EvoFuzzer: An Evolutionary Fuzzer for Detecting Reentrancy Vulnerability in Smart Contracts

Abstract

Reentrancy vulnerability is one of the most serious security issues in smart contracts, resulting in millions of dollars in economic losses and posing a threat to the trust of the blockchain ecosystem. Therefore, researchers are paying more attention to this problem and have proposed various methods to detect and eliminate potential reentrancy vulnerabilities before contract deployment. Compared to symbolic execution and pattern-matching methods, fuzz testing method can achieve higher accuracy and are better suitable for detecting cross-contract vulnerabilities. However, existing fuzz testing tools often spend a long time exploring states with little pruning, and most of them adopt the reentrancy vulnerability oracle used by static analysis tools, which ignores whether the vulnerability can be exploited to compromise the access control, mutex, or time locks. To address these issues, we propose EvoFuzzer, an evolutionary fuzzer that focuses on the detection of reentrancy vulnerabilities. EvoFuzzer first leverages static analysis to exclude branches that have no impact on state transitions, then continuously optimizes test case generation using a genetic algorithm that considers both function sequence and parameter assignment, and Meanwhile, EvoFuzzer confirms whether reentrancy vulnerabilities can be exploited by simulating attacks. Our experiments have performed on 198 annotated contracts and 47 honeypot contracts, and experimental results show that EvoFuzzer can detect 91.7% of reentrancy vulnerabilities with no false positives, achieve the highest F1 score with 95.7%, which is 5.9% higher than the next best approach (Confuzzius), and we also find that it reduces more than 10% of branches when EvoFuzzer adopts a pruning strategy.