Blockchain: Research and Applications (Sep 2025)

ACOFuzz: An ant colony algorithm-based fuzzer for smart contracts

  • Peixuan Feng,
  • Wenrui Cao,
  • Siqi Lu,
  • Yongjuan Wang,
  • Haoyuan Xue,
  • Runnan Yang

DOI
https://doi.org/10.1016/j.bcra.2025.100279
Journal volume & issue
Vol. 6, no. 3
p. 100279

Abstract

Read online

In today's blockchain landscape, smart contracts are assuming a pivotal role, albeit accompanied by a heightened risk of exploitation by attackers. As smart contracts grow in complexity, vulnerabilities lurking within deeper layers of code become more prevalent. Existing analysis tools primarily focus on data flow and a priori knowledge based on symbolic execution as a test case generation strategy, often falling short in uncovering vulnerabilities nested within intricate conditional statements. To address this challenge, we present ACOFuzz, an advanced fuzzer for Ethereum smart contracts. ACOFuzz employs the ant colony optimization (ACO) algorithm to traverse the control flow graph (CFG) of smart contracts, systematically exploring execution paths and generating test cases. Subsequently, it strategically directs the search towards paths that are more susceptible to vulnerabilities within the CFG, leveraging block coverage data obtained from executing the test cases. In a comprehensive evaluation, we demonstrate that ACOFuzz excels in covering a wider array of paths within a contract while exhibiting enhanced accuracy in pinpointing specific vulnerabilities compared to contemporary fuzzers.

Keywords