Effuzz: Efficient fuzzing by directed search for smart contracts

Context: A large number of Ethereum smart contracts have been deployed on blockchain to manage assets. Unfortunately, due to the immutable nature of blockchain, smart contracts cannot be modified after deployment, even if vulnerabilities have been exposed to attackers. Therefore, it is critical to efficiently and thoroughly test smart contracts. Greybox fuzzing is a prosperous technique for detecting smart contract vulnerabilities. However, most existing fuzzers have a common drawback in that they cannot efficiently satisfy hard-to-cover branch constraints. Objective: The goal of this paper is to solve the problem of how to efficiently satisfy hard-to-cover branch constraints. After solving this problem, fuzz testing can execute more code, and there is a higher probability of executing vulnerabilities. Method: We propose an approach for addressing this problem. Specifically, we design an input parameter analysis strategy to selectively mutate a subset of input parameters to reduce invalid mutations. Also, to accelerate the processing of satisfying branch constraints, we design an accelerated multi-objective search strategy to reduce the waste of resources. Result: We implemented this approach in a tool called Effuzz and applied it to real-world smart contracts. Experiments show that Effuzz finds more vulnerabilities and is more efficient than existing state-of-the-art fuzzers. Conclusion: In this paper, we present an approach to efficiently satisfy hard-to-cover branch constraints. Our approach addresses two main problems, i.e., how to select the subset of input parameters for mutation with considering the characteristic of Ethereum smart contracts, and how to accelerate the search to satisfy hard-to-cover branch constraints without generating excessive ineffective test cases that waste resources. The experimental results show that our approach is effective.