Visible to the public Increasing Fuzz Testing Coverage for Smart Contracts with Dynamic Taint Analysis

TitleIncreasing Fuzz Testing Coverage for Smart Contracts with Dynamic Taint Analysis
Publication TypeConference Paper
Year of Publication2021
AuthorsJi, Songyan, Dong, Jian, Qiu, Junfu, Gu, Bowen, Wang, Ye, Wang, Tongqi
Conference Name2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS)
Date Publisheddec
Keywordscomposability, Conferences, dynamic taint analysis, ethereum, Fuzz Testing, fuzzing, IP networks, Metrics, pubcrawl, security, smart contracts, software quality, software reliability, taint analysis
AbstractNowadays, smart contracts manage more and more digital assets and have become an attractive target for adversaries. To prevent smart contracts from malicious attacks, a thorough test is indispensable and must be finished before deployment because smart contracts cannot be modified after being deployed. Fuzzing is an important testing approach, but most existing smart contract fuzzers can hardly solve the constraints which involve deeply nested conditional statements, resulting in low coverage. To address this problem, we propose Targy, an efficient targeted mutation strategy based on dynamic taint analysis. We obtain the taint flow by dynamic taint propagation, and generate a more accurate mutation strategy for the input parameters of functions to simultaneously satisfy all conditional statements. We implemented Targy on sFuzz with 3.6 thousand smart contracts running on Ethereum. The numbers of covered branches and detected vulnerabilities increase by 6% and 7% respectively, and the average time required for covering a branch is reduced by 11 %.
DOI10.1109/QRS54544.2021.00035
Citation Keyji_increasing_2021