Fuzz on the Beach: Fuzzing Solana Smart Contracts

Solana has quickly emerged as a popular platform for building decentralized applications (DApps), such as marketplaces for non-fungible tokens (NFTs). A key reason for its success are Solana's low transaction fees and high performance, which is achieved in part due to its stateless programming...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:arXiv.org 2024-12
Hauptverfasser: Smolka, Sven, Jens-Rene Giesen, Winkler, Pascal, Draissi, Oussama, Lucas Davi, Karame, Ghassan, Pohl, Klaus
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Smolka, Sven
Jens-Rene Giesen
Winkler, Pascal
Draissi, Oussama
Lucas Davi
Karame, Ghassan
Pohl, Klaus
description Solana has quickly emerged as a popular platform for building decentralized applications (DApps), such as marketplaces for non-fungible tokens (NFTs). A key reason for its success are Solana's low transaction fees and high performance, which is achieved in part due to its stateless programming model. Although the literature features extensive tooling support for smart contract security, current solutions are largely tailored for the Ethereum Virtual Machine. Unfortunately, the very stateless nature of Solana's execution environment introduces novel attack patterns specific to Solana requiring a rethinking for building vulnerability analysis methods. In this paper, we address this gap and propose FuzzDelSol, the first binary-only coverage-guided fuzzing architecture for Solana smart contracts. FuzzDelSol faithfully models runtime specifics such as smart contract interactions. Moreover, since source code is not available for the large majority of Solana contracts, FuzzDelSol operates on the contract's binary code. Hence, due to the lack of semantic information, we carefully extracted low-level program and state information to develop a diverse set of bug oracles covering all major bug classes in Solana. Our extensive evaluation on 6049 smart contracts shows that FuzzDelSol's bug oracles find bugs with a high precision and recall. To the best of our knowledge, this is the largest evaluation of the security landscape on the Solana mainnet.
doi_str_mv 10.48550/arxiv.2309.03006
format Article
fullrecord <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_2309_03006</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2861988705</sourcerecordid><originalsourceid>FETCH-LOGICAL-a956-cefaf0a0ffaa71bcc1594f61258bca7d9f81726a6ba5705467bb15eed8b2dae63</originalsourceid><addsrcrecordid>eNotj11LwzAYhYMgOOZ-wK4MeN36Jmk-6p0Wp8JgF9t9eZMmrmO2M21F9-vtNq8OHA4P5yFkziDNjJTwgPGn_k65gDwFAaCuyIQLwRKTcX5DZl23AwCuNJdSTAhbDMcjbRvabz199ui2j_RU1c0HXbd7bJCuPzH2tGibPqLru1tyHXDf-dl_Tslm8bIp3pLl6vW9eFommEuVOB8wAEIIiJpZ55jMs6AYl8Y61FUeDNNcobIoNchMaWuZ9L4yllfolZiSuwv27FMeYj3e-C1PXuXZa1zcXxaH2H4NvuvLXTvEZvxUcqNYbswIFn8agk-g</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2861988705</pqid></control><display><type>article</type><title>Fuzz on the Beach: Fuzzing Solana Smart Contracts</title><source>arXiv.org</source><source>Free E- Journals</source><creator>Smolka, Sven ; Jens-Rene Giesen ; Winkler, Pascal ; Draissi, Oussama ; Lucas Davi ; Karame, Ghassan ; Pohl, Klaus</creator><creatorcontrib>Smolka, Sven ; Jens-Rene Giesen ; Winkler, Pascal ; Draissi, Oussama ; Lucas Davi ; Karame, Ghassan ; Pohl, Klaus</creatorcontrib><description>Solana has quickly emerged as a popular platform for building decentralized applications (DApps), such as marketplaces for non-fungible tokens (NFTs). A key reason for its success are Solana's low transaction fees and high performance, which is achieved in part due to its stateless programming model. Although the literature features extensive tooling support for smart contract security, current solutions are largely tailored for the Ethereum Virtual Machine. Unfortunately, the very stateless nature of Solana's execution environment introduces novel attack patterns specific to Solana requiring a rethinking for building vulnerability analysis methods. In this paper, we address this gap and propose FuzzDelSol, the first binary-only coverage-guided fuzzing architecture for Solana smart contracts. FuzzDelSol faithfully models runtime specifics such as smart contract interactions. Moreover, since source code is not available for the large majority of Solana contracts, FuzzDelSol operates on the contract's binary code. Hence, due to the lack of semantic information, we carefully extracted low-level program and state information to develop a diverse set of bug oracles covering all major bug classes in Solana. Our extensive evaluation on 6049 smart contracts shows that FuzzDelSol's bug oracles find bugs with a high precision and recall. To the best of our knowledge, this is the largest evaluation of the security landscape on the Solana mainnet.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.2309.03006</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Binary codes ; Computer Science - Cryptography and Security ; Contracts ; Security ; Source code ; State (computer science) ; Statelessness ; Tooling ; Virtual environments</subject><ispartof>arXiv.org, 2024-12</ispartof><rights>2024. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,777,781,882,27906</link.rule.ids><backlink>$$Uhttps://doi.org/10.48550/arXiv.2309.03006$$DView paper in arXiv$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.1145/3576915.3623178$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink></links><search><creatorcontrib>Smolka, Sven</creatorcontrib><creatorcontrib>Jens-Rene Giesen</creatorcontrib><creatorcontrib>Winkler, Pascal</creatorcontrib><creatorcontrib>Draissi, Oussama</creatorcontrib><creatorcontrib>Lucas Davi</creatorcontrib><creatorcontrib>Karame, Ghassan</creatorcontrib><creatorcontrib>Pohl, Klaus</creatorcontrib><title>Fuzz on the Beach: Fuzzing Solana Smart Contracts</title><title>arXiv.org</title><description>Solana has quickly emerged as a popular platform for building decentralized applications (DApps), such as marketplaces for non-fungible tokens (NFTs). A key reason for its success are Solana's low transaction fees and high performance, which is achieved in part due to its stateless programming model. Although the literature features extensive tooling support for smart contract security, current solutions are largely tailored for the Ethereum Virtual Machine. Unfortunately, the very stateless nature of Solana's execution environment introduces novel attack patterns specific to Solana requiring a rethinking for building vulnerability analysis methods. In this paper, we address this gap and propose FuzzDelSol, the first binary-only coverage-guided fuzzing architecture for Solana smart contracts. FuzzDelSol faithfully models runtime specifics such as smart contract interactions. Moreover, since source code is not available for the large majority of Solana contracts, FuzzDelSol operates on the contract's binary code. Hence, due to the lack of semantic information, we carefully extracted low-level program and state information to develop a diverse set of bug oracles covering all major bug classes in Solana. Our extensive evaluation on 6049 smart contracts shows that FuzzDelSol's bug oracles find bugs with a high precision and recall. To the best of our knowledge, this is the largest evaluation of the security landscape on the Solana mainnet.</description><subject>Binary codes</subject><subject>Computer Science - Cryptography and Security</subject><subject>Contracts</subject><subject>Security</subject><subject>Source code</subject><subject>State (computer science)</subject><subject>Statelessness</subject><subject>Tooling</subject><subject>Virtual environments</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GOX</sourceid><recordid>eNotj11LwzAYhYMgOOZ-wK4MeN36Jmk-6p0Wp8JgF9t9eZMmrmO2M21F9-vtNq8OHA4P5yFkziDNjJTwgPGn_k65gDwFAaCuyIQLwRKTcX5DZl23AwCuNJdSTAhbDMcjbRvabz199ui2j_RU1c0HXbd7bJCuPzH2tGibPqLru1tyHXDf-dl_Tslm8bIp3pLl6vW9eFommEuVOB8wAEIIiJpZ55jMs6AYl8Y61FUeDNNcobIoNchMaWuZ9L4yllfolZiSuwv27FMeYj3e-C1PXuXZa1zcXxaH2H4NvuvLXTvEZvxUcqNYbswIFn8agk-g</recordid><startdate>20241215</startdate><enddate>20241215</enddate><creator>Smolka, Sven</creator><creator>Jens-Rene Giesen</creator><creator>Winkler, Pascal</creator><creator>Draissi, Oussama</creator><creator>Lucas Davi</creator><creator>Karame, Ghassan</creator><creator>Pohl, Klaus</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20241215</creationdate><title>Fuzz on the Beach: Fuzzing Solana Smart Contracts</title><author>Smolka, Sven ; Jens-Rene Giesen ; Winkler, Pascal ; Draissi, Oussama ; Lucas Davi ; Karame, Ghassan ; Pohl, Klaus</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a956-cefaf0a0ffaa71bcc1594f61258bca7d9f81726a6ba5705467bb15eed8b2dae63</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Binary codes</topic><topic>Computer Science - Cryptography and Security</topic><topic>Contracts</topic><topic>Security</topic><topic>Source code</topic><topic>State (computer science)</topic><topic>Statelessness</topic><topic>Tooling</topic><topic>Virtual environments</topic><toplevel>online_resources</toplevel><creatorcontrib>Smolka, Sven</creatorcontrib><creatorcontrib>Jens-Rene Giesen</creatorcontrib><creatorcontrib>Winkler, Pascal</creatorcontrib><creatorcontrib>Draissi, Oussama</creatorcontrib><creatorcontrib>Lucas Davi</creatorcontrib><creatorcontrib>Karame, Ghassan</creatorcontrib><creatorcontrib>Pohl, Klaus</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Smolka, Sven</au><au>Jens-Rene Giesen</au><au>Winkler, Pascal</au><au>Draissi, Oussama</au><au>Lucas Davi</au><au>Karame, Ghassan</au><au>Pohl, Klaus</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Fuzz on the Beach: Fuzzing Solana Smart Contracts</atitle><jtitle>arXiv.org</jtitle><date>2024-12-15</date><risdate>2024</risdate><eissn>2331-8422</eissn><abstract>Solana has quickly emerged as a popular platform for building decentralized applications (DApps), such as marketplaces for non-fungible tokens (NFTs). A key reason for its success are Solana's low transaction fees and high performance, which is achieved in part due to its stateless programming model. Although the literature features extensive tooling support for smart contract security, current solutions are largely tailored for the Ethereum Virtual Machine. Unfortunately, the very stateless nature of Solana's execution environment introduces novel attack patterns specific to Solana requiring a rethinking for building vulnerability analysis methods. In this paper, we address this gap and propose FuzzDelSol, the first binary-only coverage-guided fuzzing architecture for Solana smart contracts. FuzzDelSol faithfully models runtime specifics such as smart contract interactions. Moreover, since source code is not available for the large majority of Solana contracts, FuzzDelSol operates on the contract's binary code. Hence, due to the lack of semantic information, we carefully extracted low-level program and state information to develop a diverse set of bug oracles covering all major bug classes in Solana. Our extensive evaluation on 6049 smart contracts shows that FuzzDelSol's bug oracles find bugs with a high precision and recall. To the best of our knowledge, this is the largest evaluation of the security landscape on the Solana mainnet.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.2309.03006</doi><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2024-12
issn 2331-8422
language eng
recordid cdi_arxiv_primary_2309_03006
source arXiv.org; Free E- Journals
subjects Binary codes
Computer Science - Cryptography and Security
Contracts
Security
Source code
State (computer science)
Statelessness
Tooling
Virtual environments
title Fuzz on the Beach: Fuzzing Solana Smart Contracts
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-19T17%3A26%3A51IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Fuzz%20on%20the%20Beach:%20Fuzzing%20Solana%20Smart%20Contracts&rft.jtitle=arXiv.org&rft.au=Smolka,%20Sven&rft.date=2024-12-15&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.2309.03006&rft_dat=%3Cproquest_arxiv%3E2861988705%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2861988705&rft_id=info:pmid/&rfr_iscdi=true