STUDY SPACE
Are We There Yet? Unraveling the State-of-the-Art Smart Contract Fuzzers

Are We There Yet? Unraveling the State-of-the-Art Smart Contract Fuzzers

April 14-20, 2024 | Shuohan Wu, Zihao Li, Luyi Yan, Weimin Chen, Muhui Jiang, Chenxu Wang, Xiapu Luo, Hao Zhou
This paper presents a comprehensive review and evaluation of state-of-the-art smart contract fuzzers. The authors identify a lack of systematic evaluation of existing contract fuzzers and propose a benchmark with 2,000 carefully-labeled contracts and five performance metrics to evaluate 11 state-of-the-art fuzzers. The evaluation reveals that current fuzzers are far from satisfactory in vulnerability detection, with many generating high false positives and negatives. The authors suggest that future fuzzers should focus on improving throughput, refining test oracles, and optimizing initial seeds. They also conduct surveys with 16 auditors, finding that auditors prefer fuzzers that provide convenience and flexibility in creating customized test oracles. The study provides insights into the current state of smart contract fuzzing and suggests possible directions for future fuzzers. The authors also highlight the importance of using accurate test oracles and suggest that fuzzers should incorporate data flow analysis and machine learning to improve their effectiveness. The study concludes that the adoption of lightweight, standalone EVM frameworks and efficient languages can improve fuzzers' performance. The authors also emphasize the need for ongoing research to expand understanding of vulnerabilities and improve test oracles.This paper presents a comprehensive review and evaluation of state-of-the-art smart contract fuzzers. The authors identify a lack of systematic evaluation of existing contract fuzzers and propose a benchmark with 2,000 carefully-labeled contracts and five performance metrics to evaluate 11 state-of-the-art fuzzers. The evaluation reveals that current fuzzers are far from satisfactory in vulnerability detection, with many generating high false positives and negatives. The authors suggest that future fuzzers should focus on improving throughput, refining test oracles, and optimizing initial seeds. They also conduct surveys with 16 auditors, finding that auditors prefer fuzzers that provide convenience and flexibility in creating customized test oracles. The study provides insights into the current state of smart contract fuzzing and suggests possible directions for future fuzzers. The authors also highlight the importance of using accurate test oracles and suggest that fuzzers should incorporate data flow analysis and machine learning to improve their effectiveness. The study concludes that the adoption of lightweight, standalone EVM frameworks and efficient languages can improve fuzzers' performance. The authors also emphasize the need for ongoing research to expand understanding of vulnerabilities and improve test oracles.
Terms of Service
Privacy Policy
Reach us at info@study.space