sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts

TL;DR

sFuzz is an adaptive fuzzing tool for Solidity smart contracts that significantly improves coverage and vulnerability detection efficiency by combining AFL strategies with multi-objective adaptive techniques.

Contribution

The paper introduces sFuzz, a novel adaptive fuzzing approach that outperforms existing tools in speed and effectiveness for testing Ethereum smart contracts.

Findings

sFuzz is two orders of magnitude faster than existing tools.

sFuzz achieves high code coverage and finds vulnerabilities effectively.

Different fuzzing strategies in sFuzz complement each other.

Abstract

Smart contracts are Turing-complete programs that execute on the infrastructure of the blockchain, which often manage valuable digital assets. Solidity is one of the most popular programming languages for writing smart contracts on the Ethereum platform. Like traditional programs, smart contracts may contain vulnerabilities. Unlike traditional programs, smart contracts cannot be easily patched once they are deployed. It is thus important that smart contracts are tested thoroughly before deployment. In this work, we present an adaptive fuzzer for smart contracts on the Ethereum platform called sFuzz. Compared to existing Solidity fuzzers, sFuzz combines the strategy in the AFL fuzzer and an efficient lightweight multi-objective adaptive strategy targeting those hard-to-cover branches. sFuzz has been applied to more than 4 thousand smart contracts and the experimental results show that (1) sFuzz is efficient, e.g., two orders of magnitude faster than state-of-the-art tools; (2) sFuzz is effective in achieving high code coverage and discovering vulnerabilities; and (3) the different fuzzing strategies in sFuzz complement each other.