An Empirical Study on the Effects of Entry Function Pairs in Fuzzing Smart Contracts

Imran Ashraf; W. K. Chan

doi:10.1109/COMPSAC54236.2022.00273

An Empirical Study on the Effects of Entry Function Pairs in Fuzzing Smart Contracts

^*Corresponding author for this work

Department of Computer Science

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

2 Citations (Scopus)

Abstract

Ethereum smart contracts may incur security vulnerabilities. Fuzzing is an industry-standard practice to detect them in improving the dependability of programs. Existing fuzz testing techniques for Ethereum smart contracts are insensitive to whether consecutive seeds of the same function are used for fuzzing the smart contract under test. Nonetheless, smart contracts are often designed to have collaborations among different functions for business activity to complete. We wonder whether this mismatch will make fuzzing techniques less effective than they should be. In this paper, to the best of our knowledge, we present the first work to show that security vulnerability detection can be significantly more effective in smart contract fuzzing if the entry functions of recent past test cases can be distinct. The empirical results show that the performance boost can be as large as 10.4% by simply enabling any test case not invoking the same entry functions as a few recent past test cases. The empirical result also shows that the cost-effectiveness also increases by up to 21.9%.

Original language	English
Title of host publication	Proceedings - 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC 2022)
Editors	Hong Va Leong, Sahra Sedigh Sarvestani, Yuuichi Teranishi, Alfredo Cuzzocrea, Hiroki Kashiwazaki, Dave Towey, Ji-Jiang Yang, Hossain Shahriar
Publisher	IEEE
Pages	1716-1721
Number of pages	6
ISBN (Electronic)	9781665488105
ISBN (Print)	9781665488112
DOIs	https://doi.org/10.1109/COMPSAC54236.2022.00273
Publication status	Published - 2022
Event	46th IEEE Computer Society International Conference on Computers, Software, and Applications (COMPSAC 2022): Computers, Software, and Applications in an Uncertain World - Virtual, United States Duration: 27 Jun 2022 → 1 Jul 2022

Publication series

Name	Proceedings - IEEE Annual Computers, Software, and Applications Conference, COMPSAC
ISSN (Print)	0730-3157

Conference

Conference	46th IEEE Computer Society International Conference on Computers, Software, and Applications (COMPSAC 2022)
Country/Territory	United States
Period	27/06/22 → 1/07/22

Research Keywords

Blockchain
Fuzz Testing
Security Vulnerability Detection
Smart Contracts
Technical Debt

Access Output

10.1109/COMPSAC54236.2022.00273

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

Ashraf, I., & Chan, W. K. (2022). An Empirical Study on the Effects of Entry Function Pairs in Fuzzing Smart Contracts. In H. V. Leong, S. S. Sarvestani, Y. Teranishi, A. Cuzzocrea, H. Kashiwazaki, D. Towey, J.-J. Yang, & H. Shahriar (Eds.), Proceedings - 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC 2022) (pp. 1716-1721). (Proceedings - IEEE Annual Computers, Software, and Applications Conference, COMPSAC). IEEE. https://doi.org/10.1109/COMPSAC54236.2022.00273

Ashraf, Imran ; Chan, W. K. / An Empirical Study on the Effects of Entry Function Pairs in Fuzzing Smart Contracts. Proceedings - 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC 2022). editor / Hong Va Leong ; Sahra Sedigh Sarvestani ; Yuuichi Teranishi ; Alfredo Cuzzocrea ; Hiroki Kashiwazaki ; Dave Towey ; Ji-Jiang Yang ; Hossain Shahriar. IEEE, 2022. pp. 1716-1721 (Proceedings - IEEE Annual Computers, Software, and Applications Conference, COMPSAC).

@inproceedings{6971b4340f9b47ab873368f224c1d35d,

title = "An Empirical Study on the Effects of Entry Function Pairs in Fuzzing Smart Contracts",

abstract = "Ethereum smart contracts may incur security vulnerabilities. Fuzzing is an industry-standard practice to detect them in improving the dependability of programs. Existing fuzz testing techniques for Ethereum smart contracts are insensitive to whether consecutive seeds of the same function are used for fuzzing the smart contract under test. Nonetheless, smart contracts are often designed to have collaborations among different functions for business activity to complete. We wonder whether this mismatch will make fuzzing techniques less effective than they should be. In this paper, to the best of our knowledge, we present the first work to show that security vulnerability detection can be significantly more effective in smart contract fuzzing if the entry functions of recent past test cases can be distinct. The empirical results show that the performance boost can be as large as 10.4% by simply enabling any test case not invoking the same entry functions as a few recent past test cases. The empirical result also shows that the cost-effectiveness also increases by up to 21.9%.",

keywords = "Blockchain, Fuzz Testing, Security Vulnerability Detection, Smart Contracts, Technical Debt",

author = "Imran Ashraf and Chan, {W. K.}",

year = "2022",

doi = "10.1109/COMPSAC54236.2022.00273",

language = "English",

isbn = "9781665488112",

series = "Proceedings - IEEE Annual Computers, Software, and Applications Conference, COMPSAC",

publisher = "IEEE",

pages = "1716--1721",

editor = "Leong, {Hong Va} and Sarvestani, {Sahra Sedigh} and Yuuichi Teranishi and Alfredo Cuzzocrea and Hiroki Kashiwazaki and Dave Towey and Ji-Jiang Yang and Hossain Shahriar",

booktitle = "Proceedings - 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC 2022)",

address = "United States",

note = "46th IEEE Computer Society International Conference on Computers, Software, and Applications (COMPSAC 2022) : Computers, Software, and Applications in an Uncertain World ; Conference date: 27-06-2022 Through 01-07-2022",

}

Ashraf, I & Chan, WK 2022, An Empirical Study on the Effects of Entry Function Pairs in Fuzzing Smart Contracts. in HV Leong, SS Sarvestani, Y Teranishi, A Cuzzocrea, H Kashiwazaki, D Towey, J-J Yang & H Shahriar (eds), Proceedings - 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC 2022). Proceedings - IEEE Annual Computers, Software, and Applications Conference, COMPSAC, IEEE, pp. 1716-1721, 46th IEEE Computer Society International Conference on Computers, Software, and Applications (COMPSAC 2022), United States, 27/06/22. https://doi.org/10.1109/COMPSAC54236.2022.00273

An Empirical Study on the Effects of Entry Function Pairs in Fuzzing Smart Contracts. / Ashraf, Imran ; Chan, W. K.
Proceedings - 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC 2022). ed. / Hong Va Leong; Sahra Sedigh Sarvestani; Yuuichi Teranishi; Alfredo Cuzzocrea; Hiroki Kashiwazaki; Dave Towey; Ji-Jiang Yang; Hossain Shahriar. IEEE, 2022. p. 1716-1721 (Proceedings - IEEE Annual Computers, Software, and Applications Conference, COMPSAC).

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

TY - GEN

T1 - An Empirical Study on the Effects of Entry Function Pairs in Fuzzing Smart Contracts

AU - Ashraf, Imran

AU - Chan, W. K.

PY - 2022

Y1 - 2022

N2 - Ethereum smart contracts may incur security vulnerabilities. Fuzzing is an industry-standard practice to detect them in improving the dependability of programs. Existing fuzz testing techniques for Ethereum smart contracts are insensitive to whether consecutive seeds of the same function are used for fuzzing the smart contract under test. Nonetheless, smart contracts are often designed to have collaborations among different functions for business activity to complete. We wonder whether this mismatch will make fuzzing techniques less effective than they should be. In this paper, to the best of our knowledge, we present the first work to show that security vulnerability detection can be significantly more effective in smart contract fuzzing if the entry functions of recent past test cases can be distinct. The empirical results show that the performance boost can be as large as 10.4% by simply enabling any test case not invoking the same entry functions as a few recent past test cases. The empirical result also shows that the cost-effectiveness also increases by up to 21.9%.

AB - Ethereum smart contracts may incur security vulnerabilities. Fuzzing is an industry-standard practice to detect them in improving the dependability of programs. Existing fuzz testing techniques for Ethereum smart contracts are insensitive to whether consecutive seeds of the same function are used for fuzzing the smart contract under test. Nonetheless, smart contracts are often designed to have collaborations among different functions for business activity to complete. We wonder whether this mismatch will make fuzzing techniques less effective than they should be. In this paper, to the best of our knowledge, we present the first work to show that security vulnerability detection can be significantly more effective in smart contract fuzzing if the entry functions of recent past test cases can be distinct. The empirical results show that the performance boost can be as large as 10.4% by simply enabling any test case not invoking the same entry functions as a few recent past test cases. The empirical result also shows that the cost-effectiveness also increases by up to 21.9%.

KW - Blockchain

KW - Fuzz Testing

KW - Security Vulnerability Detection

KW - Smart Contracts

KW - Technical Debt

UR - http://www.scopus.com/inward/record.url?scp=85136994812&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85136994812&origin=recordpage

U2 - 10.1109/COMPSAC54236.2022.00273

DO - 10.1109/COMPSAC54236.2022.00273

M3 - RGC 32 - Refereed conference paper (with host publication)

SN - 9781665488112

T3 - Proceedings - IEEE Annual Computers, Software, and Applications Conference, COMPSAC

SP - 1716

EP - 1721

BT - Proceedings - 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC 2022)

A2 - Leong, Hong Va

A2 - Sarvestani, Sahra Sedigh

A2 - Teranishi, Yuuichi

A2 - Cuzzocrea, Alfredo

A2 - Kashiwazaki, Hiroki

A2 - Towey, Dave

A2 - Yang, Ji-Jiang

A2 - Shahriar, Hossain

PB - IEEE

T2 - 46th IEEE Computer Society International Conference on Computers, Software, and Applications (COMPSAC 2022)

Y2 - 27 June 2022 through 1 July 2022

ER -

Ashraf I , Chan WK. An Empirical Study on the Effects of Entry Function Pairs in Fuzzing Smart Contracts. In Leong HV, Sarvestani SS, Teranishi Y, Cuzzocrea A, Kashiwazaki H, Towey D, Yang JJ, Shahriar H, editors, Proceedings - 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC 2022). IEEE. 2022. p. 1716-1721. (Proceedings - IEEE Annual Computers, Software, and Applications Conference, COMPSAC). Epub 2022 Aug 10. doi: 10.1109/COMPSAC54236.2022.00273

An Empirical Study on the Effects of Entry Function Pairs in Fuzzing Smart Contracts

Abstract

Publication series

Conference

Research Keywords

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this