AntFuzzer: A Grey-Box Fuzzing Framework for EOSIO Smart Contracts

TL;DR

AntFuzzer is an extensible grey-box fuzzing framework for EOSIO smart contracts that improves vulnerability detection and code coverage, addressing the limitations of black-box fuzzers.

Contribution

We introduce AntFuzzer, the first highly extensible grey-box fuzzing framework for EOSIO smart contracts, integrating AFL-style fuzzing to enhance vulnerability detection.

Findings

Achieved 37.5% code coverage improvement on benchmark contracts.

Detected 741 vulnerabilities in 4,616 real-world contracts.

Implemented 6 detection plugins for major EOSIO smart contract vulnerabilities.

Abstract

In the past few years, several attacks against the vulnerabilities of EOSIO smart contracts have caused severe financial losses to this prevalent blockchain platform. As a lightweight test-generation approach, grey-box fuzzing can open up the possibility of improving the security of EOSIO smart contracts. However, developing a practical grey-box fuzzer for EOSIO smart contracts from scratch is time-consuming and requires a deep understanding of EOSIO internals. In this work, we proposed AntFuzzer, the first highly extensible grey-box fuzzing framework for EOSIO smart contracts. AntFuzzer implements a novel approach that interfaces AFL to conduct AFL-style grey-box fuzzing on EOSIO smart contracts. Compared to black-box fuzzing tools, AntFuzzer can effectively trigger those hard-to-cover branches. It achieved an improvement in code coverage on 37.5% of smart contracts in our benchmark dataset. AntFuzzer provides unified interfaces for users to easily develop new detection plugins for continually emerging vulnerabilities. We have implemented 6 detection plugins on AntFuzzer to detect major vulnerabilities of EOSIO smart contracts. In our large-scale fuzzing experiments on 4,616 real-world smart contracts, AntFuzzer successfully detected 741 vulnerabilities. The results demonstrate the effectiveness and efficiency of AntFuzzer and our detection pl