We present Harvey, an industrial greybox fuzzer for smart contracts,
which are programs managing accounts on a blockchain.
Greybox fuzzing is a lightweight test-generation approach that
effectively detects bugs and security vulnerabilities. However,
greybox fuzzers randomly mutate program inputs to exercise new paths;
this makes it challenging to cover code that is guarded by narrow
checks. Moreover, most real-world smart contracts transition through
many different states during their lifetime, e.g., for every bid in an
auction. To explore these states and thereby detect deep
vulnerabilities, a greybox fuzzer would need to generate sequences of
contract transactions, e.g., by creating bids from multiple users,
while keeping the search space and test suite tractable.
In this paper, we explain how Harvey alleviates both
challenges with two key techniques. First, Harvey extends standard greybox fuzzing with
a method for predicting new inputs that are more likely to cover new
paths or reveal vulnerabilities in smart contracts. Second, it fuzzes
transaction sequences in a targeted and demand-driven way. We have
evaluated our approach on 27 real-world contracts. Our experiments
show that our techniques significantly increase Harvey's
effectiveness in achieving high coverage and detecting
vulnerabilities, in most cases orders-of-magnitude faster.
Tue 10 NovDisplayed time zone: (UTC) Coordinated Universal Time change
08:00 - 08:30 | |||
08:00 2mTalk | Boosting Fuzzer Efficiency: An Information Theoretic PerspectiveACM SIGSOFT Distinguished Paper Award Research Papers Marcel Böhme Monash University, Australia, Valentin Manès KAIST, South Korea, Sang Kil Cha KAIST, South Korea DOI | ||
08:03 1mTalk | CrFuzz: Fuzzing Multi-purpose Programs through Input Validation Research Papers Suhwan Song Seoul National University, South Korea, Chengyu Song University of California at Riverside, USA, Yeongjin Jang Oregon State University, USA, Byoungyoung Lee Seoul National University, South Korea DOI | ||
08:05 1mTalk | Detecting Critical Bugs in SMT Solvers Using Blackbox Mutational Fuzzing Research Papers Muhammad Numair Mansur MPI-SWS, Germany, Maria Christakis MPI-SWS, Valentin Wüstholz ConsenSys, Fuyuan Zhang MPI-SWS, Germany DOI Pre-print | ||
08:07 1mTalk | Fuzzing: On the Exponential Cost of Vulnerability Discovery Research Papers DOI | ||
08:09 1mTalk | Harvey: A Greybox Fuzzer for Smart Contracts Industry Papers DOI Pre-print | ||
08:11 1mTalk | Intelligent REST API Data Fuzzing Research Papers Patrice Godefroid Microsoft Research, USA, Bo-Yuan Huang Princeton University, USA, Marina Polishchuk Microsoft Research, USA DOI | ||
08:13 1mTalk | MTFuzz: Fuzzing with a Multi-task Neural Network Research Papers Dongdong She Columbia University, USA, Rahul Krishna Columbia University, USA, Lu Yan Shanghai Jiao Tong University, China, Suman Jana Columbia University, USA, Baishakhi Ray Columbia University, USA DOI Pre-print | ||
08:15 15mTalk | Conversations on Fuzzing Research Papers Dongdong She Columbia University, USA, Muhammad Numair Mansur MPI-SWS, Germany, Marcel Böhme Monash University, Australia, Suhwan Song Seoul National University, South Korea, Valentin Wüstholz ConsenSys, M: Mike Papadakis University of Luxembourg, Luxembourg | ||