Fuzz on the Beach: Fuzzing Solana Smart Contracts
Solana has quickly emerged as a popular platform for building decentralized applications (DApps), such as marketplaces for non-fungible tokens (NFTs). A key reason for its success are Solana's low transaction fees and high performance, which is achieved in part due to its stateless programming...
Gespeichert in:
Veröffentlicht in: | arXiv.org 2024-12 |
---|---|
Hauptverfasser: | , , , , , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | |
---|---|
container_issue | |
container_start_page | |
container_title | arXiv.org |
container_volume | |
creator | Smolka, Sven Jens-Rene Giesen Winkler, Pascal Draissi, Oussama Lucas Davi Karame, Ghassan Pohl, Klaus |
description | Solana has quickly emerged as a popular platform for building decentralized applications (DApps), such as marketplaces for non-fungible tokens (NFTs). A key reason for its success are Solana's low transaction fees and high performance, which is achieved in part due to its stateless programming model. Although the literature features extensive tooling support for smart contract security, current solutions are largely tailored for the Ethereum Virtual Machine. Unfortunately, the very stateless nature of Solana's execution environment introduces novel attack patterns specific to Solana requiring a rethinking for building vulnerability analysis methods. In this paper, we address this gap and propose FuzzDelSol, the first binary-only coverage-guided fuzzing architecture for Solana smart contracts. FuzzDelSol faithfully models runtime specifics such as smart contract interactions. Moreover, since source code is not available for the large majority of Solana contracts, FuzzDelSol operates on the contract's binary code. Hence, due to the lack of semantic information, we carefully extracted low-level program and state information to develop a diverse set of bug oracles covering all major bug classes in Solana. Our extensive evaluation on 6049 smart contracts shows that FuzzDelSol's bug oracles find bugs with a high precision and recall. To the best of our knowledge, this is the largest evaluation of the security landscape on the Solana mainnet. |
doi_str_mv | 10.48550/arxiv.2309.03006 |
format | Article |
fullrecord | <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_2309_03006</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2861988705</sourcerecordid><originalsourceid>FETCH-LOGICAL-a956-cefaf0a0ffaa71bcc1594f61258bca7d9f81726a6ba5705467bb15eed8b2dae63</originalsourceid><addsrcrecordid>eNotj11LwzAYhYMgOOZ-wK4MeN36Jmk-6p0Wp8JgF9t9eZMmrmO2M21F9-vtNq8OHA4P5yFkziDNjJTwgPGn_k65gDwFAaCuyIQLwRKTcX5DZl23AwCuNJdSTAhbDMcjbRvabz199ui2j_RU1c0HXbd7bJCuPzH2tGibPqLru1tyHXDf-dl_Tslm8bIp3pLl6vW9eFommEuVOB8wAEIIiJpZ55jMs6AYl8Y61FUeDNNcobIoNchMaWuZ9L4yllfolZiSuwv27FMeYj3e-C1PXuXZa1zcXxaH2H4NvuvLXTvEZvxUcqNYbswIFn8agk-g</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2861988705</pqid></control><display><type>article</type><title>Fuzz on the Beach: Fuzzing Solana Smart Contracts</title><source>arXiv.org</source><source>Free E- Journals</source><creator>Smolka, Sven ; Jens-Rene Giesen ; Winkler, Pascal ; Draissi, Oussama ; Lucas Davi ; Karame, Ghassan ; Pohl, Klaus</creator><creatorcontrib>Smolka, Sven ; Jens-Rene Giesen ; Winkler, Pascal ; Draissi, Oussama ; Lucas Davi ; Karame, Ghassan ; Pohl, Klaus</creatorcontrib><description>Solana has quickly emerged as a popular platform for building decentralized applications (DApps), such as marketplaces for non-fungible tokens (NFTs). A key reason for its success are Solana's low transaction fees and high performance, which is achieved in part due to its stateless programming model. Although the literature features extensive tooling support for smart contract security, current solutions are largely tailored for the Ethereum Virtual Machine. Unfortunately, the very stateless nature of Solana's execution environment introduces novel attack patterns specific to Solana requiring a rethinking for building vulnerability analysis methods. In this paper, we address this gap and propose FuzzDelSol, the first binary-only coverage-guided fuzzing architecture for Solana smart contracts. FuzzDelSol faithfully models runtime specifics such as smart contract interactions. Moreover, since source code is not available for the large majority of Solana contracts, FuzzDelSol operates on the contract's binary code. Hence, due to the lack of semantic information, we carefully extracted low-level program and state information to develop a diverse set of bug oracles covering all major bug classes in Solana. Our extensive evaluation on 6049 smart contracts shows that FuzzDelSol's bug oracles find bugs with a high precision and recall. To the best of our knowledge, this is the largest evaluation of the security landscape on the Solana mainnet.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.2309.03006</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Binary codes ; Computer Science - Cryptography and Security ; Contracts ; Security ; Source code ; State (computer science) ; Statelessness ; Tooling ; Virtual environments</subject><ispartof>arXiv.org, 2024-12</ispartof><rights>2024. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,777,781,882,27906</link.rule.ids><backlink>$$Uhttps://doi.org/10.48550/arXiv.2309.03006$$DView paper in arXiv$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.1145/3576915.3623178$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink></links><search><creatorcontrib>Smolka, Sven</creatorcontrib><creatorcontrib>Jens-Rene Giesen</creatorcontrib><creatorcontrib>Winkler, Pascal</creatorcontrib><creatorcontrib>Draissi, Oussama</creatorcontrib><creatorcontrib>Lucas Davi</creatorcontrib><creatorcontrib>Karame, Ghassan</creatorcontrib><creatorcontrib>Pohl, Klaus</creatorcontrib><title>Fuzz on the Beach: Fuzzing Solana Smart Contracts</title><title>arXiv.org</title><description>Solana has quickly emerged as a popular platform for building decentralized applications (DApps), such as marketplaces for non-fungible tokens (NFTs). A key reason for its success are Solana's low transaction fees and high performance, which is achieved in part due to its stateless programming model. Although the literature features extensive tooling support for smart contract security, current solutions are largely tailored for the Ethereum Virtual Machine. Unfortunately, the very stateless nature of Solana's execution environment introduces novel attack patterns specific to Solana requiring a rethinking for building vulnerability analysis methods. In this paper, we address this gap and propose FuzzDelSol, the first binary-only coverage-guided fuzzing architecture for Solana smart contracts. FuzzDelSol faithfully models runtime specifics such as smart contract interactions. Moreover, since source code is not available for the large majority of Solana contracts, FuzzDelSol operates on the contract's binary code. Hence, due to the lack of semantic information, we carefully extracted low-level program and state information to develop a diverse set of bug oracles covering all major bug classes in Solana. Our extensive evaluation on 6049 smart contracts shows that FuzzDelSol's bug oracles find bugs with a high precision and recall. To the best of our knowledge, this is the largest evaluation of the security landscape on the Solana mainnet.</description><subject>Binary codes</subject><subject>Computer Science - Cryptography and Security</subject><subject>Contracts</subject><subject>Security</subject><subject>Source code</subject><subject>State (computer science)</subject><subject>Statelessness</subject><subject>Tooling</subject><subject>Virtual environments</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GOX</sourceid><recordid>eNotj11LwzAYhYMgOOZ-wK4MeN36Jmk-6p0Wp8JgF9t9eZMmrmO2M21F9-vtNq8OHA4P5yFkziDNjJTwgPGn_k65gDwFAaCuyIQLwRKTcX5DZl23AwCuNJdSTAhbDMcjbRvabz199ui2j_RU1c0HXbd7bJCuPzH2tGibPqLru1tyHXDf-dl_Tslm8bIp3pLl6vW9eFommEuVOB8wAEIIiJpZ55jMs6AYl8Y61FUeDNNcobIoNchMaWuZ9L4yllfolZiSuwv27FMeYj3e-C1PXuXZa1zcXxaH2H4NvuvLXTvEZvxUcqNYbswIFn8agk-g</recordid><startdate>20241215</startdate><enddate>20241215</enddate><creator>Smolka, Sven</creator><creator>Jens-Rene Giesen</creator><creator>Winkler, Pascal</creator><creator>Draissi, Oussama</creator><creator>Lucas Davi</creator><creator>Karame, Ghassan</creator><creator>Pohl, Klaus</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20241215</creationdate><title>Fuzz on the Beach: Fuzzing Solana Smart Contracts</title><author>Smolka, Sven ; Jens-Rene Giesen ; Winkler, Pascal ; Draissi, Oussama ; Lucas Davi ; Karame, Ghassan ; Pohl, Klaus</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a956-cefaf0a0ffaa71bcc1594f61258bca7d9f81726a6ba5705467bb15eed8b2dae63</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Binary codes</topic><topic>Computer Science - Cryptography and Security</topic><topic>Contracts</topic><topic>Security</topic><topic>Source code</topic><topic>State (computer science)</topic><topic>Statelessness</topic><topic>Tooling</topic><topic>Virtual environments</topic><toplevel>online_resources</toplevel><creatorcontrib>Smolka, Sven</creatorcontrib><creatorcontrib>Jens-Rene Giesen</creatorcontrib><creatorcontrib>Winkler, Pascal</creatorcontrib><creatorcontrib>Draissi, Oussama</creatorcontrib><creatorcontrib>Lucas Davi</creatorcontrib><creatorcontrib>Karame, Ghassan</creatorcontrib><creatorcontrib>Pohl, Klaus</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Smolka, Sven</au><au>Jens-Rene Giesen</au><au>Winkler, Pascal</au><au>Draissi, Oussama</au><au>Lucas Davi</au><au>Karame, Ghassan</au><au>Pohl, Klaus</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Fuzz on the Beach: Fuzzing Solana Smart Contracts</atitle><jtitle>arXiv.org</jtitle><date>2024-12-15</date><risdate>2024</risdate><eissn>2331-8422</eissn><abstract>Solana has quickly emerged as a popular platform for building decentralized applications (DApps), such as marketplaces for non-fungible tokens (NFTs). A key reason for its success are Solana's low transaction fees and high performance, which is achieved in part due to its stateless programming model. Although the literature features extensive tooling support for smart contract security, current solutions are largely tailored for the Ethereum Virtual Machine. Unfortunately, the very stateless nature of Solana's execution environment introduces novel attack patterns specific to Solana requiring a rethinking for building vulnerability analysis methods. In this paper, we address this gap and propose FuzzDelSol, the first binary-only coverage-guided fuzzing architecture for Solana smart contracts. FuzzDelSol faithfully models runtime specifics such as smart contract interactions. Moreover, since source code is not available for the large majority of Solana contracts, FuzzDelSol operates on the contract's binary code. Hence, due to the lack of semantic information, we carefully extracted low-level program and state information to develop a diverse set of bug oracles covering all major bug classes in Solana. Our extensive evaluation on 6049 smart contracts shows that FuzzDelSol's bug oracles find bugs with a high precision and recall. To the best of our knowledge, this is the largest evaluation of the security landscape on the Solana mainnet.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.2309.03006</doi><oa>free_for_read</oa></addata></record> |
fulltext | fulltext |
identifier | EISSN: 2331-8422 |
ispartof | arXiv.org, 2024-12 |
issn | 2331-8422 |
language | eng |
recordid | cdi_arxiv_primary_2309_03006 |
source | arXiv.org; Free E- Journals |
subjects | Binary codes Computer Science - Cryptography and Security Contracts Security Source code State (computer science) Statelessness Tooling Virtual environments |
title | Fuzz on the Beach: Fuzzing Solana Smart Contracts |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-19T17%3A26%3A51IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Fuzz%20on%20the%20Beach:%20Fuzzing%20Solana%20Smart%20Contracts&rft.jtitle=arXiv.org&rft.au=Smolka,%20Sven&rft.date=2024-12-15&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.2309.03006&rft_dat=%3Cproquest_arxiv%3E2861988705%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2861988705&rft_id=info:pmid/&rfr_iscdi=true |