fFuzz: A State-Aware Function-Level Fuzzing Framework for Smart Contract Vulnerabilities Detection
摘要
Smart contract vulnerabilities have resulted in substantial financial losses in recent years. Fuzzing, an effective technique for detecting vulnerabilities, has rapidly emerged as a key approach for safeguarding the security of smart contracts. However, due to the complexity and unique stateful nature of smart contracts, existing fuzzing tools struggle to detect sophisticated vulnerabilities, particularly those requiring specific transaction sequences to trigger. In this work, we propose fFuzz, a novel function-level fuzzer for smart contract vulnerability detection. Unlike conventional fuzzers that generate transaction sequences for the entire smart contract, fFuzz targets precise and effective sequences at the function level, streamlining and improving the fuzzing process. In addition, fFuzz incorporates a state-aware signature generation mechanism and a historical transaction-guided strategy to effectively generate vulnerable transaction sequences, which are further used to trigger vulnerabilities. We evaluated fFuzz on real-world smart contracts, and the experimental results demonstrate that it outperforms state-of-the-art methods in both effectiveness and efficiency.