CDHF: Coordination Driven Hybrid Fuzzing for EOSIO Smart Contracts
Vulnerabilities in EOSIO smart contracts have caused significant economic losses. Although some approaches have been proposed to detect these vulnerabilities, they often face several limitations, such as inefficiency in path exploration, insufficient diversity of test cases, and path explosion, which collectively reduce code coverage and detection accuracy. Currently, there is a lack of hybrid fuzzing techniques specifically designed for EOSIO smart contracts to address these issues. To fill this gap, we propose a coordination-driven hybrid fuzzing approach for discovering vulnerabilities in EOSIO smart contracts. Our method employs a scheduling strategy using an online linear regression model based on stochastic gradient descent to reduce the edge redundancy detection in hybrid fuzzing and enhance the efficiency of path exploration during symbolic execution. Additionally, a synchronization strategy based on constraint domain abstraction and random walk sampling ensures uniform sampling in simplified scenarios, thus improving code coverage and mitigating path explosion. Furthermore, we design a function-level mutation strategy to rapidly diversify test cases in the seed pool, facilitating the efficiency of detecting vulnerabilities. We implement our method in a tool named CDHF and evaluate it on 3,440 smart contracts. Experimental results indicate that CDHF can detect vulnerabilities more precisely and efficiently, achieving an approximate 20% improvement in code coverage compared to WASAI.
Wed 4 DecDisplayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change
14:00 - 15:30 | |||
14:00 30mTalk | CDHF: Coordination Driven Hybrid Fuzzing for EOSIO Smart Contracts Technical Track | ||
14:30 30mTalk | A DNN Fuzz Testing Method Based on Gradient-weighted Class Activation Map Technical Track Zhouning Chen Sichuan University, Qiaoyun Liu Sichuan University, Shengxin Dai Sichuan University, Qiuhui Yang Sichuan University | ||
15:00 30mTalk | Prioritizing Test Cases through Dual-uncertainty Evaluating for Road Disease Detection System Technical Track Niu Chenxu College of Computer Science, ChongQing University, Huijun Liu College of Computer Science, Chongqing University, Ao Li School of Big Data & Software Engineering, Chongqing University, Tianhao Xiao College of Computer Science, Chongqing University, Zhimin Ruan China Merchants Chongqing Communications Technology Research & Design Institute Co. Ltd., Yongxin Ge School of Big Data & Software Engineering, Chongqing University |