EF/CF: A High Performance Fuzzer for Ethereum Smart Contracts

Abstract

Smart contracts are increasingly being used to manage large numbers of high-value cryptocurrency accounts. There is a strong demand for automated, efficient, and comprehensive methods to detect security vulnerabilities in a given contract. While the literature features a plethora of analysis methods for smart contracts, the existing proposals do not address the increasing complexity of contracts. Existing analysis tools suffer from false alarms and missed bugs in today’s smart contracts that are increasingly defined by complexity and interdependencies. To scale accurate analysis to modern smart contracts, we introduce EFCF, a high-performance fuzzer for Ethereum smart contracts. In contrast to previous work, EFCF efficiently and accurately models complex smart contract interactions, such as reentrancy and cross-contract interactions, at a very high fuzzing throughput rate. To achieve this, EFCF transpiles smart contract bytecode into native C++ code, thereby enabling the reuse of existing, optimized fuzzing toolchains. Furthermore, EFCF increases fuzzing efficiency by employing a structure-aware mutation engine for smart contract transaction sequences and using a contract’s ABI to generate valid transaction inputs. In a comprehensive evaluation, we show that EFCF scales better—without compromising accuracy—to complex contracts compared to state-of-the art approaches, including other fuzzers, symbolic/concolic execution, and hybrid approaches. Moreover, we show that EFCF can automatically generate transaction sequences that exploit reentrancy bugs to steal Ether.