CrossFuzz: Cross-contract fuzzing for smart contract vulnerability detection

Smart contracts are computer programs that run on a blockchain. As the functions implemented by smart contracts become increasingly complex, the number of cross-contract interactions within them also rises. Consequently, the combinatorial explosion of transaction sequences poses a significant challe...

Full description

Saved in:
Bibliographic Details
Published in:Science of computer programming 2024-05, Vol.234, p.103076, Article 103076
Main Authors: Yang, Huiwen, Gu, Xiguo, Chen, Xiang, Zheng, Liwei, Cui, Zhanqi
Format: Article
Language:English
Subjects:
Cross-contract vulnerability
Fuzz testing
Security vulnerability detection
Smart contract
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Smart contracts are computer programs that run on a blockchain. As the functions implemented by smart contracts become increasingly complex, the number of cross-contract interactions within them also rises. Consequently, the combinatorial explosion of transaction sequences poses a significant challenge for smart contract security vulnerability detection. Existing static analysis-based methods for detecting cross-contract vulnerabilities suffer from high false-positive rates and cannot generate test cases, while fuzz testing-based methods exhibit low code coverage and may not accurately detect security vulnerabilities. The goal of this paper is to address the above limitations and efficiently detect cross-contract vulnerabilities. To achieve this goal, we present CrossFuzz, a fuzz testing-based method for detecting cross-contract vulnerabilities. First, CrossFuzz generates parameters of constructors by tracing data propagation paths. Then, it collects inter-contract data flow information. Finally, CrossFuzz optimizes mutation strategies for transaction sequences based on inter-contract data flow information to improve the performance of fuzz testing. We implemented CrossFuzz, which is an extension of ConFuzzius, and conducted experiments on a real-world dataset containing 396 smart contracts. The results show that CrossFuzz outperforms xFuzz, a fuzz testing-based tool optimized for cross-contract vulnerability detection, with a 10.58% increase in bytecode coverage. Furthermore, CrossFuzz detects 1.82 times more security vulnerabilities than ConFuzzius. Our method utilizes data flow information to optimize mutation strategies. It significantly improves the efficiency of fuzz testing for detecting cross-contract vulnerabilities. •Addressing the challenge of exploding cross-contract transaction sequences.•Presenting CrossFuzz, optimizing mutation strategies via inter-contract data flow analysis.•Experimental results show that CrossFuzz outperforms other fuzz testing tools, including xFuzz and ConFuzzius.
ISSN:0167-6423
1872-7964
DOI:10.1016/j.scico.2023.103076