research-article

Learning to Fuzz from Symbolic Execution with Application to Smart Contracts

Authors:
Jingxuan He

ETH Zurich, Zurich, Switzerland

ETH Zurich, Zurich, Switzerland
View Profile

,
Mislav Balunović

ETH Zurich, Zurich, Switzerland

ETH Zurich, Zurich, Switzerland
View Profile

,
Nodar Ambroladze

ETH Zurich, Zurich, Switzerland

ETH Zurich, Zurich, Switzerland
View Profile

,
Petar Tsankov

ETH Zurich, Zurich, Switzerland

ETH Zurich, Zurich, Switzerland
View Profile

,
Martin Vechev

ETH Zurich, Zurich, Switzerland

ETH Zurich, Zurich, Switzerland
View Profile

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications SecurityNovember 2019Pages 531–548https://doi.org/10.1145/3319535.3363230

Published:06 November 2019Publication History

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Pages 531–548

ABSTRACT

Fuzzing and symbolic execution are two complementary techniques for discovering software vulnerabilities. Fuzzing is fast and scalable, but can be ineffective when it fails to randomly select the right inputs. Symbolic execution is thorough but slow and often does not scale to deep program paths with complex path conditions. In this work, we propose to learn an effective and fast fuzzer from symbolic execution, by phrasing the learning task in the framework of imitation learning. During learning, a symbolic execution expert generates a large number of quality inputs improving coverage on thousands of programs. Then, a fuzzing policy, represented with a suitable architecture of neural networks, is trained on the generated dataset. The learned policy can then be used to fuzz new programs. We instantiate our approach to the problem of fuzzing smart contracts, a domain where contracts often implement similar functionality (facilitating learning) and security is of utmost importance. We present an end-to-end system, ILF (for Imitation Learning based Fuzzer), and an extensive evaluation over >18K contracts. Our results show that ILF is effective: (i) it is fast, generating 148 transactions per second, (ii) it outperforms existing fuzzers (e.g., achieving 33% more coverage), and (iii) it detects more vulnerabilities than existing fuzzing and symbolic execution tools for Ethereum.

Supplemental Material

p531-he.webm

webm

122 MB

Download

References

Pieter Abbeel, Adam Coates, and Andrew Y. Ng. 2010. Autonomous Helicopter Aerobatics through Apprenticeship Learning. I. J. Robotics Res., Vol. 29, 13 (2010), 1608--1639. https://doi.org/10.1177/0278364910371999Google ScholarDigital Library
Miltiadis Allamanis, Marc Brockschmidt, and Mahmoud Khademi. 2018. Learning to Represent Programs with Graphs. In 6th International Conference on Learning Representations, ICLR 2018, Vancouver, BC, Canada, April 30 - May 3, 2018, Conference Track Proceedings. https://openreview.net/forum?id=BJOFETxR-Google Scholar
Sidney Amani, Myriam Bé gel, Maksym Bortin, and Mark Staples. 2018. Towards Verifying Ethereum Smart Contract Bytecode in Isabelle/HOL. In Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs, CPP 2018, Los Angeles, CA, USA, January 8--9, 2018. 66--77. https://doi.org/10.1145/3167084Google ScholarDigital Library
Ben Athiwaratkun and Jack W. Stokes. 2017. Malware Classification with LS™ and GRU Language Models and a Character-level CNN. In 2017 IEEE International Conference on Acoustics, Speech and Signal Processing, ICASSP 2017, New Orleans, LA, USA, March 5--9, 2017. 2482--2486. https://doi.org/10.1109/ICASSP.2017.7952603Google Scholar
Mislav Balunovic, Pavol Bielik, and Martin Vechev. 2018. Learning to Solve SMT Formulas. In Advances in Neural Information Processing Systems 31: Annual Conference on Neural Information Processing Systems 2018, NeurIPS 2018, 3--8 December 2018, Montré al, Canada. 10338--10349. http://papers.nips.cc/paper/8233-learning-to-solve-smt-formulasGoogle Scholar
Tiffany Bao, Jonathan Burket, Maverick Woo, Rafael Turner, and David Brumley. 2014. BYTEWEIGHT: Learning to Recognize Functions in Binary Code. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20--22, 2014. 845--860. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/baoGoogle Scholar
Osbert Bastani, Rahul Sharma, Alex Aiken, and Percy Liang. 2017. Synthesizing Program Input Grammars. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, Barcelona, Spain, June 18--23, 2017. 95--110. https://doi.org/10.1145/3062341.3062349Google ScholarDigital Library
Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cé dric Fournet, Anitha Gollamudi, Georges Gonthier, Nadim Kobeissi, Natalia Kulatova, et al. 2016. Formal Verification of Smart Contracts: Short Paper. In Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, PLAS@CCS 2016, Vienna, Austria, October 24, 2016. 91--96. https://doi.org/10.1145/2993600.2993611Google ScholarDigital Library
Marcel Bö hme, Van-Thuan Pham, and Abhik Roychoudhury. 2016. Coverage-based Greybox Fuzzing as Markov Chain. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24--28, 2016. 1032--1043. https://doi.org/10.1145/2976749.2978428Google Scholar
Cristian Cadar, Daniel Dunbar, and Dawson R. Engler. 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2008, December 8--10, 2008, San Diego, California, USA, Proceedings. 209--224. http://www.usenix.org/events/osdi08/tech/full_papers/cadar/cadar.pdfGoogle ScholarDigital Library
Cristian Cadar, Vijay Ganesh, Peter M. Pawlowski, David L. Dill, and Dawson R. Engler. 2006. EXE: Automatically Generating Inputs of Death. In Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, Alexandria, VA, USA, Ioctober 30 - November 3, 2006. 322--335. https://doi.org/10.1145/1180405.1180445Google ScholarDigital Library
Peng Chen and Hao Chen. 2018. Angora: Efficient Fuzzing by Principled Search. In 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, 21--23 May 2018, San Francisco, California, USA. 711--725. https://doi.org/10.1109/SP.2018.00046Google ScholarCross Ref
Kyunghyun Cho, Bart van Merrienboer, cC aglar Gü lcc ehre, Dzmitry Bahdanau, Fethi Bougares, Holger Schwenk, and Yoshua Bengio. 2014. Learning Phrase Representations using RNN Encoder-Decoder for Statistical Machine Translation. In Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing, EMNLP 2014, October 25--29, 2014, Doha, Qatar, A meeting of SIGDAT, a Special Interest Group of the ACL. 1724--1734. http://aclweb.org/anthology/D/D14/D14--1179.pdfGoogle Scholar
Crytic. 2019. Echdina. https://github.com/crytic/echidna/Google Scholar
Chris Cummins, Pavlos Petoumenos, Alastair Murray, and Hugh Leather. 2018. Compiler Fuzzing Through Deep Learning. In Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands, July 16--21, 2018. 95--105. https://doi.org/10.1145/3213846.3213848Google ScholarDigital Library
Etherscan. 2019. Ethereum (ETH) block explorer. https://etherscan.io/Google Scholar
The go-ethereum Authors. 2019. Go Ethereum. https://geth.ethereum.org/Google Scholar
Patrice Godefroid, Adam Kiezun, and Michael Y. Levin. 2008a. Grammar-based Whitebox Fuzzing. In Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation, Tucson, AZ, USA, June 7--13, 2008. 206--215. https://doi.org/10.1145/1375581.1375607Google ScholarDigital Library
Patrice Godefroid, Michael Y. Levin, and David A. Molnar. 2008b. Automated Whitebox Fuzz Testing. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2008, San Diego, California, USA, 10th February - 13th February 2008. http://www.isoc.org/isoc/conferences/ndss/08/papers/10_automated_whitebox_fuzz.pdfGoogle Scholar
Patrice Godefroid, Hila Peleg, and Rishabh Singh. 2017. Learn&Fuzz: Machine Learning for Input Fuzzing. In Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, ASE 2017, Urbana, IL, USA, October 30 - November 03, 2017. 50--59. https://doi.org/10.1109/ASE.2017.8115618Google ScholarCross Ref
Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2018. MadMax: Surviving Out-of-gas Conditions in Ethereum Smart Contracts. PACMPL, Vol. 2, OOPSLA (2018), 116:1--116:27. https://doi.org/10.1145/3276486Google ScholarDigital Library
Shelly Grossman, Ittai Abraham, Guy Golan-Gueta, Yan Michalevsky, Noam Rinetzky, Mooly Sagiv, and Yoni Zohar. 2018. Online Detection of Effectively Callback Free Objects with Applications to Smart Contracts. PACMPL, Vol. 2, POPL (2018), 48:1--48:28. https://doi.org/10.1145/3158136Google ScholarDigital Library
Jingxuan He, Pesho Ivanov, Petar Tsankov, Veselin Raychev, and Martin Vechev. 2018. Debin: Predicting Debug Information in Stripped Binaries. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15--19, 2018. 1667--1680. https://doi.org/10.1145/3243734.3243866Google ScholarDigital Library
Kihong Heo, Woosuk Lee, Pardis Pashakhanloo, and Mayur Naik. 2018. Effective Program Debloating via Reinforcement Learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15--19, 2018. 380--394. https://doi.org/10.1145/3243734.3243838Google ScholarDigital Library
Everett Hildenbrandt, Manasvi Saxena, Nishant Rodrigues, Xiaoran Zhu, Philip Daian, Dwight Guth, Brandon M. Moore, Daejun Park, Yi Zhang, Andrei Stefanescu, and Grigore Rosu. 2018. KEVM: A Complete Formal Semantics of the Ethereum Virtual Machine. In 31st IEEE Computer Security Foundations Symposium, CSF 2018, Oxford, United Kingdom, July 9--12, 2018. 204--217. https://doi.org/10.1109/CSF.2018.00022Google Scholar
Yoichi Hirai. 2017. Defining the Ethereum Virtual Machine for Interactive Theorem Provers. In Financial Cryptography and Data Security - FC 2017 International Workshops, WAHC, BITCOIN, VOTING, WTSC, and TA, Sliema, Malta, April 7, 2017, Revised Selected Papers. 520--535. https://doi.org/10.1007/978--3--319--70278-0_33Google Scholar
Christian Holler, Kim Herzig, and Andreas Zeller. 2012. Fuzzing with Code Fragments. In Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8--10, 2012. 445--458. https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/hollerGoogle ScholarDigital Library
Matthias Hö schele and Andreas Zeller. 2016. Mining Input Grammars from Dynamic Taints. In Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, ASE 2016, Singapore, September 3--7, 2016. 720--725. https://doi.org/10.1145/2970276.2970321Google Scholar
Bo Jiang, Ye Liu, and W. K. Chan. 2018. ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, ASE 2018, Montpellier, France, September 3--7, 2018. 259--269. https://doi.org/10.1145/3238147.3238177Google ScholarDigital Library
Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. 2018. ZEUS: Analyzing Safety of Smart Contracts. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18--21, 2018. http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_09--1_Kalra_paper.pdfGoogle Scholar
Lucianna Kiffer, Dave Levin, and Alan Mislove. 2018. Analyzing Ethereum's Contract Topology. In Proceedings of the Internet Measurement Conference 2018, IMC 2018, Boston, MA, USA, October 31 - November 02, 2018. 494--499. https://dl.acm.org/citation.cfm?id=3278575Google ScholarDigital Library
Thomas N. Kipf and Max Welling. 2017. Semi-Supervised Classification with Graph Convolutional Networks. In 5th International Conference on Learning Representations, ICLR 2017, Toulon, France, April 24--26, 2017, Conference Track Proceedings. https://openreview.net/forum?id=SJU4ayYglGoogle Scholar
Bojan Kolosnjaji, Ghadir Eraisha, George D. Webster, Apostolis Zarras, and Claudia Eckert. 2017. Empowering Convolutional Networks for Malware Classification and Analysis. In 2017 International Joint Conference on Neural Networks, IJCNN 2017, Anchorage, AK, USA, May 14--19, 2017. 3838--3845. https://doi.org/10.1109/IJCNN.2017.7966340Google Scholar
Johannes Krupp and Christian Rossow. 2018. teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15--17, 2018. 1317--1333. https://www.usenix.org/conference/usenixsecurity18/presentation/kruppGoogle Scholar
Vu Le, Mehrdad Afshari, and Zhendong Su. 2014. Compiler Validation via Equivalence Modulo Inputs. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '14, Edinburgh, United Kingdom - June 09 - 11, 2014. 216--226. https://doi.org/10.1145/2594291.2594334Google ScholarDigital Library
Yuekang Li, Bihuan Chen, Mahinthan Chandramohan, Shang-Wei Lin, Yang Liu, and Alwen Tiu. 2017. Steelix: Program-state Based Binary fuzzing. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2017, Paderborn, Germany, September 4--8, 2017. 627--637. https://doi.org/10.1145/3106237.3106295Google ScholarDigital Library
Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making Smart Contracts Smarter. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24--28, 2016. 254--269. https://doi.org/10.1145/2976749.2978309Google ScholarDigital Library
Tomas Mikolov, Ilya Sutskever, Kai Chen, Gregory S. Corrado, and Jeffrey Dean. 2013. Distributed Representations of Words and Phrases and their Compositionality. In Advances in Neural Information Processing Systems 26: 27th Annual Conference on Neural Information Processing Systems 2013. Proceedings of a meeting held December 5--8, 2013, Lake Tahoe, Nevada, United States. 3111--3119. http://papers.nips.cc/paper/5021-distributed-representations-of-words-and-phrases-and-their-compositionalityGoogle ScholarDigital Library
Ivica Nikolic, Aashish Kolluri, Ilya Sergey, Prateek Saxena, and Aquinas Hobor. 2018. Finding The Greedy, Prodigal, and Suicidal Contracts at Scale. In Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, December 03-07, 2018. 653--663. https://doi.org/10.1145/3274694.3274743Google ScholarDigital Library
OpenZeppelin. 2019. OpenZeppelin is a Library for Secure Smart Contract Development. https://github.com/OpenZeppelin/openzeppelin-solidityGoogle Scholar
Santiago Palladino. 2017. The Parity Wallet Hack Explained. https://blog.zeppelin.solutions/on-the-parity-wallet-multisig-hack-405a8c12e8f7Google Scholar
Hui Peng, Yan Shoshitaishvili, and Mathias Payer. 2018. T-Fuzz: Fuzzing by Program Transformation. In 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, 21--23 May 2018, San Francisco, California, USA. 697--710. https://doi.org/10.1109/SP.2018.00056Google ScholarCross Ref
Anton Permenev, Dimitar Dimitrov, Petar Tsankov, Dana Drachsler-chohen, and Martin Vechev. 2020. VerX: Safety Verification of Smart Contracts. In 2020 IEEE Symposium on Security and Privacy, SP 2020, San Jose, CA, USA, May 18--20, 2020 .Google Scholar
Dean Pomerleau. 1988. ALVINN: An Autonomous Land Vehicle in a Neural Network. In Advances in Neural Information Processing Systems 1, [NIPS Conference, Denver, Colorado, USA, 1988]. 305--313. http://papers.nips.cc/paper/95-alvinn-an-autonomous-land-vehicle-in-a-neural-networkGoogle Scholar
Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, and Herbert Bos. 2017. VUzzer: Application-aware Evolutionary Fuzzing. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017. https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/vuzzer-application-aware-evolutionary-fuzzing/Google Scholar
Stéphane Ross, Geoffrey J. Gordon, and Drew Bagnell. 2011. A Reduction of Imitation Learning and Structured Prediction to No-Regret Online Learning. In Proceedings of the Fourteenth International Conference on Artificial Intelligence and Statistics, AISTATS 2011, Fort Lauderdale, USA, April 11--13, 2011. 627--635. http://jmlr.org/proceedings/papers/v15/ross11a/ross11a.pdfGoogle Scholar
Grigore Rosu and Traian-Florin Serbanuta. 2010. An Overview of the K Semantic Framework. J. Log. Algebr. Program., Vol. 79, 6 (2010), 397--434. https://doi.org/10.1016/j.jlap.2010.03.012Google ScholarCross Ref
Matthew G. Schultz, Eleazar Eskin, Erez Zadok, and Salvatore J. Stolfo. 2001. Data Mining Methods for Detection of New Malicious Executables. In 2001 IEEE Symposium on Security and Privacy, Oakland, California, USA May 14--16, 2001. 38--49. https://doi.org/10.1109/SECPRI.2001.924286Google Scholar
Koushik Sen, Darko Marinov, and Gul Agha. 2005. CUTE: a Concolic Unit Testing Engine for C. In Proceedings of the 10th European Software Engineering Conference held jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2005, Lisbon, Portugal, September 5--9, 2005. 263--272. https://doi.org/10.1145/1081706.1081750Google ScholarDigital Library
Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray, and Suman Jana. 2018. NEUZZ: Efficient Fuzzing with Neural Program Learning. CoRR, Vol. abs/1807.05620 (2018). arxiv: 1807.05620 http://arxiv.org/abs/1807.05620Google Scholar
Shiqi Shen, Shweta Shinde, Soundarya Ramesh, Abhik Roychoudhury, and Prateek Saxena. 2019. Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24--27, 2019. https://www.ndss-symposium.org/ndss-paper/neuro-symbolic-execution-augmenting-symbolic-execution-with-neural-constraints/Google Scholar
Eui Chul Richard Shin, Dawn Song, and Reza Moazzezi. 2015. Recognizing Functions in Binaries with Neural Networks. In 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12--14, 2015. 611--626. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/shinGoogle Scholar
Xujie Si, Hanjun Dai, Mukund Raghothaman, Mayur Naik, and Le Song. 2018. Learning Loop Invariants for Program Verification. In Advances in Neural Information Processing Systems 31: Annual Conference on Neural Information Processing Systems 2018, NeurIPS 2018, 3--8 December 2018, Montré al, Canada. 7762--7773. http://papers.nips.cc/paper/8001-learning-loop-invariants-for-program-verificationGoogle Scholar
David Silver, Aja Huang, Chris J. Maddison, Arthur Guez, Laurent Sifre, George van den Driessche, Julian Schrittwieser, Ioannis Antonoglou, Vedavyas Panneershelvam, Marc Lanctot, Sander Dieleman, Dominik Grewe, John Nham, Nal Kalchbrenner, Ilya Sutskever, Timothy P. Lillicrap, Madeleine Leach, Koray Kavukcuoglu, Thore Graepel, and Demis Hassabis. 2016. Mastering the Game of Go with Deep Neural Networks and Tree Search. Nature, Vol. 529, 7587 (2016), 484--489. https://doi.org/10.1038/nature16961Google Scholar
Gagandeep Singh, Markus Pü schel, and Martin Vechev. 2018. Fast Numerical Program Analysis with Reinforcement Learning. In Computer Aided Verification - 30th International Conference, CAV 2018, Held as Part of the Federated Logic Conference, FloC 2018, Oxford, UK, July 14--17, 2018, Proceedings, Part I. 211--229. https://doi.org/10.1007/978--3--319--96145--3_12Google Scholar
Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2016. Driller: Augmenting Fuzzing Through Selective Symbolic Execution. In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21--24, 2016. http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/driller-augmenting-fuzzing-through-selective-symbolic-execution.pdfGoogle Scholar
Parity Technologies. 2017. Security Alert. https://www.parity.io/security-alert-2/Google Scholar
Christof Ferreira Torres, Julian Schü tte, and Radu State. 2018. Osiris: Hunting for Integer Bugs in Ethereum Smart Contracts. In Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, December 03-07, 2018. 664--676. https://doi.org/10.1145/3274694.3274737Google ScholarDigital Library
Petar Tsankov, Andrei Marian Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Bü nzli, and Martin Vechev. 2018. Securify: Practical Security Analysis of Smart Contracts. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15--19, 2018. 67--82. https://doi.org/10.1145/3243734.3243780Google ScholarDigital Library
Petar Tsankov, Mohammad Torabi Dashti, and David A. Basin. 2012. SECFUZZ: Fuzz-testing Security Protocols. In 7th International Workshop on Automation of Software Test, AST 2012, Zurich, Switzerland, June 2--3, 2012. 1--7. https://doi.org/10.1109/IWAST.2012.6228985Google Scholar
Junjie Wang, Bihuan Chen, Lei Wei, and Yang Liu. 2017. Skyfire: Data-Driven Seed Generation for Fuzzing. In 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22--26, 2017. 579--594. https://doi.org/10.1109/SP.2017.23Google Scholar
Gavin Wood. 2014. Ethereum: A Secure Decentralised Generalised Transaction Ledger. Ethereum project yellow paper (2014).Google Scholar
Xuejun Yang, Yang Chen, Eric Eide, and John Regehr. 2011. Finding and Understanding Bugs in C Compilers. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011, San Jose, CA, USA, June 4--8, 2011. 283--294. https://doi.org/10.1145/1993498.1993532Google ScholarDigital Library
Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. 2018. QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15--17, 2018. 745--761. https://www.usenix.org/conference/usenixsecurity18/presentation/yunGoogle Scholar
Michal Zalewski. 2019. American Fuzzy Loop. http://lcamtuf.coredump.cx/afl/Google Scholar
Yi Zhou, Deepak Kumar, Surya Bakshi, Joshua Mason, Andrew Miller, and Michael Bailey. 2018. Erays: Reverse Engineering Ethereum's Opaque Smart Contracts. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15--17, 2018. 1371--1385. https://www.usenix.org/conference/usenixsecurity18/presentation/zhouGoogle Scholar

Index Terms

Learning to Fuzz from Symbolic Execution with Application to Smart Contracts
1. Security and privacy
  1. Software and application security
    1. Software security engineering

Recommendations

Improving function coverage with munch: a hybrid fuzzing and directed symbolic execution approach
SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing

Fuzzing and symbolic execution are popular techniques for finding vulnerabilities and generating test-cases for programs. Fuzzing, a blackbox method that mutates seed input values, is generally incapable of generating diverse inputs that exercise all ...
Read More
Badger: complexity analysis with fuzzing and symbolic execution
ISSTA 2018: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis

Hybrid testing approaches that involve fuzz testing and symbolic execution have shown promising results in achieving high code coverage, uncovering subtle errors and vulnerabilities in a variety of software applications. In this paper we describe Badger ...
Read More
Testing Ethereum Smart Contracts: A Comparison of Symbolic Analysis and Fuzz Testing Tools
SAICSIT '20: Conference of the South African Institute of Computer Scientists and Information Technologists 2020

Ethereum smart contract exploits have inflicted enormous monetary damage due to vulnerabilities introduced accidentally by the contract authors. Many of these errors can now be detected automatically by a growing number of security analysis tools that ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
November 2019
2755 pages
ISBN:9781450367479
DOI:10.1145/3319535
General Chairs:
Lorenzo Cavallaro
King's College London, UK
,
Johannes Kinder
Bundeswehr University Munich, Germany
,
Program Chairs:
XiaoFeng Wang
Indiana University, USA
,
Jonathan Katz
George Mason University, USA
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 6 November 2019
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
fuzzing
imitation learning
smart contracts
symbolic execution
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '19 Paper Acceptance Rate149of934submissions,16%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 128
  Total Citations
  View Citations
- 2,122
  Total Downloads
- Downloads (Last 12 months)347
- Downloads (Last 6 weeks)37
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Learning to Fuzz from Symbolic Execution with Application to Smart Contracts

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

Supplemental Material

References

Cited By

Index Terms

Recommendations

Improving function coverage with munch: a hybrid fuzzing and directed symbolic execution approach

Badger: complexity analysis with fuzzing and symbolic execution

Testing Ethereum Smart Contracts: A Comparison of Symbolic Analysis and Fuzz Testing Tools