“Fuzzing Ethereum Smart Contracts (research statement)”
in DSN Workshop on Byzantine Consensus and Resilient Blockchains (BCRB), Jun. 2018.
Abstract: Blockchain has been gathering a lot of public attention due to the success of Bitcoin and to high hopes in its benefits. Ethereum is a blockchain that both provides a cryptocurrency and supports the execution of smart contracts written in a Turing-complete language. Smart contracts are similar to legal contracts but instead of having the terms recorded in a legal language they are coded as a computer program, written in a programming language. Smart contracts often handle valuable assets. Furthermore, every execution happens in a public network and the source code is often available, so having security in perspective is important while developing smart contracts. There have been huge attacks exploiting vulnerabilities in smart contracts, such as the DAO attack. This work introduces a tool to detect vulnerabilities encoded in smart contracts developed to the Ethereum blockchain. The goal is to provide a tool that uses fuzzing (or attack injection) to search for vulnerabilities in smart contracts by doing input injection.
Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)