Skip to content

Latest commit

 

History

History
31 lines (25 loc) · 2.27 KB

README.md

File metadata and controls

31 lines (25 loc) · 2.27 KB

DFier

A directed fuzzer for Ethereum smart contracts

Code Structure Descriptions

Some details about the repository structure as following:

  • countSubTreesCpp.zip includes the implementations of the sub-paths counting tool in section 4.2.2 of the paper.
  • DFierSFuzz.zip is used to directly fuzzing the testing smart contracts with given target lines, which is implemented based on sFuzz[1].
  • Datasets includes all experimental datasets. Specifically,
    • contractfuzzer_DataSet.zip is the ground-truth dataset provided by contractFuzzer[2].
    • etherscanDataset.zip includes the contracts downloaded from the etherscan website[3], a blockchain explorer.
    • OsirisResultsOnEtherscanData.zip includes the Osiris detection results on etherscanDataset.zip. By using Osiris[4], an integer vulnerabilities detection tool, the target potential vulnerable lines are given.

The operation instructions of DFier System

  • Prepare the data for the system: in the DFierSFuzz/contracts, put the testing contract including the source codes (.sol file) and the path constraint file (.json file). Several examples are put in the directory.
  • Launch the system: go to the directory: DFierSFuzz/build/fuzzer, execute the command: ./fuzzer -g -r 0 -d 120 && chmod +x fuzzMe && ./fuzzMe

References

[1] Nguyen T D , Pham L H , Sun J ,et al.sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts[C]//ICSE '20: 42nd International Conference on Software Engineering.2020.DOI:10.1145/3377811.3380334.

[2] Bo Jiang, Ye Liu, and W. K. Chan. 2018. ContractFuzzer: fuzzing smart contracts for vulnerability detection. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE '18), 2018, pp.259–269.

[3]Etherscan, the Ethereum Blockchain Explorer. https://goto.etherscan.com/.

[4] Torres, C. F., Schütte, J., & State, R. Osiris: Hunting for integer bugs in ethereum smart contracts. In Proceedings of the 34th Annual Computer Security Applications Conference, 2018, pp. 664-676.