As blockchain smart contracts become more widespread and carry more valuable digital assets, they become an increasingly attractive target for attackers. Over the past few years, smart contracts have been subject to a plethora of devastating attacks, resulting in billions of dollars in financial losses. There has been a notable surge of research interest in identifying defects in smart contracts. However, existing smart contract fuzzing tools are still unsatisfactory. They struggle to screen out meaningful transaction sequences and specify critical inputs for each transaction. As a result, they can only trigger a limited range of contract states, making it difficult to unveil complicated vulnerabilities hidden in the deep state space. In this paper, we shed light on smart contract fuzzing by employing a sequence-aware mutation and seed mask guidance strategy. In particular, we first utilize data-flow-based feedback to determine transaction orders in a meaningful way and further introduce a sequence-aware mutation technique to explore deeper states. Thereafter, we design a mask-guided seed mutation strategy that biases the generated transaction inputs to hit target branches. In addition, we develop a dynamic-adaptive energy adjustment paradigm that balances the fuzzing resource allocation during a fuzzing campaign. We implement our designs into a new smart contract fuzzer named MuFuzz, and extensively evaluate it on three benchmarks. Empirical results demonstrate that MuFuzz outperforms existing tools in terms of both branch coverage and bug finding. Overall, MuFuzz achieves higher branch coverage than state-of-the-art fuzzers (up to 25%) and detects 30% more bugs than existing bug detectors.

翻译：随着区块链智能合约日益普及并承载更多高价值数字资产，其已成为攻击者愈发青睐的目标。过去数年间，智能合约遭受了大量破坏性攻击，造成数十亿美元的经济损失。尽管识别智能合约缺陷的研究兴趣显著增长，但现有模糊测试工具仍不尽人意。这些工具难以筛选出有效的交易序列并指定每笔交易的关键输入，导致仅能触发有限范围的合约状态，难以揭露隐藏在深层状态空间中的复杂漏洞。本文通过采用序列感知变异与种子掩码引导策略来深化智能合约模糊测试研究。具体而言，我们首先利用基于数据流的反馈以有意义的方式确定交易顺序，并进一步引入序列感知变异技术以探索更深层的状态。随后，我们设计了一种掩码引导的种子变异策略，使生成的交易输入偏向于命中目标分支。此外，我们开发了一种动态自适应能量调整范式，以平衡模糊测试过程中的资源分配。我们将上述设计实现为新型智能合约模糊测试工具MuFuzz，并在三个基准测试集上进行了广泛评估。实验结果表明，MuFuzz在分支覆盖率和漏洞发现数量两方面均优于现有工具。总体而言，MuFuzz相较于最先进的模糊测试工具实现了更高的分支覆盖率（最高提升25%），且比现有漏洞检测器多检测出30%的缺陷。