ICSE 2024
Fri 12 - Sun 21 April 2024 Lisbon, Portugal
Thu 18 Apr 2024 14:00 - 14:15 at Fernando Pessoa - Fuzzing 2 Chair(s): Thuan Pham

Given the growing importance of smart contracts in various applications, ensuring their security and reliability is critical. Fuzzing, an effective vulnerability detection technique, has recently been widely applied to smart contracts. Despite numerous studies, a systematic investigation of smart contract fuzzing techniques remains lacking. In this experience paper, we fill this gap by: 1) providing a comprehensive review of current research in contract fuzzing, and 2) conducting an in-depth empirical study to evaluate state-of-the-art contract fuzzers’ usability. To guarantee a fair evaluation, we employ a carefully-labeled benchmark and introduce a set of pragmatic performance metrics, evaluating fuzzers from five complementary perspectives. Based on our findings, we provide direction for the future research and development of contract fuzzers.

Thu 18 Apr

Displayed time zone: Lisbon change

14:00 - 15:30
Fuzzing 2Software Engineering in Practice / Research Track at Fernando Pessoa
Chair(s): Thuan Pham The University of Melbourne
14:00
15m
Talk
Are We There Yet? Unraveling the State-of-the-Art Smart Contract Fuzzers
Research Track
Shuohan Wu Hong Kong Polytechnic University, Zihao Li The Hong Kong Polytechnic Universituy, Luyi Yan Hong Kong Polytechnic University, Weimin Chen The Hong Kong Polytechnic University, Muhui Jiang The Hong Kong Polytechnic University, Chenxu Wang Xi'an Jiaotong University, Xiapu Luo The Hong Kong Polytechnic University, Hao Zhou Hong Kong Polytechnic University
14:15
15m
Talk
RPG: Rust Library Fuzzing with Pool-based Fuzz Target Generation and Generic Support
Research Track
Zhiwu Xu Shenzhen University, Bohao Wu CSSE, Shenzhen University, Cheng Wen Guangzhou Institute of Technology, Xidian University, Bin Zhang Shenzhen University, Shengchao Qin Fermat Labs, Huawei, Mengda He Fermat Labs, Huawei
DOI Pre-print
14:30
15m
Talk
Extrapolating Coverage Rate in Greybox Fuzzing
Research Track
Danushka Liyanage Monash University, Australia, Seongmin Lee Max Planck Institute for Security and Privacy (MPI-SP), Marcel Böhme MPI-SP, Bochum, Kla Tantithamthavorn Monash University
DOI Pre-print
14:45
15m
Talk
FuzzInMem: Fuzzing Programs via In-memory Structures
Research Track
Xuwei Liu Purdue University, USA, Wei You Renmin University of China, Yapeng Ye Purdue University, Zhuo Zhang Purdue University, Jianjun Huang Renmin University of China, Xiangyu Zhang Purdue University
15:00
15m
Talk
Fuzz4All: Universal Fuzzing with Large Language Models
Research Track
Chunqiu Steven Xia University of Illinois at Urbana-Champaign, Matteo Paltenghi University of Stuttgart, Jia Le Tian UIUC, Michael Pradel University of Stuttgart, Lingming Zhang University of Illinois at Urbana-Champaign
Pre-print
15:15
15m
Talk
MicroFuzz: An Efficient Fuzzing Framework for Microservices
Software Engineering in Practice
Peng Di Ant Group, Bingchang Liu Ant Group, Yiyi Gao Ant Group