Smart contracts are increasingly being used to manage large numbers of
high-value cryptocurrency accounts. There is a strong demand for automated,
efficient, and comprehensive methods to detect security vulnerabilities in a
given contract. While the literature features a plethora of analysis methods
for smart contracts, the existing proposals do not address the increasing
complexity of contracts. Existing analysis tools suffer from false alarms and
missed bugs in today's smart contracts that are increasingly defined by
complexity and interdependencies. To scale accurate analysis to modern smart
contracts, we introduce EF/CF, a high-performance fuzzer for Ethereum smart
contracts. In contrast to previous work, EF/CF efficiently and accurately
models complex smart contract interactions, such as reentrancy and
cross-contract interactions, at a very high fuzzing throughput rate. To achieve
this, EF/CF transpiles smart contract bytecode into native C++ code, thereby
enabling the reuse of existing, optimized fuzzing toolchains. Furthermore,
EF/CF increases fuzzing efficiency by employing a structure-aware mutation
engine for smart contract transaction sequences and using a contract's ABI to
generate valid transaction inputs. In a comprehensive evaluation, we show that
EF/CF scales better -- without compromising accuracy -- to complex contracts
compared to state-of-the-art approaches, including other fuzzers,
symbolic/concolic execution, and hybrid approaches. Moreover, we show that
EF/CF can automatically generate transaction sequences that exploit reentrancy
bugs to steal Ether.Comment: To be published at Euro S&P 202