sFuzz – Smart Fuzzing Contracts
In essence, smart contracts are computer programs which are automatically executed on a distributed blockchain infrastructure. Popular applications of smart contracts include crowd fund raising and online gambling, which often involve monetary transactions as part of the contract. Smart contracts in Ethereum are written in a programming language called Solidity. Like traditional programs, smart contracts written in Solidity may contain vulnerabilities, which potentially lead to attacks. The problem is magnified by the fact that smart contracts, unlike ordinary programs, cannot be patched once they are deployed on the blockchain.
sFuzz is a smart contract fuzzer which is based on and extends the well-known AFL fuzzer for C programs. It implements a novel adaptive searching strategy for maximizing the test coverage of smart contracts. It is the most efficient fuzzer Solidity/EVM smart contracts.
sFuzz is available for testing and evaluation at https://contract.guardstrike.com/#/scan
A research version of sFuzz is available at https://github.com/duytai/sFuzz. We welcome any enquiry and/or collaboration.