English

AntFuzzer: A Grey-Box Fuzzing Framework for EOSIO Smart Contracts

Cryptography and Security 2022-11-07 v1

Abstract

In the past few years, several attacks against the vulnerabilities of EOSIO smart contracts have caused severe financial losses to this prevalent blockchain platform. As a lightweight test-generation approach, grey-box fuzzing can open up the possibility of improving the security of EOSIO smart contracts. However, developing a practical grey-box fuzzer for EOSIO smart contracts from scratch is time-consuming and requires a deep understanding of EOSIO internals. In this work, we proposed AntFuzzer, the first highly extensible grey-box fuzzing framework for EOSIO smart contracts. AntFuzzer implements a novel approach that interfaces AFL to conduct AFL-style grey-box fuzzing on EOSIO smart contracts. Compared to black-box fuzzing tools, AntFuzzer can effectively trigger those hard-to-cover branches. It achieved an improvement in code coverage on 37.5% of smart contracts in our benchmark dataset. AntFuzzer provides unified interfaces for users to easily develop new detection plugins for continually emerging vulnerabilities. We have implemented 6 detection plugins on AntFuzzer to detect major vulnerabilities of EOSIO smart contracts. In our large-scale fuzzing experiments on 4,616 real-world smart contracts, AntFuzzer successfully detected 741 vulnerabilities. The results demonstrate the effectiveness and efficiency of AntFuzzer and our detection pl

Keywords

Cite

@article{arxiv.2211.02652,
  title  = {AntFuzzer: A Grey-Box Fuzzing Framework for EOSIO Smart Contracts},
  author = {Jianfei Zhou and Tianxing Jiang and Shuwei Song and Ting Chen},
  journal= {arXiv preprint arXiv:2211.02652},
  year   = {2022}
}
R2 v1 2026-06-28T05:13:01.313Z