Research Article
Open access
Published on 24 April 2025
Download pdf
Cao,K.;Kang,Y.;Wang,X.;Wang,Z. (2025). Integrated Smart Contract Vulnerability Detection Technology Based on AFL Fuzzing Strategy and a Lightweight Seed Selection Strategy. Applied and Computational Engineering,150,63-70.
Export citation

Integrated Smart Contract Vulnerability Detection Technology Based on AFL Fuzzing Strategy and a Lightweight Seed Selection Strategy

Keyan Cao *,1, Yuxin Kang 2, Xinlei Wang 3, Zhongyang Wang 4
  • 1 School of Computer Science and Engineering, Shenyang Jianzhu University, Shenyang 110168, Liaoning, China; Liaoning Provincial Urban Construction Big Data Management and Analysis Laboratory,
  • 2 School of Computer Science and Engineering, Shenyang Jianzhu University, Shenyang 110168, Liaoning, China
  • 3 School of Computer Science and Engineering, Shenyang Jianzhu University, Shenyang 110168, Liaoning, China
  • 4 School of Computer Science and Engineering, Shenyang Jianzhu University, Shenyang 110168, Liaoning, China

* Author to whom correspondence should be addressed.

https://doi.org/10.54254/2755-2721/2025.22282

Abstract

With the continuous development of blockchain technology, thousands of smart contracts have been deployed on the blockchain, and the number of smart contract vulnerabilities has increased significantly. In the task of smart contract vulnerability detection, fuzz testing methods are usually used for detection. Existing AFL-based methods are inefficient in generating test cases that meet complex path constraints. This study addresses the limitations of traditional fuzz testing techniques in detecting vulnerabilities related to strictly constrained conditional branches in Ethereum smart contracts. To overcome this challenge, we propose a hybrid framework that combines static semantic analysis with adaptive dynamic fuzz testing and combines a lightweight heuristic seed selection mechanism to prioritize path-sensitive mutations. Our method adopts semantic-aware operators to guide targeted exploration of protected execution paths while dynamically optimizing energy allocation among test cases. Experimental evaluation on benchmark contracts shows that compared with baseline methods, the proposed framework achieves significantly improved branch coverage and accelerated vulnerability detection, especially for critical security vulnerabilities such as reentrancy and arithmetic exceptions, without sacrificing detection accuracy. The results verify the effectiveness of our method in balancing exploration efficiency and analysis rigor for blockchain-oriented security verification.

Keywords

Smart Contract, Vulnerability Detection, Fuzzing Testing, Test Case, Control Flow Graph

View pdf
References

[1]. SCHAR F. Decentralized finance: On blockchain- and smart contract-based financial markets[J]. Social Science Electronic Publishing. 2021,103(2):153-174.

[2]. Ethereum Daily Verified Contracts Chart[CP]. https://etherscan.io/charts,2020.

[3]. BUTERIN V. Criticalupdatere: Dao vulnerability[OL]. https://blog.ethereum.org/ 2016/06/17/critical-update-re-dao-vulnerability/, 2017

[4]. The Multi-sig Hack: A Postmortem. Blockchain Infrastructure for the DecentralisedWeb [OL]. https://www.parity.io/blog/the-multi-sig-hack-a-postmor tem,2017.

[5]. K. Delmolino, M. Arnett, A Kosba, et al. Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab[J]. In Proceedings of the 16th Financial Cryptography and Data Security, pp: 79-94, Berlin, 2016.

[6]. Tu Liangqiong, Sun Xiaobing, Zhang Jiale, et al. Research Review on Smart Contract Vulnerability Detection Tools [J]. Computer Science, 2021, 48(11): 10..

[7]. Zhu Yukai, Li Ying, Zhang Zhiqiang, et al. Smart Contract Vulnerability Detection Method Based on Dynamic Fuzzy Testing and Machine Learning [J]. Police Technology, 2021(6):5.

[8]. Jiang B, Liu Y, Chan W K. Contractfuzzer: Fuzzing smart contracts for vulnerability detection[C]. 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE,2018:259-269.

[9]. Nguyen T D, Pham L H, Sun J, et al. sfuzz: An efficient adaptive fuzzer for solidity smart contracts[C]. Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. 2020:778-788.

[10]. Grieco G, Song W, Cygan A, et al. Echidna: effective, usable, and fast fuzzing for smart contracts[C]. Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. 2020:557-560.

[11]. Wang Xin, Shi Qinfeng, et al. Deep Understanding of Ethereum [M]. Beijing: China Machine Press, 2019:112.

Cite this article

Cao,K.;Kang,Y.;Wang,X.;Wang,Z. (2025). Integrated Smart Contract Vulnerability Detection Technology Based on AFL Fuzzing Strategy and a Lightweight Seed Selection Strategy. Applied and Computational Engineering,150,63-70.

Data availability

The datasets used and/or analyzed during the current study will be available from the authors upon reasonable request.

Disclaimer/Publisher's Note

The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of EWA Publishing and/or the editor(s). EWA Publishing and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

About volume

Volume title: Proceedings of the 3rd International Conference on Software Engineering and Machine Learning

Conference website: https://www.confseml.org/
ISBN:978-1-80590-063-4(Print) / 978-1-80590-064-1(Online)
Conference date: 2 July 2025
Editor:Marwan Omar
Series: Applied and Computational Engineering
Volume number: Vol.150
ISSN:2755-2721(Print) / 2755-273X(Online)

© 2024 by the author(s). Licensee EWA Publishing, Oxford, UK. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license. Authors who publish this series agree to the following terms:
1. Authors retain copyright and grant the series right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this series.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the series's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this series.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See Open access policy for details).

For authors
Guide for authors Policies for authors Aims and scope Subscription Open access policy
For editors
Policies for editors Editorial board
For reviewers
Policies for reviewers Privacy policy

Cookies are used by this site.
Copyright © 2024 EWA Publishing, its licensors, and contributors. All rights reserved, including text and data mining, AI training, and similar technologies.