English
Related papers

Related papers: xFuzz: Machine Learning Guided Cross-Contract Fuzz…

200 papers

Smart contracts are critical financial instruments, and their security is of utmost importance. However, smart contract programs are difficult to fuzz due to the persistent blockchain state behind all transactions. Mutating sequences of…

Cryptography and Security · Computer Science 2023-06-30 Chaofan Shou , Shangyin Tan , Koushik Sen

The threat of attack faced by cyber-physical systems (CPSs), especially when they play a critical role in automating public infrastructure, has motivated research into a wide variety of attack defence mechanisms. Assessing their…

Cryptography and Security · Computer Science 2020-01-16 Yuqi Chen , Christopher M. Poskitt , Jun Sun , Sridhar Adepu , Fan Zhang

Smart contracts are increasingly being used to manage large numbers of high-value cryptocurrency accounts. There is a strong demand for automated, efficient, and comprehensive methods to detect security vulnerabilities in a given contract.…

Cryptography and Security · Computer Science 2023-04-14 Michael Rodler , David Paaßen , Wenting Li , Lukas Bernhard , Thorsten Holz , Ghassan Karame , Lucas Davi

Grey-box fuzz testing has revealed thousands of vulnerabilities in real-world software owing to its lightweight instrumentation, fast coverage feedback, and dynamic adjusting strategies. However, directly applying grey-box fuzzing to…

Software Engineering · Computer Science 2020-08-03 Hongxu Chen , Shengjian Guo , Yinxing Xue , Yulei Sui , Cen Zhang , Yuekang Li , Haijun Wang , Yang Liu

Software vulnerabilities are constantly being reported and exploited in software products, causing significant impacts on society. In recent years, the main approach to vulnerability detection, fuzzing, has been integrated into the…

Software Engineering · Computer Science 2025-10-21 Tatsuya Shirai , Olivier Nourry , Yutaro Kashiwa , Kenji Fujiwara , Yasutaka Kamei , Hajimu Iida

Fuzzing is a widely used technique for detecting software bugs and vulnerabilities. Most popular fuzzers generate new inputs using an evolutionary search to maximize code coverage. Essentially, these fuzzers start with a set of seed inputs,…

Software Engineering · Computer Science 2020-09-14 Dongdong She , Rahul Krishna , Lu Yan , Suman Jana , Baishakhi Ray

Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the…

Cryptography and Security · Computer Science 2023-03-14 Marcello Maugeri , Cristian Daniele , Giampaolo Bella , Erik Poll

This paper presents a novel fuzzing framework, called MicroFuzz, specifically designed for Microservices. Mocking-Assisted Seed Execution, Distributed Tracing, Seed Refresh and Pipeline Parallelism approaches are adopted to address the…

Software Engineering · Computer Science 2024-02-06 Peng Di , Bingchang Liu , Yiyi Gao

Recent research has shown that hardware fuzzers can effectively detect security vulnerabilities in modern processors. However, existing hardware fuzzers do not fuzz well the hard-to-reach design spaces. Consequently, these fuzzers cannot…

Cryptography and Security · Computer Science 2023-06-27 Chen Chen , Rahul Kande , Nathan Nguyen , Flemming Andersen , Aakash Tyagi , Ahmad-Reza Sadeghi , Jeyavijayan Rajendran

Ethereum Virtual Machine (EVM) is the run-time environment for smart contracts and its vulnerabilities may lead to serious problems to the Ethereum ecology. With lots of techniques being developed for the validation of smart contracts, the…

Software Engineering · Computer Science 2019-04-09 Ying Fu , Meng Ren , Fuchen Ma , Yu Jiang , Heyuan Shi , Jiaguang Sun

While AI-coding assistants accelerate software development, current testing frameworks struggle to keep pace with the resulting volume of AI-generated code. Traditional fuzzing techniques often allocate resources uniformly and lack semantic…

Software Engineering · Computer Science 2026-02-13 Ziyi Yang , Kalit Inani , Keshav Kabra , Vima Gupta , Anand Padmanabha Iyer

With the development of blockchain technology, the detection of smart contract vulnerabilities is increasingly emphasized. However, when detecting vulnerabilities in inter-contract interactions (i.e., cross-contract vulnerabilities) using…

Cryptography and Security · Computer Science 2024-08-29 Xiao Chen

Seed scheduling is a prominent factor in determining the yields of hybrid fuzzing. Existing hybrid fuzzers schedule seeds based on fixed heuristics that aim to predict input utilities. However, such heuristics are not generalizable as there…

Cryptography and Security · Computer Science 2020-07-23 Yaohui Chen , Mansour Ahmadi , Reza Mirzazade farkhani , Boyu Wang , Long Lu

In the past few years, several attacks against the vulnerabilities of EOSIO smart contracts have caused severe financial losses to this prevalent blockchain platform. As a lightweight test-generation approach, grey-box fuzzing can open up…

Cryptography and Security · Computer Science 2022-11-07 Jianfei Zhou , Tianxing Jiang , Shuwei Song , Ting Chen

The increased adoption of smart contracts in many industries has made them an attractive target for cybercriminals, leading to millions of dollars in losses. Thus, deploying smart contracts with detected vulnerabilities (known to…

Software Engineering · Computer Science 2023-07-25 Pengcheng , Peng , Yun , Qingzhao , Tao , Dawn , Prateek , Sanjeev , Zhuotao , Xusheng

Smart contracts are central to a myriad of critical blockchain applications, from financial transactions to supply chain management. However, their adoption is hindered by security vulnerabilities that can result in significant financial…

Cryptography and Security · Computer Science 2025-09-30 Dalila Ressi , Alvise Spanò , Lorenzo Benetollo , Carla Piazza , Michele Bugliesi , Sabina Rossi

Many modern software systems are enabled by deep learning libraries such as TensorFlow and PyTorch. As deep learning is now prevalent, the security of deep learning libraries is a key concern. Fuzzing deep learning libraries presents two…

We present Harvey, an industrial greybox fuzzer for smart contracts, which are programs managing accounts on a blockchain. Greybox fuzzing is a lightweight test-generation approach that effectively detects bugs and security vulnerabilities.…

Software Engineering · Computer Science 2019-05-17 Valentin Wüstholz , Maria Christakis

Modern computing systems heavily rely on hardware as the root of trust. However, their increasing complexity has given rise to security-critical vulnerabilities that cross-layer at-tacks can exploit. Traditional hardware vulnerability…

Software Engineering · Computer Science 2024-04-11 Mohamadreza Rostami , Marco Chilese , Shaza Zeitouni , Rahul Kande , Jeyavijayan Rajendran , Ahmad-Reza Sadeghi

Fuzzing is a popular vulnerability automated testing method utilized by professionals and broader community alike. However, despite its abilities, fuzzing is a time-consuming, computationally expensive process. This is problematic for the…

Software Engineering · Computer Science 2023-07-25 Michael Wang , Michael Robinson