Are We There Yet? Unraveling the State-of-the-Art Smart Contract Fuzzers

TL;DR

This paper systematically reviews and empirically evaluates the current state-of-the-art smart contract fuzzers, providing insights into their effectiveness and guiding future research directions.

Contribution

It offers the first comprehensive review combined with an empirical study of smart contract fuzzers, introducing a benchmark and evaluation metrics for fair comparison.

Findings

Identified strengths and weaknesses of existing fuzzers

Provided a benchmark for evaluating smart contract fuzzers

Suggested future research directions for improving fuzzing techniques

Abstract

Given the growing importance of smart contracts in various applications, ensuring their security and reliability is critical. Fuzzing, an effective vulnerability detection technique, has recently been widely applied to smart contracts. Despite numerous studies, a systematic investigation of smart contract fuzzing techniques remains lacking. In this paper, we fill this gap by: 1) providing a comprehensive review of current research in contract fuzzing, and 2) conducting an in-depth empirical study to evaluate state-of-the-art contract fuzzers' usability. To guarantee a fair evaluation, we employ a carefully-labeled benchmark and introduce a set of pragmatic performance metrics, evaluating fuzzers from five complementary perspectives. Based on our findings, we provide direction for the future research and development of contract fuzzers.