7,573 research outputs found
Towards Smart Hybrid Fuzzing for Smart Contracts
Smart contracts are Turing-complete programs that are executed across a
blockchain network. Unlike traditional programs, once deployed they cannot be
modified. As smart contracts become more popular and carry more value, they
become more of an interesting target for attackers. In recent years, smart
contracts suffered major exploits, costing millions of dollars, due to
programming errors. As a result, a variety of tools for detecting bugs has been
proposed. However, majority of these tools often yield many false positives due
to over-approximation or poor code coverage due to complex path constraints.
Fuzzing or fuzz testing is a popular and effective software testing technique.
However, traditional fuzzers tend to be more effective towards finding shallow
bugs and less effective in finding bugs that lie deeper in the execution. In
this work, we present CONFUZZIUS, a hybrid fuzzer that combines evolutionary
fuzzing with constraint solving in order to execute more code and find more
bugs in smart contracts. Evolutionary fuzzing is used to exercise shallow parts
of a smart contract, while constraint solving is used to generate inputs which
satisfy complex conditions that prevent the evolutionary fuzzing from exploring
deeper paths. Moreover, we use data dependency analysis to efficiently generate
sequences of transactions, that create specific contract states in which bugs
may be hidden. We evaluate the effectiveness of our fuzzing strategy, by
comparing CONFUZZIUS with state-of-the-art symbolic execution tools and
fuzzers. Our evaluation shows that our hybrid fuzzing approach produces
significantly better results than state-of-the-art symbolic execution tools and
fuzzers
Dissecting Ponzi schemes on Ethereum: identification, analysis, and impact
Ponzi schemes are financial frauds which lure users under the promise of high
profits. Actually, users are repaid only with the investments of new users
joining the scheme: consequently, a Ponzi scheme implodes soon after users stop
joining it. Originated in the offline world 150 years ago, Ponzi schemes have
since then migrated to the digital world, approaching first the Web, and more
recently hanging over cryptocurrencies like Bitcoin. Smart contract platforms
like Ethereum have provided a new opportunity for scammers, who have now the
possibility of creating "trustworthy" frauds that still make users lose money,
but at least are guaranteed to execute "correctly". We present a comprehensive
survey of Ponzi schemes on Ethereum, analysing their behaviour and their impact
from various viewpoints
- …