mufuzz's Introduction

MuFuzz

MuFuzz: Sequence-Aware Mutation and Seed Mask Guidance for Blockchain Smart Contract Fuzzing

Requirements

MuFuzz is executed on Linux (ideally Ubuntu 18.04).

Dependencies:

CMake: >=3.5.1
Python: >=3.5（ideally 3.6）
Go: 1.15
leveldb
Geth & Tools
solc: 0.4.26
numpy

Architecture

$(MuFuzz)
├── sFuzz
│   ├── fuzzer
│   ├── libfuzzer
│   ├── liboracle
│   └── ...
├── bran
│   └── ...
├── tools
│   ├── requirements.txt
│   └── ...
├── assets
│   ├── ReentrancyAttacker_model.sol
│   ├── ReentrancyAttacker.sol
│   └── ...
├── source_code
│   └── ...
├── clean_source_code
│   └── ...
├── contracts
│   └── ...
├── branch_msg
│   └── ...
├── logs
│   └── ...
├── fuzz
├── initial_.sh
├── rename_src.sh
├── run.sh
└── README.md

sFuzz: The basic fuzzing module of MuFuzz
bran: The abstract interpreter for path analysis
tools: The static analysis tools for extracting vulnerability-specific patterns
- requirements.txt：Required python dependencies
assets:
- ReentrancyAttacker_model.sol: The template for constructing an attacker contract
- ReentrancyAttacker.sol: The attacker contract generated based on the template
source_code: Store the source code (.sol) of a contract
clean_source_code: Store the clean source code (.sol) of a contract
contracts/example1: Store the compiled results of a contract
branch_msg: Store the intermediate representations of a contract
logs: Store the execution report during fuzzing
fuzz: The complied executable fuzzer file (if you want to re-compile a fuzz file, you can refer to the following complete execution)

Quick Start

Rename contract under test

./rename_src.sh

Execute the fuzzer

./run.sh

Complete Execution

Initialization and Install system dependencies (This step will consume a lot of time.)

./initial_.sh

Make workspace for the contract in directory source_code and clean_source_code

./rename_src.sh

Run MuFuzz

./run.sh

Note: if you download the boost version >= 1.7.0, you may need to update the ".get_io_service()" (in sFuzz/libp2p/RLPxHandshake.h) to ".get_executor()".

Parameters Illustration

-p: prefuzz (path searching)
-r: report
-d: duration (fuzzing time)
-m: mode (1: mask, 0: default)
-o: order (1: new sequence, 0: default)

Dataset

We make all three datasets used in our paper publicly available. Download

mufuzz's People

Contributors

Stargazers

Watchers

mufuzz's Issues

chmod: cannot access 'fuzzMe': No such file or directory

chmod: cannot access 'fuzzMe': No such file or directory
./contracts/example/GuessNum.sol:21:37: Error: Expected ';' but got '{'
address(msg.sender).call{value: userBalance[msg.sender]}("");
^
GuessNum
./run.sh: line 19: evm: command not found
empty json file!
sudo: ./analyse_prefix_linuxarm64: command not found
chmod: cannot access 'fuzzMe': No such file or directory
empty json file!
我在执行./run.sh的时候总是提示一些环境未安装好，请问可以提供一个docker之类的环境么

Recommend Projects

messi-q / mufuzz Goto Github PK

mufuzz's Introduction

MuFuzz

Requirements

Architecture

Quick Start

Complete Execution

Parameters Illustration

Dataset

mufuzz's People

Contributors

Stargazers

Watchers

Forkers

mufuzz's Issues

chmod: cannot access 'fuzzMe': No such file or directory

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent