ItyFuzz is a novel snapshot-based fuzzer developed for testing smart contracts. Smart contracts, being critical financial instruments, require robust security measures. However, their testing is challenging due to the persistent blockchain state behind all transactions. ItyFuzz addresses this issue by snapshotting states and singleton transactions, rather than storing sequences of transactions. It introduces a dataflow waypoint mechanism to identify states with more potential momentum and incorporates comparison waypoints to prune the space of states. ItyFuzz can synthesize concrete exploits like reentrancy attacks quickly and is suitable for on-chain testing due to its second-level response time.
Publication date: June 29, 2023
Project Page: N/A
Paper: https://arxiv.org/pdf/2306.17135.pdf
