Solana has quickly emerged as a popular platform for building decentralized applications (DApps), such as marketplaces for non-fungible tokens (NFTs). A key reason for its success are Solana's low transaction fees and high performance, which is achieved in part due to its stateless programming model. Although the literature features extensive tooling support for smart contract security, current solutions are largely tailored for the Ethereum Virtual Machine. Unfortunately, the very stateless nature of Solana's execution environment introduces novel attack patterns specific to Solana requiring a rethinking for building vulnerability analysis methods. In this paper, we address this gap and propose FuzzDelSol, the first binary-only coverage-guided fuzzing architecture for Solana smart contracts. FuzzDelSol faithfully models runtime specifics such as smart contract interactions. Moreover, since source code is not available for the large majority of Solana contracts, FuzzDelSol operates on the contract's binary code. Hence, due to the lack of semantic information, we carefully extracted low-level program and state information to develop a diverse set of bug oracles covering all major bug classes in Solana. Our extensive evaluation on 6049 smart contracts shows that FuzzDelSol's bug oracles find bugs with a high precision and recall. To the best of our knowledge, this is the largest evaluation of the security landscape on the Solana mainnet.

翻译：Solana已迅速成为构建去中心化应用（DApps，如非同质化代币市场）的热门平台。其成功的关键在于低廉的交易费用与高性能，这部分得益于其无状态编程模型。尽管现有文献提供了丰富的智能合约安全工具支持，但当前解决方案主要针对以太坊虚拟机定制。遗憾的是，Solana执行环境固有的无状态特性引发了该平台特有的新型攻击模式，这要求我们重新思考漏洞分析方法的构建。本文针对这一空白提出了FuzzDelSol——首个面向Solana智能合约的纯二进制覆盖引导模糊测试架构。FuzzDelSol精准模拟了智能合约交互等运行时特性。此外，鉴于绝大多数Solana合约无法获取源代码，FuzzDelSol直接对合约二进制代码进行操作。由于缺乏语义信息，我们通过精心提取底层程序与状态数据，构建了覆盖Solana所有主要漏洞类型的多样化缺陷检测规则。基于6049个智能合约的广泛评估表明，FuzzDelSol的缺陷检测规则能以高精度与高召回率发现漏洞。据我们所知，这是目前对Solana主网安全态势规模最大的评估研究。