Grey-box Fuzzing Based on Execution Feedback for EOSIO Smart Contracts (APSEC 2022 - Technical Track)

Who

Wenyin Li, Meng Wang, Bin Yu, Yuhang Shi, Mingxin Fu, You Shao

Track

APSEC 2022 Technical Track

Time Zone

The program is currently displayed in (GMT+09:00) Osaka, Sapporo, Tokyo.

Use conference time zone: (GMT+09:00) Osaka, Sapporo, TokyoSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Thu 8 Dec 2022 13:00 - 13:20 at Room2 - Smart Contract Chair(s): Yoshiki Higo

Abstract

As one of the representative Delegated Proof-of- Stake (DPoS) blockchain platforms, EOSIO blockchain platform is developing rapidly in recent years due to its excellent features, such as the scalability of transaction speed and support for smart contracts and decentralized applications (DApps). How- ever, vulnerabilities in EOSIO smart contracts have caused serious economic losses and moreover vulnerability detection tools for EOSIO contracts are limited. To overcome the above shortcomings, we implement a grey-box fuzzer called GFuzzer based on WebAssembly for smart contracts on the EOSIO platform considering that EOSIO contracts are not open-sourced. In order to generate more test cases for branches that are difficult to cover, GFuzzer selects test cases with the minimum distance to explore uncovered branches for mutation. We evaluate GFuzzer on 3963 real-world smart contracts and the experimental results show that GFuzzer can detect more vulnerabilities in EOSIO contracts than the existing tool EOSFuzzer, and is efficient in achieving high branch coverage during vulnerability detection.

Wenyin Li

Hebei university

China

Meng Wang

Hebei university

China

Bin Yu

Xidian University

China

Yuhang Shi

Xidian Univeristy

China

Mingxin Fu

Xidian Univeristy

China

You Shao

Xidian Univeristy

China

Time Zone

The program is currently displayed in (GMT+09:00) Osaka, Sapporo, Tokyo.

Use conference time zone: (GMT+09:00) Osaka, Sapporo, TokyoSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Thu 8 Dec
Displayed time zone: Osaka, Sapporo, Tokyo change

13:00 - 14:30	Smart ContractTechnical Track / ERA - Early Research Achievements at Room2 Chair(s): Yoshiki Higo Osaka University

13:00 20m Paper		Grey-box Fuzzing Based on Execution Feedback for EOSIO Smart Contracts Technical Track Wenyin Li Hebei university, Meng Wang Hebei university, Bin Yu Xidian University, Yuhang Shi Xidian Univeristy, Mingxin Fu Xidian Univeristy, You Shao Xidian Univeristy
13:20 15m Paper		SCAR: Smart Contract Alarm Ranking} ERA - Early Research Achievements Kien Tran VNU University of Engineering and Technology, Hieu Vo VNU University of Engineering and Technology
13:35 20m Paper		Data Flow Reduction Based Test Case Generation for Smart Contracts Technical Track Shunhui Ji Hohai University, Shaoqing Zhu Hohai University, Pengcheng Zhang Hohai University, Hai Dong RMIT University
13:55 20m Paper		A Reference Architecture for Blockchain-based Traceability Systems Using Domain-Driven Design and Microservices Technical Track Yanze Wang Nanjing University, Shanshan Li Nanjing University, Huikun Liu Nanjing University, He Zhang Nanjing University, Bo Pan Huawei Technologies Co., Ltd.