• Stars
    star
    139
  • Rank 262,954 (Top 6 %)
  • Language
    F#
  • License
    MIT License
  • Created about 3 years ago
  • Updated 7 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Smartian: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses (ASE '21)

Smartian

Smartian is a grey-box fuzzer for Ethereum smart contracts. Smartian leverages static and dynamic data-flow analyses to enhance the effectiveness of fuzzing. The technical details of Smartian can be found in our paper "Smartian: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses" published in ASE 2021.

Installation

Smartian is written in F#, so you have to install .NET to run Smartian. Installation step differs for each Linux distribution, so please refer to this link and install net5.0. Then, you can simply clone and build Smartian as follow.

$ git clone https://github.com/SoftSec-KAIST/Smartian
$ cd Smartian
$ git submodule update --init --recursive
$ make

Usage

You can fuzz a smart contract with Smartian by providing its EVM bytecode and ABI specification as follow. Here, -t option specifies the time limitation in seconds. The output test cases and bug-triggering inputs will be stored in the directory specified by -o option.

$ dotnet build/Smartian.dll fuzz -p <bytecode file> -a <abi file> -t <time limit> -o <output dir>

The output directory will have two subdirectories. First, testcase directory will contain inputs that increased edge coverage during fuzzing. You can use these inputs to measure code coverage achievement. Second, bug directory will contain inputs that triggered bug. The file names of bug-triggering inputs will be tagged with abbreviated bug class name (e.g., 'RE' for reentrancy bug). For the list of used abbreviations, please refer to our paper.

Note that the generated test inputs are in JSON format, and they contain necessary information required to reproduce the transactions. You can replay these files against the target contract with the following command.

$ dotnet build/Smartian.dll replay -p <bytecode file> -i <test case directory>

You may also check other command-line options of Smartian by running dotnet build/Smartian.dll fuzz --help and dotnet build/Smartian.dll replay --help.

Artifact

We also publicize the artifacts to reproduce the experiments in our paper. Please check our Smartian-Artifact repository.

Citation

You can site our paper with the following bibtex entry. The page field will be updated later.

@INPROCEEDINGS{choi:ase:2021,
  author = {Jaeseung Choi and Doyeon Kim and Soomin Kim and Gustavo Grieco and Alex Groce and Sang Kil Cha},
  title = {{Smartian}: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses},
  booktitle = {Proceedings of the International Conference on Automated Software Engineering},
  year = 2021
}

More Repositories

1

CodeAlchemist

CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines (NDSS '19)
F#
235
star
2

Fuzzing-Survey

The Art, Science, and Engineering of Fuzzing: A Survey
JavaScript
207
star
3

Eclipser

Grey-box Concolic Testing on Binary Code (ICSE '19)
F#
148
star
4

BinKit

Binary Code Similarity Analysis (BCSA) Benchmark
Shell
132
star
5

TikNib

Binary Code Similarity Analysis (BCSA) Tool
Python
114
star
6

IMF

Inferred Model-based Fuzzer
Python
107
star
7

NTFuzz

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis (IEEE S&P '21)
F#
94
star
8

MeanDiff

Testing Intermediate Representations for Binary Analysis (ASE '17)
F#
79
star
9

GitCTF

Git-based CTF
Python
60
star
10

Ankou

Ankou: Guiding Grey-box Fuzzing towards Combinatorial Difference (ICSE '20)
Go
54
star
11

Fuzzle

Fuzzle: Making a Puzzle for Fuzzers (ASE'22)
Python
40
star
12

Reassessor

Reassembly is Hard: A Reflection on Challenges and Strategies (USENIX Security '23)
Python
30
star
13

BotScreen

BotScreen: Trust Everybody, but Cut the Aimbots Yourself (USENIX Security '23)
Python
13
star
14

Smartian-Artifact

Artifacts for Smartian, a grey-box fuzzer for Ethereum smart contracts.
Solidity
12
star
15

Eclipser-Artifact

Docker image for Eclipser
Shell
4
star
16

Fuzzle-artifact

Artifact evaluation repository for Fuzzle
C
3
star
17

MeanDiff-LifterPyVEX

Lift instruction to VEX, using PyVEX, and translate to MeanDiff's UIR
Python
2
star
18

Ankou-Benchmark

2
star
19

MeanDiff-LifterBINSEC

Lift instruction to DBA, using BINSEC, and translate to MeanDiff's UIR
OCaml
1
star
20

LLM1dFuzz

Systematic Bug Reproduction with Large Language Model (SECAI'24)
Shell
1
star
21

MeanDiff-ExternalXED

C
1
star
22

MeanDiff-LifterBAP

Lift instruction to BIL, using BAP, and translate to MeanDiff's UIR
OCaml
1
star
23

MeanDiff-DockerBaseImage

Shell
1
star