduce a novel snapshot-based fuzzer ItyFuzz for testing smart contracts. In ItyFuzz, instead of storing sequences of transactions and mutating from them, we snapshot states and singleton transactions. To explore interesting states, ItyFuzz introduces a dataflow waypoint mechanism to identify states with more potential momentum. ItyFuzz also incorporates comparison waypoints to prune the space of states. By maintaining snapshots of the states, ItyFuzz can synthesize concrete exploits like reentrancy attacks quickly. Because ItyFuzz has second-level response time to test a smart contract, it can be used for on-chain testing, which has many benefits compared to local development testing. Finally, we evaluate ItyFuzz on real-world smart contracts and some hacked on-chain DeFi projects. ItyFuzz outperforms existing fuzzers in terms of instructional coverage and can find and generate realistic exploits for on-chain projects quickly.
Tue 18 JulDisplayed time zone: Pacific Time (US & Canada) change
10:30 - 12:00 | ISSTA 2: Fuzzing 1Technical Papers at Smith Classroom (Gates G10) Chair(s): Jonathan Bell Northeastern University | ||
10:30 15mTalk | Icicle: A Re-designed Emulator for Grey-Box Firmware Fuzzing Technical Papers Michael Chesser University of Adelaide, Surya Nepal CSIRO’s Data61, Damith C. Ranasinghe University of Adelaide DOI | ||
10:45 15mTalk | Green Fuzzing: A Saturation-Based Stopping Criterion using Vulnerability Prediction Technical Papers Stephan Lipp TU Munich, Daniel Elsner TU Munich, Severin Kacianka TU Munich, Alexander Pretschner TU Munich, Marcel Böhme MPI-SP; Monash University, Sebastian Banescu TU Munich DOI | ||
11:00 15mTalk | ItyFuzz: Snapshot-Based Fuzzer for Smart Contract Technical Papers Chaofan Shou University of California at Santa Barbara, Shangyin Tan University of California at Berkeley, Koushik Sen University of California at Berkeley DOI | ||
11:15 15mTalk | Large Language Models Are Zero-Shot Fuzzers: Fuzzing Deep-Learning Libraries via Large Language Models Technical Papers Yinlin Deng University of Illinois at Urbana-Champaign, Chunqiu Steven Xia University of Illinois at Urbana-Champaign, Haoran Peng University of Science and Technology of China, Chenyuan Yang University of Illinois at Urbana-Champaign, Lingming Zhang University of Illinois at Urbana-Champaign DOI | ||
11:30 15mTalk | Detecting State Inconsistency Bugs in DApps via On-Chain Transaction Replay and Fuzzing Technical Papers Mingxi Ye Sun Yat-sen University, Yuhong Nan Sun Yat-sen University, Zibin Zheng Sun Yat-sen University, Dongpeng Wu Sun Yat-sen University, Huizhong Li WeBank DOI | ||
11:45 15mTalk | Green Fuzzer Benchmarking Technical Papers DOI | ||