Rethinking Smart Contract Fuzzing: Fuzzing With Invocation Ordering and Important Branch Revisiting

Blockchain smart contracts have given rise to a variety of interesting and compelling applications emerged as revolutionary force for the Internet. Smart from various fields now hold over one trillion dollars worth virtual coins, attracting numerous attacks. Quite few practitioners devoted themselves developing tools detecting bugs in contracts. One line efforts revolve around static analysis techniques, which heavily suffer high false positive rates. Another works concentrate on fuzzing techniques. Unfortunately, current approaches tend conduct starting initial state contract, expends too much energy revolving contract thus is usually unable unearth triggered by other states. Moreover, most existing methods treat each branch equally, failing take care branches that are rare or more likely possess bugs. This might lead resources wasted normal branches. In this paper, we try tackle these challenges three aspects: 1) generating function invocation sequences, explicitly consider data dependencies between functions facilitate exploring richer We further prolong sequence $\mathcal {S}_{1}$ appending new {S}_{2}$ , so appended can start states different state; 2) incorporate distance-based measure evolve test cases iteratively towards target branch; 3) engage search algorithm discover vulnerable branches, design an allocation mechanism exercising crucial implement IR-Fuzz extensively evaluate it 12K real-world Empirical results show that: (i) achieves 28% higher coverage than state-of-the-art approaches, (ii) detects vulnerabilities increases average accuracy vulnerability detection 7% methods, (iii) fast, 350 per second. Our implementation dataset released at https://github.com/Messi-Q/IR-Fuzz hoping future research.