EVMFuzz: Differential fuzz testing of Ethereum virtual machine
نویسندگان
چکیده
Ethereum Virtual Machine (EVM) is the run-time environment for smart contracts and its vulnerabilities may lead to serious problems ecology. With lots of techniques being developed validation contracts, security EVM have not been well-studied. In this paper, we propose EVMFuzz, aiming detect EVMs with differential fuzz testing. The core idea EVMFuzz continuously generate seed different EVMs' execution, so as find many inconsistencies among execution results possible, eventually discover output cross-referencing. First, present evaluation metric internal inconsistency indicator, such opcode sequence executed gas used. Then, construct via a set predefined mutators employ dynamic priority scheduling algorithm guide selection maximize inconsistency. Finally, leverage crossreferencing oracles avoid manual checking output. For evaluation, conducted large-scale mutation on 36,295 real-world generated 253,153 contracts. Among them, 66.2% showed performance, including 1,596 variant triggered inconsistent EVMs. Accompanied by root cause analysis, found 5 previously unknown bugs in four widely used EVMs, all had included Common Vulnerabilities Exposures (CVE) database.
منابع مشابه
Defining the Ethereum Virtual Machine for Interactive Theorem Provers
Smart contracts in Ethereum are executed by the Ethereum Virtual Machine (EVM). We defined EVM in Lem, a language that can be compiled for a few interactive theorem provers. We tested our definition against a standard test suite for Ethereum implementations. Using our definition, we proved some safety properties of Ethereum smart contracts in an interactive theorem prover Isabelle/HOL. To our k...
متن کاملVDF: Targeted Evolutionary Fuzz Testing of Virtual Devices
As cloud computing becomes more and more prevalent, there is increased interest in mitigating attacks that target hypervisors from within the virtualized guest environments that they host. We present VDF, a targeted evolutionary fuzzing framework for discovering bugs within the software-based virtual devices implemented as part of a hypervisor. To achieve this, VDF selectively instruments the c...
متن کاملAutomated Whitebox Fuzz Testing
Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally, fuzz testing tools apply random mutations to well-formed inputs and test the program on the resulting values. We present an alternative whitebox fuzz testing approach inspired by recent advances in symbolic execution and dynamic test generation. Our approach records an actual run of a program...
متن کاملLearn&Fuzz: machine learning for input fuzzing
Fuzzing consists of repeatedly testing an application with modified, or fuzzed, inputs with the goal of finding security vulnerabilities in input-parsing code. In this paper, we show how to automate the generation of an input grammar suitable for input fuzzing using sample inputs and neural-network-based statistical machine-learning techniques. We present a detailed case study with a complex in...
متن کاملInstrumented Fuzz Testing Using AIR Integers
Integers represent a growing and underestimated source of vulnerabilities in C and C++ programs. In this paper, we present the as-if infinitely ranged (AIR) integer model, which provides a largely automated mechanism for eliminating integer overflow, truncation, and other integral exceptional conditions. The AIR integer model either produces a value equivalent to one that would have been obtain...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Journal of software
سال: 2023
ISSN: ['1796-217X']
DOI: https://doi.org/10.1002/smr.2556