As blockchain smart contracts become more widespread and carry more valuable digital assets, they become an increasingly attractive target for attackers. Over the past few years, smart contracts have been subject to a plethora of devastating attacks, resulting in billions of dollars in financial losses. There has been a notable surge of research interest in identifying defects in smart contracts. However, existing smart contract fuzzing tools are still unsatisfactory. They struggle to screen out meaningful transaction sequences and specify critical inputs for each transaction. As a result, they can only trigger a limited range of contract states, making it difficult to unveil complicated vulnerabilities hidden in the deep state space. In this paper, we shed light on smart contract fuzzing by employing a sequence-aware mutation and seed mask guidance strategy. In particular, we first utilize data-flow-based feedback to determine transaction orders in a meaningful way and further introduce a sequence-aware mutation technique to explore deeper states. Thereafter, we design a mask-guided seed mutation strategy that biases the generated transaction inputs to hit target branches. In addition, we develop a dynamic-adaptive energy adjustment paradigm that balances the fuzzing resource allocation during a fuzzing campaign. We implement our designs into a new smart contract fuzzer named MuFuzz, and extensively evaluate it on three benchmarks. Empirical results demonstrate that MuFuzz outperforms existing tools in terms of both branch coverage and bug finding. Overall, MuFuzz achieves higher branch coverage than state-of-the-art fuzzers (up to 25%) and detects 30% more bugs than existing bug detectors.

翻译：随着区块链智能合约的广泛应用及其承载的数字资产价值日益增长，其已成为极具吸引力的攻击目标。近年来，智能合约遭受了大量破坏性攻击，造成数十亿美元的经济损失。针对智能合约缺陷识别的研究兴趣显著增长。然而，现有智能合约模糊测试工具仍不尽如人意：它们难以筛选有意义的交易序列并为每笔交易指定关键输入，导致只能触发有限的合约状态，难以揭示隐藏在深层状态空间中的复杂漏洞。本文提出序列感知变异与种子掩码引导策略以改进智能合约模糊测试技术。具体而言，我们首先利用基于数据流的反馈机制有意义地确定交易顺序，并进一步引入序列感知变异技术探索深层状态。随后设计掩码引导的种子变异策略，使生成的交易输入偏向于命中目标分支。此外，我们开发了动态自适应能量调整机制，在模糊测试过程中平衡资源分配。我们将上述设计实现为新型智能合约模糊测试工具MuFuzz，并在三个基准测试集上开展全面评估。实验结果表明，MuFuzz在分支覆盖率和漏洞发现方面均优于现有工具：其分支覆盖率较当前最优模糊测试工具提升达25%，漏洞检测数量较现有检测器增加30%。