Sat, 02. Sep. 2023   Draissi, Oussama

New publication in ACM CCS: FuzzDelSol uncovers security vulnerabilities in Solana programs.

In the upcoming November, we will present our research paper Fuzz on the Beach: Fuzzing Solana Smart Contracts at the prestigious ACM CCS conference. This work introduces FuzzDelSol, the first fuzzing architecture for Solana Smart Contracts that accurately models platform and contract interactions. Since the source code for most Solana Smart Contracts is not available, FuzzDelSol operates directly with binary code, utilizing carefully extracted information and Bug Oracles. The significance of this research increases as Solana is increasingly being favored as a platform for developing decentralized applications such as NFT marketplaces.

This research was conducted together with the Paluno Software Systems Engineering group, led by Prof. Klaus Pohl and Prof. Ghassan Karame, at the Chair for Information Security at Ruhr-University Bochum.

Jens-Rene Giesen presented this work at the ACM CCS conference in November 2023.