Write a Blog >>
ASE 2021
Sun 14 - Sat 20 November 2021 Australia
Tue 16 Nov 2021 21:20 - 21:40 at Kangaroo - Fuzzing Applications Chair(s): Thuan Pham

Unlike traditional software, smart contracts have the unique organization in which a sequence of transactions shares internal states. Unfortunately, such a characteristic makes existing fuzzing tools fail to discern critical transaction sequences. To tackle this challenge, we employ a combined static and dynamic analysis for fuzzing smart contracts. First, we statically analyze smart contract binaries to predict which transaction sequences will lead to effective testing, and figure out if there is a certain constraint that each transaction should satisfy. Such information is then passed to the traditional fuzzing phase and used to construct an initial seed corpus. Furthermore, we perform a light-weight dynamic data-flow analysis to collect data-flow-based feedback to effectively guide fuzzing. We implement our technique on a practical open-source fuzzer, named SMARTIAN. SMARTIAN can discover bugs in real-world smart contracts without the need for the source code. Our experimental results show that SMARTIAN is more effective than existing state-of-the-art tools in finding known CVEs from real-world contracts, and it also outperforms other tools in terms of code coverage.

Tue 16 Nov

Displayed time zone: Hobart change

21:00 - 22:00
Fuzzing ApplicationsResearch Papers / Industry Showcase / Tool Demonstrations at Kangaroo
Chair(s): Thuan Pham The University of Melbourne
CorbFuzz: Checking Browser Security Policies with Fuzzing
Research Papers
Chaofan Shou University of California, Santa Barbara, Ismet Burak Kadron University of California at Santa Barbara, Qi Su University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara
SMARTIAN : Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses
Research Papers
Jaeseung Choi KAIST, Doyeon Kim LINE Plus Corporation, Soomin Kim KAIST, Gustavo Grieco Trail of Bits, Alex Groce Northern Arizona University, Sang Kil Cha KAIST, South Korea
FinFuzzer: One Step Further in Fuzzing Fintech Systems
Industry Showcase
Qingshun Wang East China Normal University, Lihua Xu New York University Shanghai, Jun Xiao Ant Group Co. Ltd., Qi Guo Ant Group Co. Ltd., Haotian Zhang Ant Group Co. Ltd., Liang Dou East China Normal University, Liang He East China Normal University, Tao Xie Peking University
Scalable Fuzzing of Program Binaries with E9AFL
Tool Demonstrations
Xiang Gao National University of Singapore, Gregory J. Duck National University of Singapore, Abhik Roychoudhury National University of Singapore