research-article

echidna-parade: a tool for diverse multicore smart contract fuzzing

Authors:

Gustavo GriecoAuthors Info & Claims

ISSTA 2021: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis

Pages 658 - 661

https://doi.org/10.1145/3460319.3469076

Published: 11 July 2021 Publication History

Abstract

Echidna is a widely used fuzzer for Ethereum Virtual Machine (EVM) compatible blockchain smart contracts that generates transaction sequences of calls to smart contracts. While Echidna is an essentially single-threaded tool, it is possible for multiple Echidna processes to communicate by use of a shared transaction sequence corpus. Echidna provides a very large variety of configuration options, since each smart contract may be best-tested by a non-default configuration, and different faults or coverage targets within a single contract may also have differing ideal configurations. This paper presents echidna-parade, a tool that provides pushbutton multicore fuzzing using Echidna as an underlying fuzzing engine, and automatically provides sophisticated diversification of configurations. Even without using multiple cores, echidna-parade can improve the effectiveness of fuzzing with Echidna, due to the advantages provided by multiple types of test configuration diversity. Using echidna-parade with multiple cores can produce significantly better results than Echidna, in less time.

References

[1]

James H. Andrews, Alex Groce, Melissa Weston, and Ru-Gang Xu. Random test run length and effectiveness. In Automated Software Engineering, pages 19–28, 2008.

Digital Library

[2]

Andrea Arcuri. A theoretical and empirical analysis of the role of test sequence length in software testing for structural coverage. IEEE Trans. Software Eng., 38(3):497–519, 2012.

Digital Library

[3]

Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli. A survey of attacks on Ethereum smart contracts SoK. In International Conference on Principles of Security and Trust, pages 164–186, 2017.

Digital Library

[4]

Vitalik Buterin. Ethereum: A next-generation smart contract and decentralized application platform. https://github.com/ethereum/wiki/wiki/White-Paper, 2013.

[5]

Yuanliang Chen, Yu Jiang, Fuchen Ma, Jie Liang, Mingzhe Wang, Chijin Zhou, Xun Jiao, and Zhuo Su. Enfuzz: Ensemble fuzzing with seed synchronization among diverse fuzzers. In USENIX Security Symposium, pages 1967–1983, 2019.

[6]

Peter Goodman and Alex Groce. DeepState: Symbolic unit testing for C and C++. In NDSS Workshop on Binary Analysis Research, 2018.

[7]

Gustavo Grieco, Will Song, Artur Cygan, Josselin Feist, and Alex Groce. Echidna: Effective, usable, and fast fuzzing for smart contracts. In International Symposium on Software Testing and Analysis, page 557–560, New York, NY, USA, 2020.

Digital Library

[8]

Alex Groce, Josselin Feist, Gustavo Grieco, and Michael Colburn. What are the actual flaws in important smart contracts (and how can we find them)? In International Conference on Financial Cryptography and Data Security, 2020.

Digital Library

[9]

Alex Groce, Chaoqiang Zhang, Mohammad Amin Alipour, Eric Eide, Yang Chen, and John Regehr. Help, help, I’m being suppressed! the significance of suppressors in software testing. In International Symposium on Software Reliability Engineering, pages 390–399, 2013.

[10]

Alex Groce, Chaoqiang Zhang, Eric Eide, Yang Chen, and John Regehr. Swarm testing. In International Symposium on Software Testing and Analysis, pages 78–88, 2012.

Digital Library

[11]

Gerard Holzmann, Rajeev Joshi, and Alex Groce. Swarm verification techniques. IEEE Transactions on Software Engineering, 37(6):845–857, 2011.

Digital Library

[12]

Bo Jiang, Ye Liu, and W. K. Chan. ContractFuzzer: Fuzzing smart contracts for vulnerability detection. In International Conference on Automated Software Engineering, pages 259–269, 2018.

Digital Library

[13]

Vu Le, Mehrdad Afshari, and Zhendong Su. Compiler validation via equivalence modulo inputs. ACM SIGPLAN Notices, 49(6):216–226, 2014.

Digital Library

[14]

Jie Liang, Yu Jiang, Yuanliang Chen, Mingzhe Wang, Chijin Zhou, and Jiaguang Sun. PAFL: extend fuzzing optimizations of single mode to industrial parallel mode. In Foundations of Software Engineering, pages 809–814, 2018.

[15]

Tai D. Nguyen, Long H. Pham, Jun Sun, Yun Lin, and Quang Tran Minh. SFuzz: An efficient adaptive fuzzer for Solidity smart contracts. In International Conference on Software Engineering, page 778–788, 2020.

[16]

Gavin Wood. Ethereum: a secure decentralised generalised transaction ledger. http://gavwood.com/paper.pdf, 2014.

[17]

Valentin Wüstholz and Maria Christakis. Harvey: A greybox fuzzer for smart contracts. In Foundations of Software Engineering, pages 1398–1409, 2020.

[18]

Jingyu Zhou, Meng Xu, Alexander Shraer, Bala Namasivayam, Alex Miller, Evan Tschannen, Steve Atherton, Andrew J Beamon, Rusty Sears, John Leach, et al. Foundationdb: A distributed unbundled transactional key value store. In ACM SIGMOD, 2021.

Digital Library

Cited By

Wei GXie DZhang WYuan YZhang Z(2024)Consolidating Smart Contracts with Behavioral ContractsProceedings of the ACM on Programming Languages10.1145/36564168:PLDI(965-989)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656416
Zhang BRoychoudhury APaiva AAbreu RStorey M(2024)Towards Finding Accounting Errors in Smart ContractsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639128(1-13)Online publication date: 20-May-2024
https://doi.org/10.1145/3597503.3639128
Godboley SRadha Krishna PRaj G(2023)Study on Unknown Bugs for Smart Contracts using Echidna2023 IEEE 20th India Council International Conference (INDICON)10.1109/INDICON59947.2023.10440926(1359-1364)Online publication date: 14-Dec-2023
https://doi.org/10.1109/INDICON59947.2023.10440926
Show More Cited By

Index Terms

echidna-parade: a tool for diverse multicore smart contract fuzzing
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging
  2. Software organization and properties
    1. Software functional properties
      1. Formal methods
        Dynamic analysis

Recommendations

ContractFuzzer: fuzzing smart contracts for vulnerability detection
ASE '18: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering

Decentralized cryptocurrencies feature the use of blockchain to transfer values among peers on networks without central agency. Smart contracts are programs running on top of the blockchain consensus protocol to enable people make agreements while ...
Echidna: effective, usable, and fast fuzzing for smart contracts
ISSTA 2020: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis

Ethereum smart contracts---autonomous programs that run on a blockchain---often control transactions of financial and intellectual property. Because of the critical role they play, smart contracts need complete, comprehensive, and effective test ...
SmartFuzzDriverGen: Smart Contract Fuzzing Automation for Golang
ISEC '23: Proceedings of the 16th Innovations in Software Engineering Conference

Greybox fuzzers require intermediate programs called fuzz drivers to test smart contract APIs. These fuzz drivers use the semi-random inputs (bytes) generated by fuzzers to prepare suitable inputs required to test APIs. Further, fuzz driver also uses ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ISSTA 2021: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis

July 2021

685 pages

ISBN:9781450384599

DOI:10.1145/3460319

General Chair:
Cristian Cadar
Imperial College London, UK
,
Program Chair:
Xiangyu Zhang
Purdue University, USA

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 July 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ISSTA '21

Sponsor:

SIGSOFT

ISSTA '21: 30th ACM SIGSOFT International Symposium on Software Testing and Analysis

July 11 - 17, 2021

Virtual, Denmark

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '25

Sponsor:
sigsoft

34th ACM SIGSOFT International Symposium on Software Testing and Analysis

June 25 - 28, 2025

Trondheim , Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
339
Total Downloads

Downloads (Last 12 months)35
Downloads (Last 6 weeks)1

Reflects downloads up to 13 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wei GXie DZhang WYuan YZhang Z(2024)Consolidating Smart Contracts with Behavioral ContractsProceedings of the ACM on Programming Languages10.1145/36564168:PLDI(965-989)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656416
Zhang BRoychoudhury APaiva AAbreu RStorey M(2024)Towards Finding Accounting Errors in Smart ContractsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639128(1-13)Online publication date: 20-May-2024
https://doi.org/10.1145/3597503.3639128
Godboley SRadha Krishna PRaj G(2023)Study on Unknown Bugs for Smart Contracts using Echidna2023 IEEE 20th India Council International Conference (INDICON)10.1109/INDICON59947.2023.10440926(1359-1364)Online publication date: 14-Dec-2023
https://doi.org/10.1109/INDICON59947.2023.10440926
Rodler MPaaßen DLi WBernhard LHolz TKarame GDavi L(2023)EF↯CF: High Performance Smart Contract Fuzzing for Exploit Generation2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00034(449-471)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00034
Madine MSalah KJayaraman RZemerly J(2023)NFTs for Open-Source and Commercial Software Licensing and RoyaltiesIEEE Access10.1109/ACCESS.2023.323940311(8734-8746)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3239403
Wang HWang ZLiu SSun JZhao YWan YNguyen T(2023)sFuzz2.0Journal of Software: Evolution and Process10.1002/smr.255736:4Online publication date: 16-Mar-2023
https://dl.acm.org/doi/10.1002/smr.2557
Su JLiu JNan YLi Y(2022)Security Evaluation of Smart Contracts based on Code and Transaction - A Survey2022 International Conference on Service Science (ICSS)10.1109/ICSS55994.2022.00016(41-48)Online publication date: May-2022
https://doi.org/10.1109/ICSS55994.2022.00016

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten