ACOFuzz: An ant colony algorithm-based fuzzer for smart contracts

IF 5.6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Blockchain-Research and Applications Pub Date : 2025-03-25 DOI:10.1016/j.bcra.2025.100279

Peixuan Feng , Wenrui Cao , Siqi Lu , Yongjuan Wang , Haoyuan Xue , Runnan Yang

{"title":"ACOFuzz: An ant colony algorithm-based fuzzer for smart contracts","authors":"Peixuan Feng , Wenrui Cao , Siqi Lu , Yongjuan Wang , Haoyuan Xue , Runnan Yang","doi":"10.1016/j.bcra.2025.100279","DOIUrl":null,"url":null,"abstract":"<div><div>In today's blockchain landscape, smart contracts are assuming a pivotal role, albeit accompanied by a heightened risk of exploitation by attackers. As smart contracts grow in complexity, vulnerabilities lurking within deeper layers of code become more prevalent. Existing analysis tools primarily focus on data flow and a priori knowledge based on symbolic execution as a test case generation strategy, often falling short in uncovering vulnerabilities nested within intricate conditional statements. To address this challenge, we present ACOFuzz, an advanced fuzzer for Ethereum smart contracts. ACOFuzz employs the ant colony optimization (ACO) algorithm to traverse the control flow graph (CFG) of smart contracts, systematically exploring execution paths and generating test cases. Subsequently, it strategically directs the search towards paths that are more susceptible to vulnerabilities within the CFG, leveraging block coverage data obtained from executing the test cases. In a comprehensive evaluation, we demonstrate that ACOFuzz excels in covering a wider array of paths within a contract while exhibiting enhanced accuracy in pinpointing specific vulnerabilities compared to contemporary fuzzers.</div></div>","PeriodicalId":53141,"journal":{"name":"Blockchain-Research and Applications","volume":"6 3","pages":"Article 100279"},"PeriodicalIF":5.6000,"publicationDate":"2025-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Blockchain-Research and Applications","FirstCategoryId":"1093","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2096720925000065","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

In today's blockchain landscape, smart contracts are assuming a pivotal role, albeit accompanied by a heightened risk of exploitation by attackers. As smart contracts grow in complexity, vulnerabilities lurking within deeper layers of code become more prevalent. Existing analysis tools primarily focus on data flow and a priori knowledge based on symbolic execution as a test case generation strategy, often falling short in uncovering vulnerabilities nested within intricate conditional statements. To address this challenge, we present ACOFuzz, an advanced fuzzer for Ethereum smart contracts. ACOFuzz employs the ant colony optimization (ACO) algorithm to traverse the control flow graph (CFG) of smart contracts, systematically exploring execution paths and generating test cases. Subsequently, it strategically directs the search towards paths that are more susceptible to vulnerabilities within the CFG, leveraging block coverage data obtained from executing the test cases. In a comprehensive evaluation, we demonstrate that ACOFuzz excels in covering a wider array of paths within a contract while exhibiting enhanced accuracy in pinpointing specific vulnerabilities compared to contemporary fuzzers.

查看原文本刊更多论文

ACOFuzz：基于蚁群算法的智能合约模糊器

在当今的bbb环境中，智能合约正在发挥关键作用，尽管伴随着攻击者利用的风险增加。随着智能合约变得越来越复杂，潜伏在更深层次代码中的漏洞变得越来越普遍。现有的分析工具主要关注数据流和基于符号执行的先验知识，将其作为测试用例生成策略，在发现嵌套在复杂条件语句中的漏洞方面往往存在不足。为了应对这一挑战，我们提出了ACOFuzz，一种用于以太坊智能合约的高级模糊器。ACOFuzz采用蚁群优化（ant colony optimization， ACO）算法遍历智能合约的控制流图（control flow graph， CFG），系统地探索执行路径并生成测试用例。随后，它战略性地将搜索指向CFG中更容易受到漏洞影响的路径，利用从执行测试用例中获得的块覆盖数据。在全面的评估中，我们证明了ACOFuzz在覆盖合约中更广泛的路径方面表现出色，同时与当代fuzzers相比，在精确定位特定漏洞方面表现出更高的准确性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Blockchain-Research and Applications

CiteScore

11.30

自引率

3.60%

发文量

期刊介绍： Blockchain: Research and Applications is an international, peer reviewed journal for researchers, engineers, and practitioners to present the latest advances and innovations in blockchain research. The journal publishes theoretical and applied papers in established and emerging areas of blockchain research to shape the future of blockchain technology.