bibliography.bib

@inproceedings{jiang_contractfuzzer_2018,
	title = {{ContractFuzzer}: Fuzzing Smart Contracts for Vulnerability Detection},
	url = {http://arxiv.org/abs/1807.03932},
	doi = {10.1145/3238147.3238177},
	shorttitle = {{ContractFuzzer}},
	abstract = {Decentralized cryptocurrencies feature the use of blockchain to transfer values among peers on networks without central agency. Smart contracts are programs running on top of the blockchain consensus protocol to enable people make agreements while minimizing trusts. Millions of smart contracts have been deployed in various decentralized applications. The security vulnerabilities within those smart contracts pose significant threats to their applications. Indeed, many critical security vulnerabilities within smart contracts on Ethereum platform have caused huge financial losses to their users. In this work, we present {ContractFuzzer}, a novel fuzzer to test Ethereum smart contracts for security vulnerabilities. {ContractFuzzer} generates fuzzing inputs based on the {ABI} specifications of smart contracts, defines test oracles to detect security vulnerabilities, instruments the {EVM} to log smart contracts runtime behaviors, and analyzes these logs to report security vulnerabilities. Our fuzzing of 6991 smart contracts has flagged more than 459 vulnerabilities with high precision. In particular, our fuzzing tool successfully detects the vulnerability of the {DAO} contract that leads to {USD} 60 million loss and the vulnerabilities of Parity Wallet that have led to the loss of \$30 million and the freezing of {USD} 150 million worth of Ether.},
	pages = {259--269},
	booktitle = {Proceedings of the 33rd {ACM}/{IEEE} International Conference on Automated Software Engineering},
	author = {Jiang, Bo and Liu, Ye and Chan, W. K.},
	urldate = {2023-03-21},
	date = {2018-09-03},
	eprinttype = {arxiv},
	eprint = {1807.03932 [cs]},
	keywords = {Computer Science - Cryptography and Security, Computer Science - Software Engineering},
	file = {arXiv Fulltext PDF:/home/denis/Zotero/storage/ZMPB2JDF/Jiang et al. - 2018 - ContractFuzzer Fuzzing Smart Contracts for Vulner.pdf:application/pdf;arXiv.org Snapshot:/home/denis/Zotero/storage/92MIDBSE/1807.html:text/html},
}

@inproceedings{guo_analysis_2022,
	title = {Analysis between different types of smart contract fuzzing},
	doi = {10.1109/CVIDLICCEA56201.2022.9825021},
	abstract = {The security problem within cryptocurrencies has high priority since it is published. The news of cryptocurrencies attack is keeping rising, and types of attacks are recorded as the classical security issues such as the most famous one decentralized autonomous organization ({DAO}) attack and which caused 3.6 million cryptocurrencies stolen. Thus, with the ripe fuzzing technique, using such testing skills on smart contracts to discover more bugs and leaks hidden in cryptocurrencies in a more automatic and intelligent approach could bring huge benefits. This paper is aimed to analyze the variation from the very first smart contract tools to the newest one, to discuss their pros and cons of them. This experiment mainly chose three fuzzing tools, several basic and classic smart contracts as tested material, and recorded the performance of fuzzing contracts of each tool. And the results are clear to show that even the newest fuzzer has a better performance than the other, but it is better to use it depending on the specific requirements while the rest of the two fuzzing tools has some advantages in some aspect. Therefore, this paper could make guidance for the later researcher to use exactly the type of fuzzer they need.},
	eventtitle = {2022 3rd International Conference on Computer Vision, Image and Deep Learning \& International Conference on Computer Engineering and Applications ({CVIDL} \& {ICCEA})},
	pages = {882--886},
	booktitle = {2022 3rd International Conference on Computer Vision, Image and Deep Learning \& International Conference on Computer Engineering and Applications ({CVIDL} \& {ICCEA})},
	author = {Guo, Xiang},
	date = {2022-05},
	keywords = {Codes, Computer bugs, Fuzzing, Smart contracts, Costs, Decentralized autonomous organization, Dynamic scheduling, Ethereum, Fuzzing methods, Fuzzing tools, Smart contract},
	file = {IEEE Xplore Abstract Record:/home/denis/Zotero/storage/ZXAX698P/9825021.html:text/html},
}

@inproceedings{zhang_ethploit_2020,
	title = {{EthPloit}: From Fuzzing to Efficient Exploit Generation against Smart Contracts},
	doi = {10.1109/SANER48275.2020.9054822},
	shorttitle = {{EthPloit}},
	abstract = {Smart contracts, programs running on blockchain systems, leverage diverse decentralized applications ({DApps}). Unfortunately, well-known smart contract platforms, Ethereum for example, face serious security problems. Exploits to contracts may cause enormous financial losses, which emphasize the importance of smart contract testing. However, current exploit generation tools have difficulty to solve hard constraints in execution paths and cannot simulate the blockchain behaviors very well. These problems cause a loss of coverage and accuracy of exploit generation. To overcome the problems, we design and implement {EthPloit}, a smart contract exploit generator based on fuzzing. {EthPloit} adopts static taint analysis to generate exploit-targeted transaction sequences, a dynamic seed strategy to pass hard constraints and an instrumented Ethereum Virtual Machine to simulate blockchain behaviors. We evaluate {EthPloit} on 45,308 smart contracts and discovered 554 exploitable contracts. {EthPloit} automatically generated 644 exploits without any false positive and 306 of them cannot be generated by previous exploit generation tools.},
	eventtitle = {2020 {IEEE} 27th International Conference on Software Analysis, Evolution and Reengineering ({SANER})},
	pages = {116--126},
	booktitle = {2020 {IEEE} 27th International Conference on Software Analysis, Evolution and Reengineering ({SANER})},
	author = {Zhang, Qingzhao and Wang, Yizhuo and Li, Juanru and Ma, Siqi},
	date = {2020-02},
	note = {{ISSN}: 1534-5351},
	keywords = {fuzzing, Fuzzing, smart contract, Smart contracts, Decentralized applications, exploitation, Generators, Instruments, Software, Virtual machining},
	file = {IEEE Xplore Abstract Record:/home/denis/Zotero/storage/Q42TMEF5/9054822.html:text/html},
}

@inproceedings{wustholz_harvey_2020,
	location = {New York, {NY}, {USA}},
	title = {Harvey: a greybox fuzzer for smart contracts},
	isbn = {978-1-4503-7043-1},
	url = {https://doi.org/10.1145/3368089.3417064},
	doi = {10.1145/3368089.3417064},
	series = {{ESEC}/{FSE} 2020},
	shorttitle = {Harvey},
	abstract = {We present Harvey, an industrial greybox fuzzer for smart contracts, which are programs managing accounts on a blockchain. Greybox fuzzing is a lightweight test-generation approach that effectively detects bugs and security vulnerabilities. However, greybox fuzzers randomly mutate program inputs to exercise new paths; this makes it challenging to cover code that is guarded by narrow checks. Moreover, most real-world smart contracts transition through many different states during their lifetime, e.g., for every bid in an auction. To explore these states and thereby detect deep vulnerabilities, a greybox fuzzer would need to generate sequences of contract transactions, e.g., by creating bids from multiple users, while keeping the search space and test suite tractable. In this paper, we explain how Harvey alleviates both challenges with two key techniques. First, Harvey extends standard greybox fuzzing with a method for predicting new inputs that are more likely to cover new paths or reveal vulnerabilities in smart contracts. Second, it fuzzes transaction sequences in a targeted and demand-driven way. We have evaluated our approach on 27 real-world contracts. Our experiments show that our techniques significantly increase Harvey's effectiveness in achieving high coverage and detecting vulnerabilities, in most cases orders-of-magnitude faster.},
	pages = {1398--1409},
	booktitle = {Proceedings of the 28th {ACM} Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering},
	publisher = {Association for Computing Machinery},
	author = {Wüstholz, Valentin and Christakis, Maria},
	urldate = {2023-03-21},
	date = {2020-11-08},
	keywords = {smart contracts, automated testing, greybox fuzzing},
	file = {Submitted Version:/home/denis/Zotero/storage/5M7PU8WC/Wüstholz and Christakis - 2020 - Harvey a greybox fuzzer for smart contracts.pdf:application/pdf},
}

@inproceedings{huang_eosfuzzer_2021,
	location = {New York, {NY}, {USA}},
	title = {{EOSFuzzer}: Fuzzing {EOSIO} Smart Contracts for Vulnerability Detection},
	isbn = {978-1-4503-8819-1},
	url = {https://doi.org/10.1145/3457913.3457920},
	doi = {10.1145/3457913.3457920},
	series = {Internetware '20},
	shorttitle = {{EOSFuzzer}},
	abstract = {{EOSIO} is one typical public blockchain platform. It is scalable in terms of transaction speeds and has a growing ecosystem supporting smart contracts and decentralized applications. However, the vulnerabilities within the {EOSIO} smart contracts have led to serious attacks, which caused serious financial loss to its end users. In this work, we systematically analyzed three typical {EOSIO} smart contract vulnerabilities and their related attacks. Then we presented {EOSFuzzer}, a general black-box fuzzing framework to detect vulnerabilities within {EOSIO} smart contracts. In particular, {EOSFuzzer} proposed effective attacking scenarios and test oracles for {EOSIO} smart contract fuzzing. Our fuzzing experiment on 3963 {EOSIO} smart contracts shows that {EOSFuzzer} is both effective and efficient to detect {EOSIO} smart contract vulnerabilities with high accuracy.},
	pages = {99--109},
	booktitle = {Proceedings of the 12th Asia-Pacific Symposium on Internetware},
	publisher = {Association for Computing Machinery},
	author = {Huang, Yuhe and Jiang, Bo and Chan, W. K.},
	urldate = {2023-03-21},
	date = {2021-07-21},
	keywords = {Fuzzing, Smart contract, Blockchain, Vulnerability detection},
	file = {Submitted Version:/home/denis/Zotero/storage/SBD8JKRL/Huang et al. - 2021 - EOSFuzzer Fuzzing EOSIO Smart Contracts for Vulne.pdf:application/pdf},
}

@inproceedings{ding_hfcontractfuzzer_2021,
	location = {New York, {NY}, {USA}},
	title = {{HFContractFuzzer}: Fuzzing Hyperledger Fabric Smart Contracts for Vulnerability Detection},
	isbn = {978-1-4503-9053-8},
	url = {https://doi.org/10.1145/3463274.3463351},
	doi = {10.1145/3463274.3463351},
	series = {{EASE} 2021},
	shorttitle = {{HFContractFuzzer}},
	abstract = {With its unique advantages such as decentralization and immutability, blockchain technology has been widely used in various fields in recent years. The smart contract running on the blockchain is also playing an increasingly important role in decentralized application scenarios. Therefore, the automatic detection of security vulnerabilities in smart contracts has become an urgent problem in the application of blockchain technology. Hyperledger Fabric is a smart contract platform based on enterprise-level licensed distributed ledger technology. However, the research on the vulnerability detection technology of Hyperledger Fabric smart contracts is still in its infancy. In this paper, we propose {HFContractFuzzer}, a method based on Fuzzing technology to detect Hyperledger Fabric smart contracts, which combines a Fuzzing tool for golang named go-fuzz and smart contracts written by golang. We use {HFContractFuzzer} to detect vulnerabilities in five contracts from typical sources and discover that four of them have security vulnerabilities, proving the effectiveness of the proposed method.},
	pages = {321--328},
	booktitle = {Evaluation and Assessment in Software Engineering},
	publisher = {Association for Computing Machinery},
	author = {Ding, Mengjie and Li, Peiru and Li, Shanshan and Zhang, He},
	urldate = {2023-03-21},
	date = {2021-06-21},
	keywords = {Fuzzing, Blockchain, Hyperledger Fabric, Security Vulnerability, Smart Contract},
	file = {Submitted Version:/home/denis/Zotero/storage/V6S9HF44/Ding et al. - 2021 - HFContractFuzzer Fuzzing Hyperledger Fabric Smart.pdf:application/pdf},
}

@article{ashraf_gasfuzzer_2020,
	title = {{GasFuzzer}: Fuzzing Ethereum Smart Contract Binaries to Expose Gas-Oriented Exception Security Vulnerabilities},
	volume = {8},
	issn = {2169-3536},
	doi = {10.1109/ACCESS.2020.2995183},
	shorttitle = {{GasFuzzer}},
	abstract = {Ethereum is a kind of blockchain platform where developers may develop and run programs called smart contracts. It inherently relies on gas consumption within a specified allowance to constrain code execution, making every instruction along an execution path to be a location for raising an exception. In this paper, we present {GasFuzzer}, the first work in exploring the effects of gas allowance manipulation to expose gas-oriented exception security vulnerabilities. {GasFuzzer} consists of two phases. The first phase introduces a gas-greedy strategy to favor transactions having higher gas consumption for mutation to obtain test transactions with different gas consumptions. The second phase introduces a novel notion of fractional gas consumption coverage and a novel gas-leveling strategy. It applies them to mutate the gas allowances of some of these transactions resulting in the highest gas consumptions produced in the first phase followed by applying these allowance-mutated transactions together with those which remained non-mutated to fuzz test the smart contract. We report an evaluation of {GasFuzzer} via an experiment on 3170 real-world smart contracts deployed on the public Ethereum Blockchain between October 2017 and July 2019. The findings show that {GasFuzzer} with gas-greedy strategy can detect more Exceptions Disorder kind of security vulnerabilities (7 more cases) than the previous state-of-the-art black-box fuzzer, and {GasFuzzer} with gas-leveling strategy and gas coverage criterion can detect 6 additional cases of Exceptions Disorder security vulnerabilities, which is significant.},
	pages = {99552--99564},
	journaltitle = {{IEEE} Access},
	author = {Ashraf, Imran and Ma, Xiaoxue and Jiang, Bo and Chan, W. K.},
	date = {2020},
	note = {Conference Name: {IEEE} Access},
	keywords = {fuzzing, Fuzzing, smart contract, software testing, Ethereum, Virtual machining, Blockchain, atomicity violation, Computer science, Fuzzer, gas consumption, security vulnerability, vulnerability triggering},
	file = {IEEE Xplore Abstract Record:/home/denis/Zotero/storage/DDXQAIV4/9094680.html:text/html;IEEE Xplore Full Text PDF:/home/denis/Zotero/storage/PLYRGWUY/Ashraf et al. - 2020 - GasFuzzer Fuzzing Ethereum Smart Contract Binarie.pdf:application/pdf},
}

@inproceedings{pani_smart_2022,
	title = {Smart Contract Fuzzing for Enterprises: The Language Agnostic Way},
	doi = {10.1109/COMSNETS53615.2022.9668512},
	shorttitle = {Smart Contract Fuzzing for Enterprises},
	abstract = {Blockchain based applications backed by smart contracts are becoming increasingly popular in various domains. Smart contracts are vulnerable to attacks due to bugs in them and such attacks resulted in huge monetary losses, disruption in operation and so on in the past. Fuzz testing is one of the prominent methods used for identifying bugs in blockchain smart contracts. Multiple fuzzers are used for fuzzing smart contracts written in different programming languages. However, maintenance of multiple fuzzers become prohibitively difficult in an enterprise {DevOps} setup, in terms of skills, time, and efforts required in patching and keeping them up to date. Hence, we propose a novel vulnerability detection framework which uses a single fuzzer to fuzz smart contracts written in different programming languages, using {LLVM} {IR}. In this paper, we validated the proposed framework by testing Hyperledger Fabric smart contracts using fuzzing tools {AFL}++ and Honggfuzz and presented the results.},
	eventtitle = {2022 14th International Conference on {COMmunication} Systems \& {NETworkS} ({COMSNETS})},
	pages = {1--6},
	booktitle = {2022 14th International Conference on {COMmunication} Systems \& {NETworkS} ({COMSNETS})},
	author = {Pani, Siddhasagar and Nallagonda, Harshita Vani and Prakash, Saumya and R, Vigneswaran and Medicherla, Raveendra Kumar and A, Rajan M},
	date = {2022-01},
	note = {{ISSN}: 2155-2509},
	keywords = {Computer bugs, Fuzzing, Smart contracts, Blockchain, Computer languages, Distributed ledger, Fabrics, {LLVM} {IR}, Maintenance engineering, Smart Contracts},
}

@inproceedings{liao_soliaudit_2019,
	title = {{SoliAudit}: Smart Contract Vulnerability Assessment Based on Machine Learning and Fuzz Testing},
	doi = {10.1109/IOTSMS48152.2019.8939256},
	shorttitle = {{SoliAudit}},
	abstract = {Blockchain has flourished in recent years. As a decentralized system architecture, smart contracts give the blockchain a user-defined logical concept. The smart contract is an executable program that can be used for automatic transactions on the Ethereum blockchain. In 2016, the {DAO} attack resulted in the theft of 60M {USD} due to unsafe smart contracts. Smart contracts are vulnerable to hacking because they are difficult to patch and there is a lack of assessment standards for ensuring their quality. Hackers can exploit the vulnerabilities in smart contracts when they have been published on Ethereum. Thus, this study presents {SoliAudit} (Solidity Audit), which uses machine learning and fuzz testing for smart contract vulnerability assessment. {SoliAudit} employs machine learning technology using Solidity machine code as learning features to verify 13 kinds of vulnerabilities, which have been listed as Top 10 threats by an open security organization. We also created a gray-box fuzz testing mechanism, which consists of a fuzzer contract and a simulated blockchain environment for on-line transaction verification. Different from previous research systems, {SoliAudit} can detect vulnerabilities without expert knowledge or predefined patterns. We subjected {SoliAudit} to real-world evaluation by using near 18k smart contracts from the Ethereum blockchain and Capture-the-Flag samples. The results show that the accuracy of {SoliAudit} can reach to 90\% and the fuzzing can help identify potential weaknesses, including reentrancy and arithmetic overflow problems.},
	eventtitle = {2019 Sixth International Conference on Internet of Things: Systems, Management and Security ({IOTSMS})},
	pages = {458--465},
	booktitle = {2019 Sixth International Conference on Internet of Things: Systems, Management and Security ({IOTSMS})},
	author = {Liao, Jian-Wei and Tsai, Tsung-Ta and He, Chia-Kang and Tien, Chin-Wei},
	date = {2019-10},
	keywords = {Fuzzing, Smart contracts, Smart contract, Blockchain, Feature extraction, fuzz testing, machine learning, Machine learning, Security, vulnerability},
	file = {IEEE Xplore Abstract Record:/home/denis/Zotero/storage/34WWBVJ3/8939256.html:text/html},
}

@inproceedings{mossberg_manticore_2019,
	title = {Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts},
	doi = {10.1109/ASE.2019.00133},
	shorttitle = {Manticore},
	abstract = {An effective way to maximize code coverage in software tests is through dynamic symbolic execution-a technique that uses constraint solving to systematically explore a program's state space. We introduce an open-source dynamic symbolic execution framework called Manticore for analyzing binaries and Ethereum smart contracts. Manticore's flexible architecture allows it to support both traditional and exotic execution environments, and its {API} allows users to customize their analysis. Here, we discuss Manticore's architecture and demonstrate the capabilities we have used to find bugs and verify the correctness of code for our commercial clients.},
	eventtitle = {2019 34th {IEEE}/{ACM} International Conference on Automated Software Engineering ({ASE})},
	pages = {1186--1189},
	booktitle = {2019 34th {IEEE}/{ACM} International Conference on Automated Software Engineering ({ASE})},
	author = {Mossberg, Mark and Manzano, Felipe and Hennenfent, Eric and Groce, Alex and Grieco, Gustavo and Feist, Josselin and Brunson, Trent and Dinaburg, Artem},
	date = {2019-11},
	note = {{ISSN}: 2643-1572},
	keywords = {Benchmark testing, smart contract, Smart contracts, Computer architecture, Engines, ethereum, manticore, mcore, symbolic execution, Tools, Weapons},
	file = {IEEE Xplore Abstract Record:/home/denis/Zotero/storage/GN8XWGWQ/8952204.html:text/html;Submitted Version:/home/denis/Zotero/storage/RLLKVWIX/Mossberg et al. - 2019 - Manticore A User-Friendly Symbolic Execution Fram.pdf:application/pdf},
}

@inproceedings{he_learning_2019,
	location = {New York, {NY}, {USA}},
	title = {Learning to Fuzz from Symbolic Execution with Application to Smart Contracts},
	isbn = {978-1-4503-6747-9},
	url = {https://doi.org/10.1145/3319535.3363230},
	doi = {10.1145/3319535.3363230},
	series = {{CCS} '19},
	abstract = {Fuzzing and symbolic execution are two complementary techniques for discovering software vulnerabilities. Fuzzing is fast and scalable, but can be ineffective when it fails to randomly select the right inputs. Symbolic execution is thorough but slow and often does not scale to deep program paths with complex path conditions. In this work, we propose to learn an effective and fast fuzzer from symbolic execution, by phrasing the learning task in the framework of imitation learning. During learning, a symbolic execution expert generates a large number of quality inputs improving coverage on thousands of programs. Then, a fuzzing policy, represented with a suitable architecture of neural networks, is trained on the generated dataset. The learned policy can then be used to fuzz new programs. We instantiate our approach to the problem of fuzzing smart contracts, a domain where contracts often implement similar functionality (facilitating learning) and security is of utmost importance. We present an end-to-end system, {ILF} (for Imitation Learning based Fuzzer), and an extensive evaluation over {\textgreater}18K contracts. Our results show that {ILF} is effective: (i) it is fast, generating 148 transactions per second, (ii) it outperforms existing fuzzers (e.g., achieving 33\% more coverage), and (iii) it detects more vulnerabilities than existing fuzzing and symbolic execution tools for Ethereum.},
	pages = {531--548},
	booktitle = {Proceedings of the 2019 {ACM} {SIGSAC} Conference on Computer and Communications Security},
	publisher = {Association for Computing Machinery},
	author = {He, Jingxuan and Balunović, Mislav and Ambroladze, Nodar and Tsankov, Petar and Vechev, Martin},
	urldate = {2023-03-22},
	date = {2019-11-06},
	keywords = {fuzzing, smart contracts, symbolic execution, imitation learning},
}

@inproceedings{choi_smartian_2022,
	location = {Melbourne, Australia},
	title = {{SMARTIAN}: enhancing smart contract fuzzing with static and dynamic data-flow analyses},
	isbn = {978-1-66540-337-5},
	url = {https://dl.acm.org/doi/10.1109/ASE51524.2021.9678888},
	doi = {10.1109/ASE51524.2021.9678888},
	series = {{ASE} '21},
	shorttitle = {{SMARTIAN}},
	abstract = {Unlike traditional software, smart contracts have the unique organization in which a sequence of transactions shares persistent states. Unfortunately, such a characteristic makes it difficult for existing fuzzers to find out critical transaction sequences. To tackle this challenge, we employ both static and dynamic analyses for fuzzing smart contracts. First, we statically analyze smart contract bytecodes to predict which transaction sequences will lead to effective testing, and figure out if there is a certain constraint that each transaction should satisfy. Such information is then passed to the fuzzing phase and used to construct an initial seed corpus. During a fuzzing campaign, we perform a lightweight dynamic data-flow analysis to collect data-flow-based feedback to effectively guide fuzzing. We implement our ideas on a practical open-source fuzzer, named Smartian. Smartian can discover bugs in real-world smart contracts without the need for the source code. Our experimental results show that Smartian is more effective than existing state-of-the-art tools in finding known {CVEs} from real-world contracts. Smartian also outperforms other tools in terms of code coverage.},
	pages = {227--239},
	booktitle = {Proceedings of the 36th {IEEE}/{ACM} International Conference on Automated Software Engineering},
	publisher = {{IEEE} Press},
	author = {Choi, Jaeseung and Kim, Doyeon and Kim, Soomin and Grieco, Gustavo and Groce, Alex and Cha, Sang Kil},
	urldate = {2023-03-29},
	date = {2022-06-24},
	file = {Full Text PDF:/home/denis/Zotero/storage/DSHWMRGU/Choi et al. - 2022 - SMARTIAN enhancing smart contract fuzzing with st.pdf:application/pdf},
}

@article{rautenberg_case_2022,
	title = {A Case Study of Security Vulnerabilities in Smart Contracts},
	url = {https://www.net.in.tum.de/fileadmin/TUM/NET/NET-2022-11-1/NET-2022-11-1_10.pdf},
	doi = {10.2313/NET-2022-11-1_10},
	abstract = {Ethereum is the first blockchain network that introduced smart contracts which is code that can be executed on a distributed and publicly visible ledger. This makes a trustless and secure system of transaction possible that can not be altered after execution. As a result handling transactions and contracts is significantly improved no matter if the data being processed is tangible or intangible. To ensure this system is appropriate for use in a large scale it is important to analyze the security of it, what possible vulnerabilities the programming language has and how to minimize them which we conclude in a case study that refers to related work and combines all the conclusions. Subsequently we come to the deduction that Turing Completeness is rarely needed in terms of functionality in smart contract programming languages and rather harms the security of it.},
	author = {Rautenberg, Marvin},
	editora = {Architectures, Chair Of Network},
	editoratype = {collaborator},
	urldate = {2023-04-02},
	date = {2022},
	langid = {english},
	note = {Medium: {PDF}
Publisher: Chair of Network Architectures and Services, School of Computation, Information and Technology, Technical University of Munich},
	file = {Rautenberg - 2022 - A Case Study of Security Vulnerabilities in Smart .pdf:/home/denis/Zotero/storage/5GJ7FHWF/Rautenberg - 2022 - A Case Study of Security Vulnerabilities in Smart .pdf:application/pdf},
}

@online{noauthor_automated_nodate,
	title = {Automated testing for Algorand smart contracts, part 1},
	url = {https://www.codecapers.com.au/automated-testing-algorand-1/},
	urldate = {2023-05-03},
	file = {Automated testing for Algorand smart contracts, part 1:/home/denis/Zotero/storage/XYAFNQI8/automated-testing-algorand-1.html:text/html},
}

@online{noauthor_automated_nodate-1,
	title = {Automated testing for Algorand smart contracts, part 2},
	url = {https://www.codecapers.com.au/automated-testing-algorand-2/},
	urldate = {2023-05-03},
	file = {Automated testing for Algorand smart contracts, part 2:/home/denis/Zotero/storage/II8LVLTC/automated-testing-algorand-2.html:text/html},
}

@online{noauthor_automated_nodate-2,
	title = {Automated testing for Algorand smart contracts, part 3},
	url = {https://www.codecapers.com.au/automated-testing-algorand-3/},
	urldate = {2023-05-03},
	file = {Automated testing for Algorand smart contracts, part 3:/home/denis/Zotero/storage/IIX5U4H8/automated-testing-algorand-3.html:text/html},
}

@online{noauthor_abi_nodate,
	title = {{ABI} details - Algorand Developer Portal},
	url = {https://developer.algorand.org/docs/get-details/dapps/smart-contracts/ABI/},
	abstract = {Algorand Developer Docs, {SDKs}, {REST} {APIs}, {CLI} tools, ecosystem projects, metrics dashboard and sample code, how-tos, and news from the Algorand developer community},
	urldate = {2023-05-09},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/23VDCVT8/ABI.html:text/html},
}

@online{michal_zalewski_binary_2014,
	title = {Binary fuzzing strategies: what works, what doesn't},
	url = {https://lcamtuf.blogspot.com/2014/08/binary-fuzzing-strategies-what-works.html},
	shorttitle = {Binary fuzzing strategies},
	author = {{Michał Zalewski}},
	urldate = {2023-05-21},
	date = {2014-08-08},
	file = {Blogspot Snapshot:/home/denis/Zotero/storage/Z54IREAX/binary-fuzzing-strategies-what-works.html:text/html},
}

@online{noauthor_american_nodate,
	title = {american fuzzy lop},
	url = {https://lcamtuf.coredump.cx/afl/},
	urldate = {2023-05-21},
	file = {american fuzzy lop:/home/denis/Zotero/storage/8CB9ZGX4/afl.html:text/html},
}

@article{natella_stateafl_2022,
	title = {{StateAFL}: Greybox fuzzing for stateful network servers},
	volume = {27},
	issn = {1573-7616},
	url = {https://doi.org/10.1007/s10664-022-10233-3},
	doi = {10.1007/s10664-022-10233-3},
	shorttitle = {{StateAFL}},
	abstract = {Fuzzing network servers is a technical challenge, since the behavior of the target server depends on its state over a sequence of multiple messages. Existing solutions are costly and difficult to use, as they rely on manually-customized artifacts such as protocol models, protocol parsers, and learning frameworks. The aim of this work is to develop a greybox fuzzer ({StateAFL}) for network servers that only relies on lightweight analysis of the target program, with no manual customization, in a similar way to what the {AFL} fuzzer achieved for stateless programs. The proposed fuzzer instruments the target server at compile-time, to insert probes on memory allocations and network I/O operations. At run-time, it infers the current protocol state of the target server by taking snapshots of long-lived memory areas, and by applying a fuzzy hashing algorithm (Locality-Sensitive Hashing) to map memory contents to a unique state identifier. The fuzzer incrementally builds a protocol state machine for guiding fuzzing. We implemented and released {StateAFL} as open-source software. As a basis for reproducible experimentation, we integrated {StateAFL} with a large set of network servers for popular protocols, with no manual customization to accomodate for the protocol. The experimental results show that the fuzzer can be applied with no manual customization on a large set of network servers for popular protocols, and that it can achieve comparable, or even better code coverage and bug detection than customized fuzzing. Moreover, our qualitative analysis shows that states inferred from memory better reflect the server behavior than only using response codes from messages.},
	pages = {191},
	number = {7},
	journaltitle = {Empirical Software Engineering},
	shortjournal = {Empir Software Eng},
	author = {Natella, Roberto},
	urldate = {2023-05-30},
	date = {2022-10-04},
	langid = {english},
	keywords = {Fuzzing, Security, Network servers},
	file = {Full Text PDF:/home/denis/Zotero/storage/HFBLY792/Natella - 2022 - StateAFL Greybox fuzzing for stateful network ser.pdf:application/pdf},
}

@inproceedings{grieco_echidna_2020,
	location = {Virtual Event {USA}},
	title = {Echidna: effective, usable, and fast fuzzing for smart contracts},
	isbn = {978-1-4503-8008-9},
	url = {https://dl.acm.org/doi/10.1145/3395363.3404366},
	doi = {10.1145/3395363.3404366},
	shorttitle = {Echidna},
	eventtitle = {{ISSTA} '20: 29th {ACM} {SIGSOFT} International Symposium on Software Testing and Analysis},
	pages = {557--560},
	booktitle = {Proceedings of the 29th {ACM} {SIGSOFT} International Symposium on Software Testing and Analysis},
	publisher = {{ACM}},
	author = {Grieco, Gustavo and Song, Will and Cygan, Artur and Feist, Josselin and Groce, Alex},
	urldate = {2023-06-03},
	date = {2020-07-18},
	langid = {english},
	file = {Full Text PDF:/home/denis/Zotero/storage/RNJFUEBM/Grieco et al. - 2020 - Echidna effective, usable, and fast fuzzing for s.pdf:application/pdf},
}

@inproceedings{nguyen_sfuzz_2020,
	location = {Seoul South Korea},
	title = {{sFuzz}: an efficient adaptive fuzzer for solidity smart contracts},
	isbn = {978-1-4503-7121-6},
	url = {https://dl.acm.org/doi/10.1145/3377811.3380334},
	doi = {10.1145/3377811.3380334},
	shorttitle = {{sFuzz}},
	eventtitle = {{ICSE} '20: 42nd International Conference on Software Engineering},
	pages = {778--788},
	booktitle = {Proceedings of the {ACM}/{IEEE} 42nd International Conference on Software Engineering},
	publisher = {{ACM}},
	author = {Nguyen, Tai D. and Pham, Long H. and Sun, Jun and Lin, Yun and Minh, Quang Tran},
	urldate = {2023-06-06},
	date = {2020-06-27},
	langid = {english},
	file = {Full Text PDF:/home/denis/Zotero/storage/PTMF8TUB/Nguyen et al. - 2020 - sFuzz an efficient adaptive fuzzer for solidity s.pdf:application/pdf},
}

@misc{chen_algorand_2017,
	title = {Algorand},
	url = {http://arxiv.org/abs/1607.01341},
	doi = {10.48550/arXiv.1607.01341},
	abstract = {A public ledger is a tamperproof sequence of data that can be read and augmented by everyone. Public ledgers have innumerable and compelling uses. They can secure, in plain sight, all kinds of transactions ---such as titles, sales, and payments--- in the exact order in which they occur. Public ledgers not only curb corruption, but also enable very sophisticated applications ---such as cryptocurrencies and smart contracts. They stand to revolutionize the way a democratic society operates. As currently implemented, however, they scale poorly and cannot achieve their potential. Algorand is a truly democratic and efficient way to implement a public ledger. Unlike prior implementations based on proof of work, it requires a negligible amount of computation, and generates a transaction history that will not "fork" with overwhelmingly high probability. Algorand is based on (a novel and super fast) message-passing Byzantine agreement. For concreteness, we shall describe Algorand only as a money platform.},
	number = {{arXiv}:1607.01341},
	publisher = {{arXiv}},
	author = {Chen, Jing and Micali, Silvio},
	urldate = {2023-06-06},
	date = {2017-05-26},
	eprinttype = {arxiv},
	eprint = {1607.01341 [cs]},
	keywords = {Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing},
	file = {arXiv Fulltext PDF:/home/denis/Zotero/storage/SE5BD2TM/Chen and Micali - 2017 - Algorand.pdf:application/pdf;arXiv.org Snapshot:/home/denis/Zotero/storage/YPGVVHWC/1607.html:text/html},
}

@online{noauthor_abi_nodate-1,
	title = {{ABI} Support — {PyTeal} documentation},
	url = {https://pyteal.readthedocs.io/en/stable/abi.html?highlight=parameters},
	urldate = {2023-06-13},
	file = {ABI Support — PyTeal documentation:/home/denis/Zotero/storage/PVKMP5M7/abi.html:text/html},
}

@inproceedings{groce_echidna-parade_2021,
	location = {Virtual Denmark},
	title = {echidna-parade: a tool for diverse multicore smart contract fuzzing},
	isbn = {978-1-4503-8459-9},
	url = {https://dl.acm.org/doi/10.1145/3460319.3469076},
	doi = {10.1145/3460319.3469076},
	shorttitle = {echidna-parade},
	abstract = {Echidna is a widely used fuzzer for Ethereum Virtual Machine ({EVM}) compatible blockchain smart contracts that generates transaction sequences of calls to smart contracts. While Echidna is an essentially single-threaded tool, it is possible for multiple Echidna processes to communicate by use of a shared transaction sequence corpus. Echidna provides a very large variety of configuration options, since each smart contract may be best-tested by a non-default configuration, and different faults or coverage targets within a single contract may also have differing ideal configurations. This paper presents echidna-parade, a tool that provides pushbutton multicore fuzzing using Echidna as an underlying fuzzing engine, and automatically provides sophisticated diversification of configurations. Even without using multiple cores, echidna-parade can improve the effectiveness of fuzzing with Echidna, due to the advantages provided by multiple types of test configuration diversity. Using echidna-parade with multiple cores can produce significantly better results than Echidna, in less time.},
	eventtitle = {{ISSTA} '21: 30th {ACM} {SIGSOFT} International Symposium on Software Testing and Analysis},
	pages = {658--661},
	booktitle = {Proceedings of the 30th {ACM} {SIGSOFT} International Symposium on Software Testing and Analysis},
	publisher = {{ACM}},
	author = {Groce, Alex and Grieco, Gustavo},
	urldate = {2023-06-29},
	date = {2021-07-11},
	langid = {english},
	file = {Groce and Grieco - 2021 - echidna-parade a tool for diverse multicore smart.pdf:/home/denis/Zotero/storage/TFK2Y5AV/Groce and Grieco - 2021 - echidna-parade a tool for diverse multicore smart.pdf:application/pdf},
}

@article{gao_checking_2021,
	title = {Checking Smart Contracts with Structural Code Embedding},
	volume = {47},
	issn = {0098-5589, 1939-3520, 2326-3881},
	url = {http://arxiv.org/abs/2001.07125},
	doi = {10.1109/TSE.2020.2971482},
	abstract = {Smart contracts have been increasingly used together with blockchains to automate financial and business transactions. However, many bugs and vulnerabilities have been identified in many contracts which raises serious concerns about smart contract security, not to mention that the blockchain systems on which the smart contracts are built can be buggy. Thus, there is a significant need to better maintain smart contract code and ensure its high reliability. In this paper, we propose an automated approach to learn characteristics of smart contracts in Solidity, which is useful for clone detection, bug detection and contract validation on smart contracts. Our new approach is based on word embeddings and vector space comparison. We parse smart contract code into word streams with code structural information, convert code elements (e.g., statements, functions) into numerical vectors that are supposed to encode the code syntax and semantics, and compare the similarities among the vectors encoding code and known bugs, to identify potential issues. We have implemented the approach in a prototype, named {SmartEmbed}. Results show that our tool can effectively identify many repetitive instances of Solidity code, where the clone ratio is around 90{\textbackslash}\%. Code clones such as type-{III} or even type-{IV} semantic clones can also be detected accurately. Our tool can identify more than 1000 clone related bugs based on our bug databases efficiently and accurately. Our tool can also help to efficiently validate any given smart contract against a known set of bugs, which can help to improve the users' confidence in the reliability of the contract. The anonymous replication packages can be accessed at: https://drive.google.com/file/d/1kauLT3y2IiHPkUlVx4FSTda-{dVAyL}4za/view?usp=sharing, and evaluated it with more than 22,000 smart contracts collected from the Ethereum blockchain.},
	pages = {2874--2891},
	number = {12},
	journaltitle = {{IEEE} Transactions on Software Engineering},
	shortjournal = {{IIEEE} Trans. Software Eng.},
	author = {Gao, Zhipeng and Jiang, Lingxiao and Xia, Xin and Lo, David and Grundy, John},
	urldate = {2023-07-12},
	date = {2021-12-01},
	eprinttype = {arxiv},
	eprint = {2001.07125 [cs]},
	keywords = {Computer Science - Software Engineering},
	file = {arXiv.org Snapshot:/home/denis/Zotero/storage/GPDAIPNU/2001.html:text/html;Full Text PDF:/home/denis/Zotero/storage/AYD37VVB/Gao et al. - 2021 - Checking Smart Contracts with Structural Code Embe.pdf:application/pdf},
}

@online{noauthor_algorand_nodate,
	title = {Algorand ({ALGO}) On-Chain Analytics \& Charts},
	url = {https://app.intotheblock.com/coin/ALGO/deep-dive?group=financials&chart=avgTrxSize},
	urldate = {2023-07-15},
	file = {Algorand (ALGO) On-Chain Analytics & Charts:/home/denis/Zotero/storage/IHPD9CP6/deep-dive.html:text/html},
}

@article{nakamoto_bitcoin_2008,
	title = {Bitcoin: A Peer-to-Peer Electronic Cash System},
	abstract = {A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of {CPU} power. As long as a majority of {CPU} power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.},
	author = {Nakamoto, Satoshi},
	date = {2008},
	langid = {english},
	file = {Nakamoto - Bitcoin A Peer-to-Peer Electronic Cash System.pdf:/home/denis/Zotero/storage/F2ZEN5XU/Nakamoto - Bitcoin A Peer-to-Peer Electronic Cash System.pdf:application/pdf},
}

@inproceedings{szabo_smart_1996,
	title = {Smart Contracts: Building Blocks for Digital Markets},
	url = {https://www.semanticscholar.org/paper/Smart-Contracts%3A-Building-Blocks-for-Digital-Szabo/9b6cd3fe0bf5455dd44ea31422d015b003b5568f},
	shorttitle = {Smart Contracts},
	abstract = {The contract, a set of promises agreed to in a "meeting of the minds", is the traditional way to formalize a relationship. While contracts are primarily used in business relationships (the focus of this article), they can also involve personal relationships such as marraiges. Contracts are also important in politics, not only because of "social contract" theories but also because contract enforcement has traditionally been considered a basic function of capitalist governments.},
	author = {Szabo, Nick},
	urldate = {2023-07-25},
	date = {1996},
	file = {Full Text PDF:/home/denis/Zotero/storage/HID8QZ9B/Szabo - 2018 - Smart Contracts Building Blocks for Digital Marke.pdf:application/pdf},
}

@article{buterin_ethereum_2014,
	title = {Ethereum: A Next-Generation Smart Contract and Decentralized Application Platform.},
	author = {Buterin, Vitalik},
	date = {2014},
	langid = {english},
	file = {Buterin - Ethereum A Next-Generation Smart Contract and Dec.pdf:/home/denis/Zotero/storage/9I7NMY87/Buterin - Ethereum A Next-Generation Smart Contract and Dec.pdf:application/pdf},
}

@article{chen_algorand_2019,
	title = {Algorand: A secure and efficient distributed ledger},
	volume = {777},
	issn = {0304-3975},
	url = {https://www.sciencedirect.com/science/article/pii/S030439751930091X},
	doi = {10.1016/j.tcs.2019.02.001},
	series = {In memory of Maurice Nivat, a founding father of Theoretical Computer Science - Part I},
	shorttitle = {Algorand},
	abstract = {A distributed ledger is a tamperproof sequence of data that can be publicly accessed and augmented by everyone, without being maintained by a centralized party. Distributed ledgers stand to revolutionize the way a modern society operates. They can secure all kinds of traditional transactions, such as payments, asset transfers and titles, in the exact order in which the transactions occur; and enable totally new transactions, such as cryptocurrencies and smart contracts. They can remove intermediaries and usher in a new paradigm for trust. As currently implemented, however, distributed ledgers scale poorly and cannot achieve their enormous potential. In this paper we propose Algorand, an alternative, secure and efficient distributed ledger. Algorand is permissionless and works in a highly asynchronous environment. Unlike prior implementations of distributed ledgers based on “proof of work,” Algorand dispenses with “miners” and requires only a negligible amount of computation. Moreover, its transaction history “forks” only with negligible probability: that is, Algorand guarantees the finality of a transaction the moment the transaction enters the ledger.},
	pages = {155--183},
	journaltitle = {Theoretical Computer Science},
	shortjournal = {Theoretical Computer Science},
	author = {Chen, Jing and Micali, Silvio},
	urldate = {2023-08-01},
	date = {2019-07-19},
	langid = {english},
	keywords = {Blockchain, Byzantine agreement, Cryptographic self-selection, Distributed computation, Permissionless system, Public ledger},
	file = {ScienceDirect Full Text PDF:/home/denis/Zotero/storage/VI9ASZNN/Chen and Micali - 2019 - Algorand A secure and efficient distributed ledge.pdf:application/pdf;ScienceDirect Snapshot:/home/denis/Zotero/storage/TLYKUT95/S030439751930091X.html:text/html},
}

@online{noauthor_algorand_nodate-1,
	title = {Algorand - Building Secure Contracts},
	url = {https://secure-contracts.com/not-so-smart-contracts/algorand/index.html},
	urldate = {2023-08-01},
	file = {Algorand - Building Secure Contracts:/home/denis/Zotero/storage/NXGS6YAF/index.html:text/html},
}

@inproceedings{shakya_preliminary_2020,
	location = {New York, {NY}, {USA}},
	title = {A preliminary taxonomy of techniques used in software fuzzing},
	isbn = {978-1-4503-7561-0},
	url = {https://dl.acm.org/doi/10.1145/3384217.3384219},
	doi = {10.1145/3384217.3384219},
	series = {{HotSoS} '20},
	abstract = {Software fuzzing is a testing technique, which generates erroneous and random input to a software so that the software of interest can be monitored for exceptions such as crashes [1]. Both in the open source software ({OSS}) and proprietary domain, fuzzing has been widely used to explore software vulnerabilities. For example, information technology ({IT}) organizations such as Google1 and Microsoft2 use software fuzzing as part of the software development process. As of Jan 2019, {GitHub} hosts 2,915 {OSS} repositories related to fuzzing3.},
	pages = {1--2},
	booktitle = {Proceedings of the 7th Symposium on Hot Topics in the Science of Security},
	publisher = {Association for Computing Machinery},
	author = {Shakya, Raunak and Rahman, Akond},
	urldate = {2023-08-07},
	date = {2020-09-21},
	keywords = {fuzzing, scoping review, software security, taxonomy},
	file = {Full Text PDF:/home/denis/Zotero/storage/JIVDTIQZ/Shakya and Rahman - 2020 - A preliminary taxonomy of techniques used in softw.pdf:application/pdf},
}

@online{noauthor_algorandfaqreadmemd_nodate,
	title = {{AlgorandFAQ}/{README}.md at main · {HashMapsData}2Value/{AlgorandFAQ}},
	url = {https://github.com/HashMapsData2Value/AlgorandFAQ/blob/main/README.md},
	abstract = {{FAQ} for the /r/{algorandOfficial} and /r/algorand . Contribute to {HashMapsData}2Value/{AlgorandFAQ} development by creating an account on {GitHub}.},
	titleaddon = {{GitHub}},
	urldate = {2023-08-15},
	langid = {english},
	keywords = {front-running},
	file = {Snapshot:/home/denis/Zotero/storage/TU8XVPE2/README.html:text/html},
}

@online{noauthor_algorand_nodate-2,
	title = {Algorand ({ALGO}) On-Chain Analytics \& Charts},
	url = {https://app.intotheblock.com/coin/ALGO/deep-dive?group=financials&chart=avgTrxSize},
	urldate = {2023-08-15},
	file = {Algorand (ALGO) On-Chain Analytics & Charts:/home/denis/Zotero/storage/K35WAZF7/deep-dive.html:text/html},
}

@online{noauthor_testing_nodate,
	title = {Testing smart contracts},
	url = {https://ethereum.org},
	abstract = {An overview of techniques and considerations for testing Ethereum smart contracts.},
	titleaddon = {ethereum.org},
	urldate = {2023-08-19},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/VJKV68WJ/testing.html:text/html},
}

@article{li_fuzzing_2018,
	title = {Fuzzing: a survey},
	volume = {1},
	issn = {2523-3246},
	url = {https://doi.org/10.1186/s42400-018-0002-y},
	doi = {10.1186/s42400-018-0002-y},
	shorttitle = {Fuzzing},
	abstract = {Security vulnerability is one of the root causes of cyber-security threats. To discover vulnerabilities and fix them in advance, researchers have proposed several techniques, among which fuzzing is the most widely used one. In recent years, fuzzing solutions, like {AFL}, have made great improvements in vulnerability discovery. This paper presents a summary of the recent advances, analyzes how they improve the fuzzing process, and sheds light on future work in fuzzing. Firstly, we discuss the reason why fuzzing is popular, by comparing different commonly used vulnerability discovery techniques. Then we present an overview of fuzzing solutions, and discuss in detail one of the most popular type of fuzzing, i.e., coverage-based fuzzing. Then we present other techniques that could make fuzzing process smarter and more efficient. Finally, we show some applications of fuzzing, and discuss new trends of fuzzing and potential future directions.},
	pages = {6},
	number = {1},
	journaltitle = {Cybersecurity},
	shortjournal = {Cybersecurity},
	author = {Li, Jun and Zhao, Bodong and Zhang, Chao},
	urldate = {2023-08-19},
	date = {2018-06-05},
	keywords = {Fuzzing, Coverage-based fuzzing, Software security, Vulnerability discovery},
	file = {Full Text PDF:/home/denis/Zotero/storage/J974NXU6/Li et al. - 2018 - Fuzzing a survey.pdf:application/pdf;Snapshot:/home/denis/Zotero/storage/ULUBMBHH/s42400-018-0002-y.html:text/html},
}

@article{zhu_fuzzing_2022,
	title = {Fuzzing: A Survey for Roadmap},
	volume = {54},
	issn = {0360-0300},
	url = {https://dl.acm.org/doi/10.1145/3512345},
	doi = {10.1145/3512345},
	shorttitle = {Fuzzing},
	abstract = {Fuzz testing (fuzzing) has witnessed its prosperity in detecting security flaws recently. It generates a large number of test cases and monitors the executions for defects. Fuzzing has detected thousands of bugs and vulnerabilities in various applications. Although effective, there lacks systematic analysis of gaps faced by fuzzing. As a technique of defect detection, fuzzing is required to narrow down the gaps between the entire input space and the defect space. Without limitation on the generated inputs, the input space is infinite. However, defects are sparse in an application, which indicates that the defect space is much smaller than the entire input space. Besides, because fuzzing generates numerous test cases to repeatedly examine targets, it requires fuzzing to perform in an automatic manner. Due to the complexity of applications and defects, it is challenging to automatize the execution of diverse applications. In this article, we systematically review and analyze the gaps as well as their solutions, considering both breadth and depth. This survey can be a roadmap for both beginners and advanced developers to better understand fuzzing.},
	pages = {230:1--230:36},
	number = {11},
	journaltitle = {{ACM} Computing Surveys},
	shortjournal = {{ACM} Comput. Surv.},
	author = {Zhu, Xiaogang and Wen, Sheng and Camtepe, Seyit and Xiang, Yang},
	urldate = {2023-08-19},
	date = {2022-09-09},
	keywords = {security, automation, Fuzz testing, fuzzing theory, input space},
	file = {Full Text PDF:/home/denis/Zotero/storage/8LIPTHJT/Zhu et al. - 2022 - Fuzzing A Survey for Roadmap.pdf:application/pdf},
}

@online{noauthor_global_nodate,
	title = {Global spending on blockchain solutions 2024},
	url = {https://www.statista.com/statistics/800426/worldwide-blockchain-solutions-spending/},
	abstract = {In 2021, global spending on blockchain solutions is projected to reach 6.6 billion dollars.},
	titleaddon = {Statista},
	urldate = {2023-08-20},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/7XIYY3DG/worldwide-blockchain-solutions-spending.html:text/html},
}

@article{zou_smart_2021,
	title = {Smart Contract Development: Challenges and Opportunities},
	volume = {47},
	issn = {1939-3520},
	doi = {10.1109/TSE.2019.2942301},
	shorttitle = {Smart Contract Development},
	abstract = {Smart contract, a term which was originally coined to refer to the automation of legal contracts in general, has recently seen much interest due to the advent of blockchain technology. Recently, the term is popularly used to refer to low-level code scripts running on a blockchain platform. Our study focuses exclusively on this subset of smart contracts. Such smart contracts have increasingly been gaining ground, finding numerous important applications (e.g., crowdfunding) in the real world. Despite the increasing popularity, smart contract development still remains somewhat a mystery to many developers largely due to its special design and applications. Are there any differences between smart contract development and traditional software development? What kind of challenges are faced by developers during smart contract development? Questions like these are important but have not been explored by researchers yet. In this paper, we performed an exploratory study to understand the current state and potential challenges developers are facing in developing smart contracts on blockchains, with a focus on Ethereum (the most popular public blockchain platform for smart contracts). Toward this end, we conducted this study in two phases. In the first phase, we conducted semi-structured interviews with 20 developers from {GitHub} and industry professionals who are working on smart contracts. In the second phase, we performed a survey on 232 practitioners to validate the findings from the interviews. Our interview and survey results revealed several major challenges developers are facing during smart contract development: (1) there is no effective way to guarantee the security of smart contract code; (2) existing tools for development are still very basic; (3) the programming languages and the virtual machines still have a number of limitations; (4) performance problems are hard to handle under resource constrained running environment; and (5) online resources (including advanced/updated documents and community support) are still limited. Our study suggests several directions that researchers and practitioners can work on to help improve developers’ experience on developing high-quality smart contracts.},
	pages = {2084--2106},
	number = {10},
	journaltitle = {{IEEE} Transactions on Software Engineering},
	author = {Zou, Weiqin and Lo, David and Kochhar, Pavneet Singh and Le, Xuan-Bach Dinh and Xia, Xin and Feng, Yang and Chen, Zhenyu and Xu, Baowen},
	date = {2021-10},
	note = {Conference Name: {IEEE} Transactions on Software Engineering},
	keywords = {Smart contracts, Smart contract, Software, Blockchain, blockchain, challenges, empirical study, Interviews, Law},
	file = {IEEE Xplore Abstract Record:/home/denis/Zotero/storage/X2T532K6/8847638.html:text/html},
}

@online{noauthor_funds_nodate,
	title = {Funds Lost Through Smart Contract Hacks in 2022 Stand at \$2.7B, Representing a 1250\% Jump Since 2020},
	url = {https://www.banklesstimes.com/news/2022/12/08/funds-lost-through-smart-contract-hacks-in-2022-stand-at-dollar27b-representing-a-1250percent-jump-since-2020/},
	abstract = {Smart contracts are taking the business world by storm. They are digital contracts stored on a blockchain, allowing businesses to quickly and securely manage their transactions. However, smart contracts have their risks too.},
	titleaddon = {Bankless Times},
	urldate = {2023-08-20},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/EB9CEH2F/funds-lost-through-smart-contract-hacks-in-2022-stand-at-dollar27b-representing-a-1250percent-j.html:text/html},
}

@online{noauthor_smart_nodate,
	title = {Smart contract security {\textbar} ethereum.org},
	url = {https://ethereum.org/en/developers/docs/smart-contracts/security/},
	urldate = {2023-08-20},
}

@misc{manes_art_2019,
	title = {The Art, Science, and Engineering of Fuzzing: A Survey},
	url = {http://arxiv.org/abs/1812.00140},
	doi = {10.48550/arXiv.1812.00140},
	shorttitle = {The Art, Science, and Engineering of Fuzzing},
	abstract = {Among the many software vulnerability discovery techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering real-world software vulnerabilities. At a high level, fuzzing refers to a process of repeatedly running a program with generated inputs that may be syntactically or semantically malformed. While researchers and practitioners alike have invested a large and diverse effort towards improving fuzzing in recent years, this surge of work has also made it difficult to gain a comprehensive and coherent view of fuzzing. To help preserve and bring coherence to the vast literature of fuzzing, this paper presents a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature. We methodically explore the design decisions at every stage of our model fuzzer by surveying the related literature and innovations in the art, science, and engineering that make modern-day fuzzers effective.},
	number = {{arXiv}:1812.00140},
	publisher = {{arXiv}},
	author = {Manes, Valentin J. M. and Han, {HyungSeok} and Han, Choongwoo and Cha, Sang Kil and Egele, Manuel and Schwartz, Edward J. and Woo, Maverick},
	urldate = {2023-08-20},
	date = {2019-04-07},
	eprinttype = {arxiv},
	eprint = {1812.00140 [cs]},
	keywords = {Computer Science - Cryptography and Security, Computer Science - Software Engineering},
	file = {arXiv Fulltext PDF:/home/denis/Zotero/storage/DKL9GA3N/Manes et al. - 2019 - The Art, Science, and Engineering of Fuzzing A Su.pdf:application/pdf;arXiv.org Snapshot:/home/denis/Zotero/storage/ZE8MWVLD/1812.html:text/html},
}

@online{noauthor_echidna_nodate,
	title = {Echidna Trophies - The following security vulnerabilities were found by Echidna.},
	url = {https://github.com/crytic/echidna#trophies},
	urldate = {2023-08-20},
}

@online{crytic_building-secure-contractsnot-so-smart-contractsalgorand_nodate,
	title = {building-secure-contracts/not-so-smart-contracts/algorand at master · crytic/building-secure-contracts},
	url = {https://github.com/crytic/building-secure-contracts/tree/master/not-so-smart-contracts/algorand},
	abstract = {Guidelines and training material to write secure smart contracts - crytic/building-secure-contracts},
	titleaddon = {{GitHub}},
	author = {{Crytic}},
	urldate = {2023-08-23},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/LEYY7IQ5/algorand.html:text/html},
}

@article{ivanov_security_2023,
	title = {Security Threat Mitigation for Smart Contracts: A Comprehensive Survey},
	volume = {55},
	issn = {0360-0300},
	url = {https://dl.acm.org/doi/10.1145/3593293},
	doi = {10.1145/3593293},
	shorttitle = {Security Threat Mitigation for Smart Contracts},
	abstract = {The blockchain technology, initially created for cryptocurrency, has been re-purposed for recording state transitions of smart contracts—decentralized applications that can be invoked through external transactions. Smart contracts gained popularity and accrued hundreds of billions of dollars in market capitalization in recent years. Unfortunately, like all other computer programs, smart contracts are prone to security vulnerabilities that have incurred multibillion-dollar damages over the past decade. As a result, many automated threat mitigation solutions have been proposed to counter the security issues of smart contracts. These threat mitigation solutions include various tools and methods that are challenging to compare. This survey develops a comprehensive classification taxonomy of smart contract threat mitigation solutions within five orthogonal dimensions: defense modality, core method, targeted contracts, input-output data mapping, and threat model. We classify 133 existing threat mitigation solutions using our taxonomy and confirm that the proposed five dimensions allow us to concisely and accurately describe any smart contract threat mitigation solution. In addition to learning what the threat mitigation solutions do, we also show how these solutions work by synthesizing their actual designs into a set of uniform workflows corresponding to the eight existing defense core methods. We further create an integrated coverage map for the known smart contract vulnerabilities by the existing threat mitigation solutions. Finally, we perform the evidence-based evolutionary analysis, in which we identify trends and future perspectives of threat mitigation in smart contracts and pinpoint major weaknesses of the existing methodologies. For the convenience of smart contract security developers, auditors, users, and researchers, we deploy and maintain a regularly updated comprehensive open-source online registry of threat mitigation solutions, called Security Threat Mitigation ({STM}) Registry at https://seit.egr.msu.edu/research/stmregistry/.},
	pages = {326:1--326:37},
	number = {14},
	journaltitle = {{ACM} Computing Surveys},
	shortjournal = {{ACM} Comput. Surv.},
	author = {Ivanov, Nikolay and Li, Chenning and Yan, Qiben and Sun, Zhiyuan and Cao, Zhichao and Luo, Xiapu},
	urldate = {2023-08-23},
	date = {2023-07-17},
	keywords = {Smart contracts, security, blockchain},
	file = {Full Text PDF:/home/denis/Zotero/storage/2WUZW6KK/Ivanov et al. - 2023 - Security Threat Mitigation for Smart Contracts A .pdf:application/pdf},
}

@inproceedings{sun_panda_2023,
	title = {Panda: Security Analysis of Algorand Smart Contracts},
	isbn = {978-1-939133-37-3},
	url = {https://www.usenix.org/conference/usenixsecurity23/presentation/sun},
	shorttitle = {Panda},
	eventtitle = {32nd {USENIX} Security Symposium ({USENIX} Security 23)},
	pages = {1811--1828},
	author = {Sun, Zhiyuan and Luo, Xiapu and Zhang, Yinqian},
	urldate = {2023-08-23},
	date = {2023},
	langid = {english},
	file = {Full Text PDF:/home/denis/Zotero/storage/582JIJEA/Sun et al. - 2023 - Panda Security Analysis of Algorand Smart Contrac.pdf:application/pdf},
}

@misc{zhou_antfuzzer_2022,
	title = {{AntFuzzer}: A Grey-Box Fuzzing Framework for {EOSIO} Smart Contracts},
	url = {http://arxiv.org/abs/2211.02652},
	doi = {10.48550/arXiv.2211.02652},
	shorttitle = {{AntFuzzer}},
	abstract = {In the past few years, several attacks against the vulnerabilities of {EOSIO} smart contracts have caused severe financial losses to this prevalent blockchain platform. As a lightweight test-generation approach, grey-box fuzzing can open up the possibility of improving the security of {EOSIO} smart contracts. However, developing a practical grey-box fuzzer for {EOSIO} smart contracts from scratch is time-consuming and requires a deep understanding of {EOSIO} internals. In this work, we proposed {AntFuzzer}, the first highly extensible grey-box fuzzing framework for {EOSIO} smart contracts. {AntFuzzer} implements a novel approach that interfaces {AFL} to conduct {AFL}-style grey-box fuzzing on {EOSIO} smart contracts. Compared to black-box fuzzing tools, {AntFuzzer} can effectively trigger those hard-to-cover branches. It achieved an improvement in code coverage on 37.5\% of smart contracts in our benchmark dataset. {AntFuzzer} provides unified interfaces for users to easily develop new detection plugins for continually emerging vulnerabilities. We have implemented 6 detection plugins on {AntFuzzer} to detect major vulnerabilities of {EOSIO} smart contracts. In our large-scale fuzzing experiments on 4,616 real-world smart contracts, {AntFuzzer} successfully detected 741 vulnerabilities. The results demonstrate the effectiveness and efficiency of {AntFuzzer} and our detection pl},
	number = {{arXiv}:2211.02652},
	publisher = {{arXiv}},
	author = {Zhou, Jianfei and Jiang, Tianxing and Song, Shuwei and Chen, Ting},
	urldate = {2023-08-29},
	date = {2022-11-02},
	eprinttype = {arxiv},
	eprint = {2211.02652 [cs]},
	keywords = {Computer Science - Cryptography and Security},
	file = {arXiv Fulltext PDF:/home/denis/Zotero/storage/NNFCM3YY/Zhou et al. - 2022 - AntFuzzer A Grey-Box Fuzzing Framework for EOSIO .pdf:application/pdf;arXiv.org Snapshot:/home/denis/Zotero/storage/VS2W8FAE/2211.html:text/html},
}

@misc{wu_empirical_2019,
	title = {An Empirical Study of Blockchain-based Decentralized Applications},
	url = {http://arxiv.org/abs/1902.04969},
	doi = {10.48550/arXiv.1902.04969},
	abstract = {A decentralized application (dapp for short) refers to an application that is executed by multiple users over a decentralized network. In recent years, the number of dapp keeps fast growing, mainly due to the popularity of blockchain technology. Despite the increasing importance of dapps as a typical application type that is assumed to promote the adoption of blockchain, little is known on what, how, and how well dapps are used in practice. In addition, the insightful knowledge of whether and how a traditional application can be transformed to a dapp is yet missing. To bridge the knowledge gap, this paper presents a comprehensive empirical study on an extensive dataset of 734 dapps that are collected from three popular open dapp marketplaces, i.e., ethereum, state of the dapp, and {DAppRadar}. We analyze the popularity of dapps, and summarize the patterns of how smart contracts are organized in a dapp. Based on the findings, we draw some implications to help dapp developers and users better understand and deploy dapps.},
	number = {{arXiv}:1902.04969},
	publisher = {{arXiv}},
	author = {Wu, Kaidong},
	urldate = {2023-08-30},
	date = {2019-02-13},
	eprinttype = {arxiv},
	eprint = {1902.04969 [cs]},
	keywords = {Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing},
	file = {arXiv Fulltext PDF:/home/denis/Zotero/storage/GFSX35FB/Wu - 2019 - An Empirical Study of Blockchain-based Decentraliz.pdf:application/pdf;arXiv.org Snapshot:/home/denis/Zotero/storage/AKXEXDM4/1902.html:text/html},
}

@article{he_smart_2020,
	title = {Smart Contract Vulnerability Analysis and Security Audit},
	volume = {34},
	issn = {1558-156X},
	doi = {10.1109/MNET.001.1900656},
	abstract = {Ethereum started the blockchain-based smart contract technology that due to its scalability more and more decentralized applications are now based on. On the downside this has led to the exposure of more and more security issues and challenges, which has gained widespread attention in terms of research in the field of Ethereum smart contract vulnerabilities in both academia and industry. This article presents a survey of the Ethereum smart contract's various vulnerabilities and the corresponding defense mechanisms that have been applied to combat them. In particular, we focus on the random number vulnerability in the Fomo3d-like game contracts, as well as that attack and defense methods applied. Finally, we summarize the existing Ethereum smart contract security audit methods and compare several mainstream audit tools from various perspectives.},
	pages = {276--282},
	number = {5},
	journaltitle = {{IEEE} Network},
	author = {He, Daojing and Deng, Zhi and Zhang, Yuxing and Chan, Sammy and Cheng, Yao and Guizani, Nadra},
	date = {2020-09},
	note = {Conference Name: {IEEE} Network},
	keywords = {Bitcoin, Computer hacking, Contracts, Games, Scalability},
	file = {IEEE Xplore Abstract Record:/home/denis/Zotero/storage/EN5RTF6C/9143290.html:text/html;IEEE Xplore Full Text PDF:/home/denis/Zotero/storage/FXPZHHGX/He et al. - 2020 - Smart Contract Vulnerability Analysis and Security.pdf:application/pdf},
}

@online{pcaversaccio_chronological_nodate,
	title = {A chronological and (hopefully) complete list of reentrancy attacks to date.},
	url = {https://github.com/pcaversaccio/reentrancy-attacks},
	shorttitle = {pcaversaccio/reentrancy-attacks},
	abstract = {A chronological and (hopefully) complete list of reentrancy attacks to date. - pcaversaccio/reentrancy-attacks: A chronological and (hopefully) complete list of reentrancy attacks to date.},
	titleaddon = {{GitHub}},
	author = {{pcaversaccio}},
	urldate = {2023-08-30},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/3FXA6SWR/reentrancy-attacks.html:text/html},
}

@online{noauthor_algorand_nodate-3,
	title = {Algorand ({ALGO}) Blockchain Explorer},
	url = {https://algoexplorer.io/},
	urldate = {2023-08-30},
	file = {Algorand (ALGO) Blockchain Explorer:/home/denis/Zotero/storage/4NA7K8N2/algoexplorer.io.html:text/html},
}

@online{noauthor_atomic_nodate,
	title = {Atomic transfers - Algorand Developer Portal},
	url = {https://developer.algorand.org/docs/get-details/atomic_transfers/},
	abstract = {Algorand Developer Docs, {SDKs}, {REST} {APIs}, {CLI} tools, ecosystem projects, metrics dashboard and sample code, how-tos, and news from the Algorand developer community},
	urldate = {2023-08-30},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/7L5GZB66/atomic_transfers.html:text/html},
}

@online{noauthor_algorand_nodate-4,
	title = {Algorand Standard Assets ({ASAs}) - Algorand Developer Portal},
	url = {https://developer.algorand.org/docs/get-details/asa/},
	abstract = {Algorand Developer Docs, {SDKs}, {REST} {APIs}, {CLI} tools, ecosystem projects, metrics dashboard and sample code, how-tos, and news from the Algorand developer community},
	urldate = {2023-08-30},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/9AAU3BKL/asa.html:text/html},
}

@online{noauthor_introduction_nodate,
	title = {Introduction - Algorand Developer Portal},
	url = {https://developer.algorand.org/docs/get-details/dapps/smart-contracts/},
	abstract = {Algorand Developer Docs, {SDKs}, {REST} {APIs}, {CLI} tools, ecosystem projects, metrics dashboard and sample code, how-tos, and news from the Algorand developer community},
	urldate = {2023-08-30},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/PN95Z4RX/smart-contracts.html:text/html},
}

@online{noauthor_contract_nodate,
	title = {Contract storage - Algorand Developer Portal},
	url = {https://developer.algorand.org/docs/get-details/dapps/smart-contracts/apps/state/},
	abstract = {Algorand Developer Docs, {SDKs}, {REST} {APIs}, {CLI} tools, ecosystem projects, metrics dashboard and sample code, how-tos, and news from the Algorand developer community},
	urldate = {2023-08-30},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/ZHSWC7GB/state.html:text/html},
}

@online{noauthor_overview_nodate,
	title = {Overview - Algorand Developer Portal},
	url = {https://developer.algorand.org/docs/get-details/dapps/smart-contracts/apps/},
	abstract = {Algorand Developer Docs, {SDKs}, {REST} {APIs}, {CLI} tools, ecosystem projects, metrics dashboard and sample code, how-tos, and news from the Algorand developer community},
	urldate = {2023-08-30},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/Q577PY7B/apps.html:text/html},
}

@online{noauthor_arcsarcsarc-0004md_nodate,
	title = {{ARCs}/{ARCs}/arc-0004.md at main · algorandfoundation/{ARCs}},
	url = {https://github.com/algorandfoundation/ARCs/blob/main/ARCs/arc-0004.md},
	abstract = {Algorand Requests for Comments. Contribute to algorandfoundation/{ARCs} development by creating an account on {GitHub}.},
	titleaddon = {{GitHub}},
	urldate = {2023-08-30},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/S6QUW3WU/arc-0004.html:text/html},
}

@online{faife_wormhole_2022,
	title = {Wormhole cryptocurrency platform hacked for \$325 million after error on {GitHub}},
	url = {https://www.theverge.com/2022/2/3/22916111/wormhole-hack-github-error-325-million-theft-ethereum-solana},
	abstract = {The hacker likely found details of a security flaw in open-source code.},
	titleaddon = {The Verge},
	author = {Faife, Corin},
	urldate = {2023-08-30},
	date = {2022-02-03},
	langid = {american},
	file = {Snapshot:/home/denis/Zotero/storage/MVV722IP/wormhole-hack-github-error-325-million-theft-ethereum-solana.html:text/html},
}

@online{noauthor_crytictealer_nodate,
	title = {crytic/tealer: Static Analyzer for Teal},
	url = {https://github.com/crytic/tealer},
	shorttitle = {crytic/tealer},
	abstract = {Static Analyzer for Teal. Contribute to crytic/tealer development by creating an account on {GitHub}.},
	titleaddon = {{GitHub}},
	urldate = {2023-08-30},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/MCNYGFSD/tealer.html:text/html},
}

@online{noauthor_algo_nodate,
	title = {Algo Builder},
	url = {https://algobuilder.dev/},
	urldate = {2023-08-30},
	file = {Algo Builder:/home/denis/Zotero/storage/NYAXPEUK/algobuilder.dev.html:text/html},
}

@misc{klooster_effectiveness_2022,
	title = {Effectiveness and Scalability of Fuzzing Techniques in {CI}/{CD} Pipelines},
	url = {http://arxiv.org/abs/2205.14964},
	doi = {10.48550/arXiv.2205.14964},
	abstract = {Fuzzing has proven to be a fundamental technique to automated software testing but also a costly one. With the increased adoption of {CI}/{CD} practices in software development, a natural question to ask is `What are the best ways to integrate fuzzing into {CI}/{CD} pipelines considering the velocity in code changes and the automated delivery/deployment practices?'. Indeed, a recent study by B{\textbackslash}"ohme and Zhu shows that four in every five bugs have been introduced by recent code changes (i.e. regressions). In this paper, we take a close look at the integration of fuzzers to {CI}/{CD} pipelines from both automated software testing and continuous development angles. Firstly, we study an optimization opportunity to triage commits that do not require fuzzing and find, through experimental analysis, that the average fuzzing effort in {CI}/{CD} can be reduced by {\textasciitilde}63\% in three of the nine libraries we analyzed ({\textgreater}40\% for six libraries). Secondly, we investigate the impact of fuzzing campaign duration on the {CI}/{CD} process: A shorter fuzzing campaign such as 15 minutes (as opposed to the wisdom of 24 hours in the field) facilitates a faster pipeline and can still uncover important bugs, but may also reduce its capability to detect sophisticated bugs. Lastly, we discuss a prioritization strategy that automatically assigns resources to fuzzing campaigns based on a set of predefined priority strategies. Our findings suggest that continuous fuzzing (as part of the automated testing in {CI}/{CD}) is indeed beneficial and there are many optimization opportunities to improve the effectiveness and scalability of fuzz testing.},
	number = {{arXiv}:2205.14964},
	publisher = {{arXiv}},
	author = {Klooster, Thijs and Turkmen, Fatih and Broenink, Gerben and Hove, Ruben ten and Böhme, Marcel},
	urldate = {2023-09-02},
	date = {2022-06-07},
	eprinttype = {arxiv},
	eprint = {2205.14964 [cs]},
	keywords = {Computer Science - Cryptography and Security, Computer Science - Software Engineering},
	file = {arXiv Fulltext PDF:/home/denis/Zotero/storage/LPKCT6MD/Klooster et al. - 2022 - Effectiveness and Scalability of Fuzzing Technique.pdf:application/pdf;arXiv.org Snapshot:/home/denis/Zotero/storage/I94B263A/2205.html:text/html},
}

@inproceedings{kochhar_code_2015,
	title = {Code coverage and test suite effectiveness: Empirical study with real bugs in large systems},
	doi = {10.1109/SANER.2015.7081877},
	shorttitle = {Code coverage and test suite effectiveness},
	abstract = {During software maintenance, testing is a crucial activity to ensure the quality of program code as it evolves over time. With the increasing size and complexity of software, adequate software testing has become increasingly important. Code coverage is often used as a yardstick to gauge the comprehensiveness of test cases and the adequacy of testing. A test suite quality is often measured by the number of bugs it can find (aka. kill). Previous studies have analysed the quality of a test suite by its ability to kill mutants, i.e., artificially seeded faults. However, mutants do not necessarily represent real bugs. Moreover, many studies use small programs which increases the threat of the applicability of the results on large real-world systems. In this paper, we analyse two large software systems to measure the relationship of code coverage and its effectiveness in killing real bugs from the software systems. We use Randoop, a random test generation tool to generate test suites with varying levels of coverage and run them to analyse if the test suites can kill each of the real bugs or not. In this preliminary study, we have performed an experiment on 67 and 92 real bugs from Apache {HTTPClient} and Mozilla Rhino, respectively. Our experiment finds that there is indeed statistically significant correlation between code coverage and bug kill effectiveness. The strengths of the correlation, however, differ for the two software systems. For {HTTPClient}, the correlation is moderate for both statement and branch coverage. For Rhino, the correlation is strong for both statement and branch coverage.},
	eventtitle = {2015 {IEEE} 22nd International Conference on Software Analysis, Evolution, and Reengineering ({SANER})},
	pages = {560--564},
	booktitle = {2015 {IEEE} 22nd International Conference on Software Analysis, Evolution, and Reengineering ({SANER})},
	author = {Kochhar, Pavneet Singh and Thung, Ferdian and Lo, David},
	date = {2015-03},
	note = {{ISSN}: 1534-5351},
	keywords = {Computer bugs, Bugs, Code Coverage, Correlation, Java, Joining processes, Software systems, Test Suite Effectiveness, Testing},
	file = {IEEE Xplore Abstract Record:/home/denis/Zotero/storage/R32K2KZQ/7081877.html:text/html},
}

@online{etherscanio_tether_nodate,
	title = {Tether {USD} ({USDT}) Smart Contract Code {\textbar} Etherscan},
	url = {https://etherscan.io/token/0xdac17f958d2ee523a2206206994597c13d831ec7},
	abstract = {Tether {USD} ({USDT}) Token Tracker on Etherscan shows the price of the Token \$0.9996, total supply 39,025,187,376.28818, number of holders 4,553,444 and updated information of the token. The token tracker page also shows the analytics and historical data.},
	titleaddon = {Ethereum ({ETH}) Blockchain Explorer},
	author = {etherscan.io},
	urldate = {2023-09-02},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/AXF36RJ9/0xdac17f958d2ee523a2206206994597c13d831ec7.html:text/html},
}

@online{noauthor_reach_nodate,
	title = {Reach},
	url = {https://www.reach.sh/},
	urldate = {2023-09-03},
	file = {Reach:/home/denis/Zotero/storage/B9ZPAPZL/www.reach.sh.html:text/html},
}

@online{noauthor_pyteal_nodate,
	title = {{PyTeal}: Algorand Smart Contracts in Python — {PyTeal} documentation},
	url = {https://pyteal.readthedocs.io/en/stable/},
	urldate = {2023-09-03},
	file = {PyTeal\: Algorand Smart Contracts in Python — PyTeal documentation:/home/denis/Zotero/storage/43KFLGWE/stable.html:text/html},
}

@online{noauthor_beaker_nodate,
	title = {Beaker — Beaker documentation},
	url = {https://algorand-devrel.github.io/beaker/html/index.html},
	urldate = {2023-09-03},
	file = {Beaker — Beaker documentation:/home/denis/Zotero/storage/LMTGQWG2/index.html:text/html},
}

@online{noauthor_algorandfoundationtealscript_nodate,
	title = {@algorandfoundation/tealscript},
	url = {https://tealscript.netlify.app/},
	urldate = {2023-09-03},
	file = {@algorandfoundation/tealscript:/home/denis/Zotero/storage/Q6GYDPPZ/tealscript.netlify.app.html:text/html},
}

@article{miller_empirical_1990,
	title = {An empirical study of the reliability of {UNIX} utilities},
	volume = {33},
	issn = {0001-0782},
	url = {https://dl.acm.org/doi/10.1145/96267.96279},
	doi = {10.1145/96267.96279},
	abstract = {The following section describes the tools we built to test the utilities. These tools include the fuzz (random character) generator, ptyjig (to test interactive utilities), and scripts to automate the testing process. Next, we will describe the tests we performed, giving the types of input we presented to the utilities. Results from the tests will follow along with an analysis of the results, including identification and classification of the program bugs that caused the crashes. The final section presents concluding remarks, including suggestions for avoiding the types of problems detected by our study and some commentary on the bugs we found. We include an Appendix with the user manual pages for fuzz and ptyjig.},
	pages = {32--44},
	number = {12},
	journaltitle = {Communications of the {ACM}},
	shortjournal = {Commun. {ACM}},
	author = {Miller, Barton P. and Fredriksen, Lars and So, Bryan},
	urldate = {2023-09-03},
	date = {1990-12-01},
	file = {Full Text PDF:/home/denis/Zotero/storage/BFAUK3V7/Miller et al. - 1990 - An empirical study of the reliability of UNIX util.pdf:application/pdf},
}

@incollection{zeller_greybox_2023,
	title = {Greybox Fuzzing},
	url = {https://www.fuzzingbook.org/html/GreyboxFuzzer.html},
	booktitle = {The Fuzzing Book},
	publisher = {{CISPA} Helmholtz Center for Information Security},
	author = {Zeller, Andreas and Gopinath, Rahul and Böhme, Marcel and Fraser, Gordon and Holler, Christian},
	date = {2023},
}

@online{noauthor_home_nodate,
	title = {Home},
	url = {https://eosnetwork.com/},
	abstract = {The {EOS} Network Foundation is the hub of the {EOS} Network, charting a coordinated future for the {EOS} Network.},
	titleaddon = {{EOS} Network},
	urldate = {2023-09-03},
	langid = {american},
	file = {Snapshot:/home/denis/Zotero/storage/CJ3YNV9C/eosnetwork.com.html:text/html},
}

@online{noauthor_hyperledger_nodate,
	title = {Hyperledger Fabric},
	url = {https://www.hyperledger.org/projects/fabric},
	abstract = {Hyperledger Fabric - A blockchain framework implementation intended as a foundation for developing applications or solutions with a modular architecture.},
	urldate = {2023-09-03},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/3IVEGA44/fabric.html:text/html},
}

@incollection{brakmic_bitcoin_2019,
	location = {Berkeley, {CA}},
	title = {Bitcoin Script},
	isbn = {978-1-4842-5522-3},
	url = {https://doi.org/10.1007/978-1-4842-5522-3_7},
	abstract = {In this chapter we will learn about the core element of Bitcoin, the language called Script. Script is an embedded programming language that runs inside every Bitcoin node and is responsible for processing transactions. Unlike most other programming languages, it wasn’t designed upfront with formalized grammar and syntax. Instead of using a proper notation technique like Backus-Naur to describe its syntax, Script was hard-coded in the very first version of Bitcoin.},
	pages = {201--224},
	booktitle = {Bitcoin and Lightning Network on Raspberry Pi: Running Nodes on Pi3, Pi4 and Pi Zero},
	publisher = {Apress},
	author = {Brakmić, Harris},
	editor = {Brakmić, Harris},
	urldate = {2023-09-03},
	date = {2019},
	langid = {english},
	doi = {10.1007/978-1-4842-5522-3_7},
}

@online{noauthor_haskell_nodate,
	title = {Haskell Ethereum virtual machine evaluator},
	url = {https://hevm.dev/},
	urldate = {2023-09-03},
	file = {overview - hevm:/home/denis/Zotero/storage/EUB6KW5M/hevm.dev.html:text/html},
}

@online{consensys_ag_lets_nodate,
	title = {Let's go next level smart contract security with Diligence Fuzzing.},
	url = {https://consensys.io/diligence/fuzzing/},
	abstract = {Let's go next level smart contract security with Diligence Fuzzing.},
	titleaddon = {Consensys Diligence},
	author = {{ConsenSys AG}},
	urldate = {2023-09-03},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/EQVRHSW3/fuzzing.html:text/html},
}

@online{algorand_algorandtealfuzz_nodate,
	title = {algorand/tealfuzz},
	url = {https://github.com/algorand/tealfuzz},
	abstract = {Contribute to algorand/tealfuzz development by creating an account on {GitHub}.},
	titleaddon = {{GitHub}},
	author = {{Algorand}},
	urldate = {2023-09-03},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/GFCIIDBW/tealfuzz.html:text/html},
}

@online{noauthor_algokit_nodate,
	title = {{AlgoKit} - Algorand Developer Portal},
	url = {https://developer.algorand.org/docs/get-details/algokit/},
	abstract = {Algorand Developer Docs, {SDKs}, {REST} {APIs}, {CLI} tools, ecosystem projects, metrics dashboard and sample code, how-tos, and news from the Algorand developer community},
	urldate = {2023-09-05},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/E2YND5WL/algokit.html:text/html},
}

@online{noauthor_hone-labsteal-interpreter_nodate,
	title = {hone-labs/teal-interpreter: An interpreter for {TEAL} assembly code that simulates the Algorand virtual machine.},
	url = {https://github.com/hone-labs/teal-interpreter},
	shorttitle = {hone-labs/teal-interpreter},
	abstract = {An interpreter for {TEAL} assembly code that simulates the Algorand virtual machine. - hone-labs/teal-interpreter: An interpreter for {TEAL} assembly code that simulates the Algorand virtual machine.},
	titleaddon = {{GitHub}},
	urldate = {2023-09-06},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/JVA25FRX/teal-interpreter.html:text/html},
}

@online{noauthor_algo-builderruntime_nodate,
	title = {@algo-builder/runtime},
	url = {https://algobuilder.dev/api/runtime/index.html},
	urldate = {2023-09-06},
	file = {@algo-builder/runtime:/home/denis/Zotero/storage/RS2W84YZ/index.html:text/html},
}

@inproceedings{bohme_coverage-based_2016,
	location = {New York, {NY}, {USA}},
	title = {Coverage-based Greybox Fuzzing as Markov Chain},
	isbn = {978-1-4503-4139-4},
	url = {https://doi.org/10.1145/2976749.2978428},
	doi = {10.1145/2976749.2978428},
	series = {{CCS} '16},
	abstract = {Coverage-based Greybox Fuzzing ({CGF}) is a random testing approach that requires no program analysis. A new test is generated by slightly mutating a seed input. If the test exercises a new and interesting path, it is added to the set of seeds; otherwise, it is discarded. We observe that most tests exercise the same few "high-frequency" paths and develop strategies to explore significantly more paths with the same number of tests by gravitating towards low-frequency paths. We explain the challenges and opportunities of {CGF} using a Markov chain model which specifies the probability that fuzzing the seed that exercises path i generates an input that exercises path j. Each state (i.e., seed) has an energy that specifies the number of inputs to be generated from that seed. We show that {CGF} is considerably more efficient if energy is inversely proportional to the density of the stationary distribution and increases monotonically every time that seed is chosen. Energy is controlled with a power schedule. We implemented the exponential schedule by extending {AFL}. In 24 hours, {AFLFAST} exposes 3 previously unreported {CVEs} that are not exposed by {AFL} and exposes 6 previously unreported {CVEs} 7x faster than {AFL}. {AFLFAST} produces at least an order of magnitude more unique crashes than {AFL}.},
	pages = {1032--1043},
	booktitle = {Proceedings of the 2016 {ACM} {SIGSAC} Conference on Computer and Communications Security},
	publisher = {Association for Computing Machinery},
	author = {Böhme, Marcel and Pham, Van-Thuan and Roychoudhury, Abhik},
	urldate = {2023-09-07},
	date = {2016-10-24},
	keywords = {fuzzing, software security, foundations, testing efficiency, vulnerability detection},
}

@online{noauthor_algorand_nodate-5,
	title = {Algorand Python {SDK}},
	url = {https://developer.algorand.org/docs/sdks/python/},
	abstract = {Algorand Developer Docs, {SDKs}, {REST} {APIs}, {CLI} tools, ecosystem projects, metrics dashboard and sample code, how-tos, and news from the Algorand developer community},
	urldate = {2023-09-18},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/8QRKYFDJ/python.html:text/html},
}

@online{noauthor_erc-20_nodate,
	title = {{ERC}-20: Token Standard},
	url = {https://eips.ethereum.org/EIPS/eip-20},
	shorttitle = {{ERC}-20},
	titleaddon = {Ethereum Improvement Proposals},
	urldate = {2023-09-18},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/GMSAHSED/eip-20.html:text/html},
}

@online{noauthor_kuplverismart-benchmarks_nodate,
	title = {kupl/{VeriSmart}-benchmarks},
	url = {https://github.com/kupl/VeriSmart-benchmarks},
	abstract = {Contribute to kupl/{VeriSmart}-benchmarks development by creating an account on {GitHub}.},
	titleaddon = {{GitHub}},
	urldate = {2023-09-21},
	langid = {english},
	file = {Snapshot:/home/denis/Zotero/storage/664AKU26/VeriSmart-benchmarks.html:text/html},
}

@online{noauthor_lrz_nodate,
	title = {{LRZ} Compute Cloud},
	url = {https://doku.lrz.de/compute-cloud-10333232.html},
	titleaddon = {Leibniz-Rechenzentrum ({LRZ})},
	urldate = {2023-09-21},
	note = {Section: Dokumentation},
	file = {Snapshot:/home/denis/Zotero/storage/5UC7DMUN/compute-cloud-10333232.html:text/html},
}

@online{noauthor_algorand_nodate-6,
	title = {Algorand Applications},
	url = {https://algoexplorer.io/applications},
	urldate = {2023-10-04},
	file = {Algorand Applications:/home/denis/Zotero/storage/UJGVW9BW/applications.html:text/html},
}