echidna-parade: a tool for diverse multicore smart contract fuzzing

Echidna is a widely used fuzzer for Ethereum Virtual Machine (EVM) compatible blockchain smart contracts that generates transaction sequences of calls to smart contracts. While Echidna is an essentially single-threaded tool, it is possible for multiple Echidna processes to communicate by use of a shared transaction sequence corpus. Echidna provides a very large variety of configuration options, since each smart contract may be best-tested by a non-default configuration, and different faults or coverage targets within a single contract may also have differing ideal configurations. This paper presents echidna-parade, a tool that provides pushbutton multicore fuzzing using Echidna as an underlying fuzzing engine, and automatically provides sophisticated diversification of configurations. Even without using multiple cores, echidna-parade can improve the effectiveness of fuzzing with Echidna, due to the advantages provided by multiple types of test configuration diversity. Using echidna-parade with multiple cores can produce significantly better results than Echidna, in less time.

[1]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[2]  Alex Groce,et al.  Random Test Run Length and Effectiveness , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[3]  Valentin Wüstholz,et al.  Harvey: a greybox fuzzer for smart contracts , 2019, ESEC/SIGSOFT FSE.

[4]  Jia-Guang Sun,et al.  PAFL: extend fuzzing optimizations of single mode to industrial parallel mode , 2018, ESEC/SIGSOFT FSE.

[5]  Alex Groce,et al.  Help, help, i'm being suppressed! The significance of suppressors in software testing , 2013, 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE).

[6]  Alex Groce,et al.  DeepState: Symbolic Unit Testing for C and C++ , 2018 .

[7]  Alex Groce,et al.  Swarm testing , 2012, ISSTA 2012.

[8]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .

[9]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[10]  Andrea Arcuri,et al.  A Theoretical and Empirical Analysis of the Role of Test Sequence Length in Software Testing for Structural Coverage , 2012, IEEE Transactions on Software Engineering.

[11]  Mingzhe Wang,et al.  EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse Fuzzers , 2018, USENIX Security Symposium.

[12]  Alex Groce,et al.  What are the Actual Flaws in Important Smart Contracts (and How Can We Find Them)? , 2020, Financial Cryptography.

[13]  Ye Liu,et al.  ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[14]  Alexander Shraer,et al.  FoundationDB: A Distributed Unbundled Transactional Key Value Store , 2021, SIGMOD Conference.

[15]  Jun Sun,et al.  sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts , 2020, 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE).

[16]  Alex Groce,et al.  Echidna: effective, usable, and fast fuzzing for smart contracts , 2020, ISSTA.

[17]  Z. Su,et al.  Compiler validation via equivalence modulo inputs , 2014, PLDI.

[18]  Alex Groce,et al.  Swarm Verification Techniques , 2011, IEEE Transactions on Software Engineering.