{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T04:08:59Z","timestamp":1776398939891,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":57,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,15]],"date-time":"2023-11-15T00:00:00Z","timestamp":1700006400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"HORIZON EUROPE European Research and Innovation","award":["101070455"],"award-info":[{"award-number":["101070455"]}]},{"DOI":"10.13039\/100019180","name":"HORIZON EUROPE European Research Council","doi-asserted-by":"publisher","award":["101042266"],"award-info":[{"award-number":["101042266"]}],"id":[{"id":"10.13039\/100019180","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["236615297"],"award-info":[{"award-number":["236615297"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,15]]},"DOI":"10.1145\/3576915.3623178","type":"proceedings-article","created":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T12:35:13Z","timestamp":1700570113000},"page":"1197-1211","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":21,"title":["Fuzz on the Beach: Fuzzing Solana Smart Contracts"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6829-0401","authenticated-orcid":false,"given":"Sven","family":"Smolka","sequence":"first","affiliation":[{"name":"University of Duisburg-Essen, Essen, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-0685-6237","authenticated-orcid":false,"given":"Jens-Rene","family":"Giesen","sequence":"additional","affiliation":[{"name":"University of Duisburg-Essen, Essen, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-8324-4993","authenticated-orcid":false,"given":"Pascal","family":"Winkler","sequence":"additional","affiliation":[{"name":"University of Duisburg-Essen, Essen, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-6065-8087","authenticated-orcid":false,"given":"Oussama","family":"Draissi","sequence":"additional","affiliation":[{"name":"University of Duisburg-Essen, Essen, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7322-2777","authenticated-orcid":false,"given":"Lucas","family":"Davi","sequence":"additional","affiliation":[{"name":"University of Duisburg-Essen, Essen, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2828-4071","authenticated-orcid":false,"given":"Ghassan","family":"Karame","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2199-5257","authenticated-orcid":false,"given":"Klaus","family":"Pohl","sequence":"additional","affiliation":[{"name":"University of Duisburg-Essen, Essen, Germany"}]}],"member":"320","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Vector 35. Binary Ninja. 2016. url: https:\/\/binary.ninja\/."},{"key":"e_1_3_2_1_2_1","unstructured":"National Security Agency. Ghidra. 2019. url: https:\/\/ghidra-sre.org\/."},{"key":"e_1_3_2_1_3_1","volume-title":"NDSS Symp.","author":"Aschermann","year":"2019","unstructured":"Aschermann et al. \"REDQUEEN: Fuzzing with Input-to-State Correspondence\". In: NDSS Symp. (2019)."},{"key":"e_1_3_2_1_4_1","first-page":"1","volume-title":"2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC).","author":"Syed","year":"2021","unstructured":"Syed Badruddoja et al. \"Making Smart Contracts Smarter\". In: 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). May 2021, pp. 1--3."},{"key":"e_1_3_2_1_5_1","volume-title":"https:\/\/nft.budweiser.com\/. Accessed: 2023-4-22","author":"Budverse","year":"2023","unstructured":"Budweiser. Budverse NFT. https:\/\/nft.budweiser.com\/. Accessed: 2023-4-22. 2023."},{"key":"e_1_3_2_1_6_1","volume-title":"USENIX Security.","author":"Tobias Cloosters","year":"2022","unstructured":"Tobias Cloosters et al. \"SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing\". In: USENIX Security. Aug. 2022."},{"key":"e_1_3_2_1_7_1","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security.","author":"Siwei","year":"2022","unstructured":"Siwei Cui et al. \"VRust: Automated Vulnerability Detection for Solana Smart Contracts\". In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 2022."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3463274.3463351"},{"key":"e_1_3_2_1_9_1","volume-title":"A study of android application security.\" In: USENIX security symposium","author":"William Enck","year":"2011","unstructured":"William Enck et al. \"A study of android application security.\" In: USENIX security symposium. Vol. 2. 2. 2011."},{"key":"e_1_3_2_1_10_1","volume-title":"P 2 IM: Scalable and hardware-inde-pendent firmware testing via automatic peripheral interface modeling. https: \/\/www.usenix.org\/system\/files\/sec20-feng.pdf","author":"Feng Bo","year":"2020","unstructured":"Bo Feng, Alejandro Mera, and Long Lu. P 2 IM: Scalable and hardware-inde-pendent firmware testing via automatic peripheral interface modeling. https: \/\/www.usenix.org\/system\/files\/sec20-feng.pdf. 2020."},{"key":"e_1_3_2_1_11_1","volume-title":"14th USENIX Workshop on Offensive Technologies (WOOT 20)","author":"Andrea","year":"2020","unstructured":"Andrea Fioraldi et al. \"AFL: Combining Incremental Steps of Fuzzing Research\". In: 14th USENIX Workshop on Offensive Technologies (WOOT 20). 2020."},{"key":"e_1_3_2_1_12_1","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. CCS '22.","author":"Andrea","year":"2022","unstructured":"Andrea Fioraldi et al. \"LibAFL: A Framework to Build Modular and Reusable Fuzzers\". In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. CCS '22. 2022."},{"key":"e_1_3_2_1_13_1","volume-title":"https:\/\/ethereum.org\/. Accessed: 2023-4-12","author":"Foundation Ethereum","year":"2023","unstructured":"Ethereum Foundation. Ethereum. https:\/\/ethereum.org\/. Accessed: 2023-4-12. 2023."},{"key":"e_1_3_2_1_14_1","volume-title":"https:\/\/solana.com\/. Accessed: 2023-4-12","author":"Foundation Solana","year":"2023","unstructured":"Solana Foundation. Solana. https:\/\/solana.com\/. Accessed: 2023-4-12. 2023."},{"key":"e_1_3_2_1_15_1","volume-title":"en. https:\/\/docs.solana.com\/. Accessed: 2023-4-16","author":"Foundation Solana","year":"2023","unstructured":"Solana Foundation. Solana Documentaion. en. https:\/\/docs.solana.com\/. Accessed: 2023-4-16. 2023."},{"key":"e_1_3_2_1_16_1","volume-title":"solana_rbpf. en. https:\/\/github.com\/solana-labs\/rbpf. Accessed: 2023-4-16","author":"Foundation Solana","year":"2023","unstructured":"Solana Foundation. solana_rbpf. en. https:\/\/github.com\/solana-labs\/rbpf. Accessed: 2023-4-16. 2023."},{"key":"e_1_3_2_1_17_1","first-page":"2757","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Frank Joel","year":"2020","unstructured":"Joel Frank, Cornelius Aschermann, and Thorsten Holz. \"ETHBMC: A Bounded Model Checker for Smart Contracts\". In: 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, Aug. 2020, pp. 2757--2774. isbn: 978-1-939133-17-5. url: https:\/\/www.usenix.org\/conference\/usenixsecurity20\/ presentation\/frank."},{"key":"e_1_3_2_1_18_1","volume-title":"en. https:\/\/arstechnica.com\/information-technology\/2022\/02\/how-323-million-in-crypto-was-stolen-from-a-blockchain-bridge-called-wormhole\/. Accessed: 2023-4-12","author":"Goodin Dan","year":"2022","unstructured":"Dan Goodin. How $323M in crypto was stolen from a blockchain bridge called Wormhole. en. https:\/\/arstechnica.com\/information-technology\/2022\/02\/how-323-million-in-crypto-was-stolen-from-a-blockchain-bridge-called-wormhole\/. Accessed: 2023-4-12. Feb. 2022."},{"key":"e_1_3_2_1_19_1","first-page":"557","volume-title":"Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. ISSTA 2020. Virtual Event, USA: Association for Computing Machinery","author":"Gustavo","year":"2020","unstructured":"Gustavo Grieco et al. \"Echidna: effective, usable, and fast fuzzing for smart contracts\". In: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. ISSTA 2020. Virtual Event, USA: Association for Computing Machinery, July 2020, pp. 557--560."},{"key":"e_1_3_2_1_20_1","volume-title":"Coverage guided fuzzing for javascript engines","author":"Gro\u00df Samuel","year":"2018","unstructured":"Samuel Gro\u00df. \"Fuzzil: Coverage guided fuzzing for javascript engines\". In: Department of Informatics, Karlsruhe Institute of Technology (2018)."},{"key":"e_1_3_2_1_21_1","first-page":"49","volume-title":"USENIX Security Symposium.","author":"Istvan","year":"2013","unstructured":"Istvan Haller et al. \"Dowsing for overflows: a guided fuzzer to find buffer boundary violations\". In: USENIX Security Symposium. 2013, pp. 49--64."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23263"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535"},{"key":"e_1_3_2_1_24_1","volume-title":"Immunefi Bug Bounties. https:\/\/immunefi.com\/. Accessed: 2023-3-30","author":"IMMUNI SOFTWARE PTE.","year":"2020","unstructured":"IMMUNI SOFTWARE PTE. LTD. Immunefi Bug Bounties. https:\/\/immunefi.com\/. Accessed: 2023-3-30. 2020."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238177"},{"key":"e_1_3_2_1_26_1","volume-title":"https:\/\/www.lacoste.com\/en\/undw3.html. Accessed: 2023-4-22","author":"Lacoste","year":"2023","unstructured":"Lacoste. Lacoste NFT. https:\/\/www.lacoste.com\/en\/undw3.html. Accessed: 2023-4-22. 2023."},{"key":"e_1_3_2_1_27_1","volume-title":"Solana: Scalability through speed. en. https:\/\/www.nansen.ai\/ research\/solana-scalability-through-speed. Accessed: 2023-4-12","author":"Lee Martin","year":"2022","unstructured":"Martin Lee. Solana: Scalability through speed. en. https:\/\/www.nansen.ai\/ research\/solana-scalability-through-speed. Accessed: 2023-4-12. Apr. 2022."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2018.2834476"},{"key":"e_1_3_2_1_29_1","first-page":"1","volume-title":"2022 IEEE Symposium on Security and Privacy (SP).","author":"Jie","year":"2022","unstructured":"Jie Liang et al. \"PATA: Fuzzing with Path Aware Taint Analysis\". In: 2022 IEEE Symposium on Security and Privacy (SP). May 2022, pp. 1--17."},{"key":"e_1_3_2_1_30_1","volume-title":"2023-8-9","author":"Solana OtterSec LLC.","year":"2022","unstructured":"OtterSec LLC. BN-eBPF-Solana. Accessed: 2023-8-9. 2022. url: https:\/\/github. com\/otter-sec\/bn-ebpf-solana."},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. WiSec '20","author":"Maier Dominik","unstructured":"Dominik Maier, Lukas Seidel, and Shinjo Park. \"BaseSAFE: baseband sanitized fuzzing through emulation\". In: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. WiSec '20. Linz, Austria: Association for Computing Machinery, July 2020, pp. 122--132."},{"key":"e_1_3_2_1_32_1","volume-title":"Rust RFC 1211: MIR. en. https:\/\/rust-lang.github.io\/rfcs\/1211-mir.html. Accessed: 2023-8-9","author":"Matsakis Niko","year":"2015","unstructured":"Niko Matsakis. Rust RFC 1211: MIR. en. https:\/\/rust-lang.github.io\/rfcs\/1211-mir.html. Accessed: 2023-8-9. 2015."},{"key":"e_1_3_2_1_33_1","first-page":"1186","volume-title":"2019 34th IEEE\/ACM International Conference on Automated Software Engineering (ASE).","author":"Mark","year":"2019","unstructured":"Mark Mossberg et al. \"Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts\". In: 2019 34th IEEE\/ACM International Conference on Automated Software Engineering (ASE). Nov. 2019, pp. 1186--1189."},{"key":"e_1_3_2_1_34_1","volume-title":"https:\/\/nbatopshot.com\/. Accessed: 2023-4-20","author":"NBA. NBA","year":"2023","unstructured":"NBA. NBA NFT. https:\/\/nbatopshot.com\/. Accessed: 2023-4-20. 2023."},{"key":"e_1_3_2_1_35_1","volume-title":"Introduction -Solana Security Workshop. en. https: \/\/workshop. neodyme.io\/. Accessed: 2023-4-16","year":"2021","unstructured":"Neodyme. Introduction -Solana Security Workshop. en. https: \/\/workshop. neodyme.io\/. Accessed: 2023-4-16. 2021."},{"key":"e_1_3_2_1_36_1","volume-title":"Solana security.txt. en. https:\/\/github.com\/neodyme-labs\/solana-security-txt. Accessed: 2023-8-9","year":"2022","unstructured":"Neodyme. Solana security.txt. en. https:\/\/github.com\/neodyme-labs\/solana-security-txt. Accessed: 2023-8-9. 2022."},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering. ICSE '20","author":"Tai","unstructured":"Tai D Nguyen et al. \"sFuzz: an efficient adaptive fuzzer for solidity smart contracts\". In: Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering. ICSE '20. Seoul, South Korea: Association for Computing Machinery, Oct. 2020, pp. 778--788."},{"key":"e_1_3_2_1_38_1","volume-title":"https:\/\/www.swoosh.nike\/. Accessed: 2023-4-22","author":"Nike","year":"2023","unstructured":"Nike. Nike NFT. https:\/\/www.swoosh.nike\/. Accessed: 2023-4-22. 2023."},{"key":"e_1_3_2_1_39_1","volume-title":"ghidra-eBPF. Accessed: 2023-8-9","author":"Patel Richard","year":"2022","unstructured":"Richard Patel. ghidra-eBPF. Accessed: 2023-8-9. 2022. url: https:\/\/github.com\/ terorie\/ghidra-ebpf."},{"key":"e_1_3_2_1_40_1","volume-title":"USBFuzz: A framework for fuzzing USB drivers by device emulation. https:\/\/www.usenix.org\/system\/files\/sec20-peng_0.pdf. Accessed: 2023-2-7","author":"Peng Hui","year":"2020","unstructured":"Hui Peng and Mathias Payer. USBFuzz: A framework for fuzzing USB drivers by device emulation. https:\/\/www.usenix.org\/system\/files\/sec20-peng_0.pdf. Accessed: 2023-2-7. 2020."},{"key":"e_1_3_2_1_41_1","first-page":"1","volume-title":"Proceedings 2017 Network and Distributed System Security Symposium.","volume":"17","author":"Sanjay","year":"2017","unstructured":"Sanjay Rawat et al. \"VUzzer: Application-aware evolutionary fuzzing\". In: Proceedings 2017 Network and Distributed System Security Symposium. Vol. 17. San Diego, CA: Internet Society, 2017, pp. 1--14."},{"key":"e_1_3_2_1_42_1","volume-title":"EF\/CF: High Performance Smart Contract Fuzzing for Exploit Generation","author":"Michael Rodler","year":"2023","unstructured":"Michael Rodler et al. EF\/CF: High Performance Smart Contract Fuzzing for Exploit Generation. 2023."},{"key":"e_1_3_2_1_43_1","first-page":"1289","volume-title":"USENIX Security Symposium.","author":"Michael","year":"2021","unstructured":"Michael Rodler et al. \"EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts\". In: USENIX Security Symposium. 2021, pp. 1289--1306."},{"key":"e_1_3_2_1_44_1","volume-title":"Proceedings 2019 Network and Distributed System Security Symposium","author":"Michael","year":"2019","unstructured":"Michael Rodler et al. \"Sereum: Protecting existing smart contracts against re-entrancy attacks\". In: Proceedings 2019 Network and Distributed System Security Symposium. San Diego, CA: Internet Society, 2019."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSESS.2017.8342866"},{"key":"e_1_3_2_1_46_1","first-page":"1239","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Tobias","year":"2022","unstructured":"Tobias Scharnowski et al. \"Fuzzware: Using precise {MMIO} modeling for effective firmware fuzzing\". In: 31st USENIX Security Symposium (USENIX Security 22). 2022, pp. 1239--1256."},{"key":"e_1_3_2_1_47_1","first-page":"621","volume-title":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. CCS '20","author":"Clara","year":"2020","unstructured":"Clara Schneidewind et al. \"eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts\". In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. CCS '20. New York, NY, USA: Association for Computing Machinery, Oct. 2020, pp. 621--640."},{"key":"e_1_3_2_1_48_1","first-page":"2597","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Sergej","year":"2021","unstructured":"Sergej Schumilo et al. \"Nyx: Greybox hypervisor fuzzing using fast snapshots and affine types\". In: 30th USENIX Security Symposium (USENIX Security 21). 2021, pp. 2597--2614."},{"key":"e_1_3_2_1_49_1","volume-title":"Fuzz on the Beach: Fuzzing Solana Smart Contracts","author":"Sven Smolka","year":"2023","unstructured":"Sven Smolka et al. Fuzz on the Beach: Fuzzing Solana Smart Contracts. 2023. arXiv: 2309.03006 [cs.CR]."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274737"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00018"},{"key":"e_1_3_2_1_52_1","volume-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. CCS '18","author":"Petar","unstructured":"Petar Tsankov et al. \"Securify: Practical Security Analysis of Smart Contracts\". In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. CCS '18. Toronto, Canada: Association for Computing Machinery, Oct. 2018, pp. 67--82."},{"key":"e_1_3_2_1_53_1","unstructured":"Molly White. Mango Markets exploiter arrested despite claiming all his actions were legal. https:\/\/web3isgoinggreat.com\/\"blockchain=solana&id=mango-markets-exploiter-arrested-despite-claiming-all-his-actions-were-legal. Accessed: 2023-4-12. Dec. 2022."},{"key":"e_1_3_2_1_54_1","volume-title":"Oracle attack on Solend costs the project $1.26 million. https: \/\/web3isgoinggreat.com\/?blockchain=solana&id=oracle-attack-on-solend-costs-the-project-1-26-million. Accessed: 2023-4-12","author":"White Molly","year":"2022","unstructured":"Molly White. Oracle attack on Solend costs the project $1.26 million. https: \/\/web3isgoinggreat.com\/?blockchain=solana&id=oracle-attack-on-solend-costs-the-project-1-26-million. Accessed: 2023-4-12. Nov. 2022."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3417064"},{"key":"e_1_3_2_1_56_1","first-page":"769","volume-title":"2019 IEEE Symposium on Security and Privacy (SP). ieeexplore.ieee.org","author":"Wei","year":"2019","unstructured":"Wei You et al. \"ProFuzzer: On-the-fly Input Type Probing for Better Zero-Day Vulnerability Discovery\". In: 2019 IEEE Symposium on Security and Privacy (SP). ieeexplore.ieee.org, May 2019, pp. 769--786."},{"key":"e_1_3_2_1_57_1","unstructured":"Michal Zalewski. American Fuzzy Lop. url: https:\/\/lcamtuf.coredump.cx\/afl\/."}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark","acronym":"CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623178","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3576915.3623178","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T01:49:33Z","timestamp":1755740973000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623178"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,15]]},"references-count":57,"alternative-id":["10.1145\/3576915.3623178","10.1145\/3576915"],"URL":"https:\/\/doi.org\/10.1145\/3576915.3623178","relation":{},"subject":[],"published":{"date-parts":[[2023,11,15]]},"assertion":[{"value":"2023-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}