DOI: 10.1145/3808160 ISSN: 2994-970X

Odyssey: Hunting Smart Contract Vulnerabilities with Fine-Grained State Modeling and Exploration

Jianzhong Su, Mingxi Ye, Jiachi Chen, Yuhong Nan, Peilin Zheng, Tao Zhang, Zibin Zheng

With the rapid development of decentralized applications, many malicious actors exploit smart contract vulnerabilities for launching attacks. Moreover, as smart contracts utilize more state variables to support complex functionalities, some vulnerabilities require specific states to trigger (marked as vulnerable states), bringing new challenges to the vulnerability detection task. Although many smart contract fuzzers have been proposed for this task, they face limitations due to their inability to efficiently explore smart contract states.

To address this challenge, we propose a novel fuzzer, Odyssey, with fine-grained state modeling and exploration, which increases the probability of reaching vulnerable states. We improve the efficacy of the fuzzer with two key mechanisms: (1) modeling an essential state space consisting of the variables related to sensitive operations to compress the exploration scope; (2) designing state-aware exploration strategies to identify test seeds that cover new state scope or cause new state transitions, to improve the efficiency of exploration.

To evaluate the performance in vulnerability detection, we adopt Odyssey to a labeled benchmark consisting of 130 vulnerable contracts. Odyssey detects at least 70% more vulnerabilities than other fuzzers. Moreover, we evaluate Odyssey on a dataset that consists of 143 DApps (involving 437 contracts) from real-world security incidents. The experimental results demonstrate that state-aware feedback enhances the ability of Odyssey in state exploration by achieving 19% higher state coverage. Meanwhile, Odyssey totally finds 15 exploits of vulnerabilities from real-world attacks, showing its advantage in detecting real-world vulnerabilities.

More from our Archive