Smart contracts are increasingly being used to manage large numbers of high-value cryptocurrency accounts. There is a strong demand for automated, efficient, and comprehensive methods to detect security vulnerabilities in a given contract. While the literature features a plethora of analysis methods for smart contracts, the existing proposals do not address the increasing complexity of contracts. Existing analysis tools suffer from false alarms and missed bugs in today's smart contracts that are increasingly defined by complexity and interdependencies. To scale accurate analysis to modern smart contracts, we introduce EF/CF, a high-performance fuzzer for Ethereum smart contracts. In contrast to previous work, EF/CF efficiently and accurately models complex smart contract interactions, such as reentrancy and cross-contract interactions, at a very high fuzzing throughput rate. To achieve this, EF/CF transpiles smart contract bytecode into native C++ code, thereby enabling the reuse of existing, optimized fuzzing toolchains. Furthermore, EF/CF increases fuzzing efficiency by employing a structure-aware mutation engine for smart contract transaction sequences and using a contract's ABI to generate valid transaction inputs. In a comprehensive evaluation, we show that EF/CF scales better -- without compromising accuracy -- to complex contracts compared to state-of-the-art approaches, including other fuzzers, symbolic/concolic execution, and hybrid approaches. Moreover, we show that EF/CF can automatically generate transaction sequences that exploit reentrancy bugs to steal Ether.

翻译：智能合约正日益广泛地用于管理大量高价值加密货币账户。业界亟需自动化、高效且全面的方法来检测给定合约中的安全漏洞。尽管文献中已有大量针对智能合约的分析方法，但现有方案未能应对合约日益增长的复杂性。当今智能合约的特征愈发体现为复杂性与相互依赖关系，而现有分析工具在检测这类合约时存在误报和漏报问题。为将精准分析扩展至现代智能合约，我们提出了EF/CF——一种面向以太坊智能合约的高性能模糊测试器。与以往工作不同，EF/CF能在极高的模糊测试吞吐率下，高效且精准地建模复杂的智能合约交互行为（如重入攻击和跨合约交互）。为此，EF/CF将智能合约字节码转译为原生C++代码，从而复用已有经过优化的模糊测试工具链。此外，EF/CF通过采用面向智能合约交易序列的结构感知变异引擎，并利用合约ABI生成有效交易输入，提升了模糊测试效率。在综合评估中，我们证明EF/CF在不牺牲准确性的前提下，对复杂合约的扩展性优于现有最先进方法（包括其他模糊测试器、符号/混合执行方法及混合方法）。进一步地，我们展示了EF/CF可自动生成能够利用重入漏洞窃取以太币的交易序列。