Write a Blog >>
ASE 2022
Mon 10 - Fri 14 October 2022 Oakland Center, Michigan, United States
ASE 2022 (series) / Research Papers /

Effectively Generating Vulnerable Transaction Sequences in Smart Contracts with Reinforcement Learning-guided Fuzzing

Virtual
Jianzhong Su, Hong-Ning Dai, Lingjun Zhao, Zibin Zheng, Xiapu Luo
ASE 2022 Research Papers
Tue 11 Oct 2022 15:00 - 15:20 at Banquet B - Technical Session 7 - Fuzzing II Chair(s): Karine Even-Mendoza

As computer programs running on top of blockchain, smart contracts have proliferated a myriad of decentralized applications while bringing security vulnerabilities, which may cause disastrous failures and huge financial losses. Thus, it is crucial and urgent to detect the vulnerabilities of smart contracts. However, existing fuzzers for smart contracts are still inefficient to detect sophisticated vulnerabilities that require specific vulnerable transaction sequences to trigger. To address this challenge, we propose a novel vulnerability-guided fuzzer based on reinforcement learning, namely RLF, for generating vulnerable transaction sequences to detect such sophisticated vulnerabilities in smart contracts. In particular, we firstly model the process of fuzzing smart contracts as a Markov decision process to construct our reinforcement learning framework. We then creatively design an appropriate reward with consideration of both vulnerability and code coverage so that it can effectively guide our fuzzer to generate specific transaction sequences to reveal vulnerabilities, especially for the vulnerabilities related to multiple functions. We conduct extensive experiments to evaluate RLF’s performance. The experimental results demonstrate that our RLF outperforms state-of-the-art fuzzers.

small-avatar
Jianzhong Su
Sun Yat-sen University
China
Hong-Ning Dai
Hong-Ning Dai
Hong Kong Baptist University
China
small-avatar
Lingjun Zhao
Sun Yat-sen University
Zibin Zheng
Zibin Zheng
School of Data and Computer Science, Sun Yat-sen University
Xiapu Luo
Xiapu Luo
Hong Kong Polytechnic University
China

Tue 11 Oct

Displayed time zone: Eastern Time (US & Canada) change

14:00 - 15:30
Technical Session 7 - Fuzzing IIResearch Papers at Banquet B
Chair(s): Karine Even-Mendoza Imperial College London
14:00
20m
Research paper
So Many Fuzzers, So Little Time - Experience from Evaluating Fuzzers on the Contiki-NG Network (Hay)StackVirtual
Research Papers
Clement Poncelet Uppsala University, Konstantinos (Kostis) Sagonas Uppsala University and Nat. Tech. Univ. of Athens, Nicolas Tsiftes RISE Research Institutes of Sweden
DOI Pre-print
14:20
20m
Research paper
FuzzerAid: Grouping Fuzzed Crashes Based On Fault Signatures
Research Papers
Ashwin Kallingal Joshy Iowa State University, Wei Le Iowa State University
14:40
20m
Research paper
QATest: A Uniform Fuzzing Framework for Question Answering SystemsVirtualACM SIGSOFT Distinguished Paper Award
Research Papers
Zixi Liu Nanjing University, Yang Feng Nanjing University, Yining Yin Nanjing University, China, Jingyu Sun Nanjing University, Zhenyu Chen Nanjing University, Baowen Xu Nanjing University
15:00
20m
Research paper
Effectively Generating Vulnerable Transaction Sequences in Smart Contracts with Reinforcement Learning-guided FuzzingVirtual
Research Papers
Jianzhong Su Sun Yat-sen University, Hong-Ning Dai Hong Kong Baptist University, Lingjun Zhao Sun Yat-sen University, Zibin Zheng School of Data and Computer Science, Sun Yat-sen University, Xiapu Luo Hong Kong Polytechnic University