EOSFuzzer: Fuzzing EOSIO Smart Contracts for Vulnerability Detection
This addresses security issues for EOSIO blockchain users, but it is incremental as it applies an existing fuzzing approach to a new domain.
The paper tackled the problem of vulnerabilities in EOSIO smart contracts, which have caused financial losses, by presenting EOSFuzzer, a black-box fuzzing framework that detected vulnerabilities in 3963 contracts with high accuracy.
EOSIO is one typical public blockchain platform. It is scalable in terms of transaction speeds and has a growing ecosystem supporting smart contracts and decentralized applications. However, the vulnerabilities within the EOSIO smart contracts have led to serious attacks, which caused serious financial loss to its end users. In this work, we systematically analyzed three typical EOSIO smart contract vulnerabilities and their related attacks. Then we presented EOSFuzzer, a general black-box fuzzing framework to detect vulnerabilities within EOSIO smart contracts. In particular, EOSFuzzer proposed effective attacking scenarios and test oracles for EOSIO smart contract fuzzing. Our fuzzing experiment on 3963 EOSIO smart contracts shows that EOSFuzzer is both effective and efficient to detect EOSIO smart contract vulnerabilities with high accuracy.