From 31/08/2023 to 31/12/2023
Improving Fuzzing Through Symbolic Execution
I am Simone Zerbini, 25 years old and currently I am a Research Fellow at the University of Padova. I graduated in computer engineering in 2020 and got my master degree in Cybersecurity in 2022.
Over my time as a Research Fellow, I worked mainly on a software to analyze Android applications looking for a particular type of malware. During my studies and my time as a Research fellow, I learned about vulnerability detection techniques such as fuzzing and symbolic execution. I was very interested in how these techniques could detect bugs and avoid developer oversights that can create significant damage.
Smart contracts are programs that run on a blockchain.
They currently manage hundreds of millions of dollars in digital assets, and their trend is expected to increase. Over the last years, they suffered from exploits costing millions of dollars due to simple programming mistakes.
For this reason, smart contracts need to be thoroughly tested before being deployed to the blockchain.
Our work begins with an evaluation of currently available vulnerability detection tools for smart contracts. These tools leverage techniques such as fuzzing and symbolic execution. Next, our goal is to develop a tool that, once a vulnerability is detected, automatically suggests a fix by leveraging an LLM (aka Large Language Model, ChatGPT is an LLM).
The first challenge to be addressed is to find an optimal representation of the contract code and the detected vulnerability in order to improve the efficiency of the LLM.
A second important challenge is the validation of the patch created by the LLM. In fact, once a patch is created, it must be validated to make sure that the vulnerability has been fixed and, more importantly, that the logic of the contract has not been compromised.