Most important academic papers
Slither: A Static Analysis Framework for Smart Contracts (Josselin Feist, Gustavo Grieco, Alex Groce)
Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts (Mark Mossberg, Felipe Manzano, Eric Hennenfent, Alex Groce, Gustavo Grieco, Josselin Feist)
SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses (Jaeseung Choi, Doyeon Kim, Soomin Kim, Gustavo Grieco, Alex Groce, S. Cha)
Optimizing Seed Selection for Fuzzing (Alexandre Rebert, Sang Kil Cha, Thanassis Avgerinos, Jonathan Foote, David Warren, Gustavo Grieco, David Brumley)
Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities
(Juan Caballero, Gustavo Grieco, Mark Marron, Antonio Nappa)Echidna: effective, usable, and fast fuzzing for smart contracts (Gustavo Grieco, Will Song, Artur Cygan, Josselin Feist, Alex Groce)
Toward Large-Scale Vulnerability Discovery using Machine Learning (Gustavo Grieco, G. Grinblat, Lucas C. Uzal, Sanjay Rawat, Josselin Feist, L. Mounier)
QuickFuzz: an automatic random fuzzer for common file formats (Gustavo Grieco, MartΓn Ceresa, Pablo Buiras)
The complete list is available in Semantic Scholar.
Blog posts
CVEs
A number of CVEs accumulated over years of using fuzzers:
Using QuickFuzz:
- Mozilla Firefox (CVE-2016-1933, CVE-2015-7194, CVE-2015-7216, CVE-2015-7217)
- webkit (CVE-2016-9642, CVE-2016-9643)
- libxml2 (CVE-2016-3627, CVE-2016-4483)
- gdk-pixbuf (CVE-2015-7552, CVE-2015-7674, CVE-2015-7673)
- mujs (CVE-2016-9109)
- gif2webp (CVE-2016-9085)
- jq (CVE-2016-4074)
- jasson (CVE-2016-4425)
- libgd (CVE-2016-6132, CVE-2016-6214)
- graphicsmagick (CVE-2016-2317, CVE-2016-2318)
- mini-XML (CVE-2016-4570, CVE-2016-4571)
- vlc (CVE-2016-3941)
- cpio (CVE-2016-2037)
- cairo (CVE-2016-9082)
Using American Fuzzy Lop:
- Expat XML (CVE-2016-0718)
- libxml2 (CVE-2016-4483, CVE-2016-3627, CVE-2015-8035)
- Apache xerces-C (CVE-2016-0729, CVE-2016-2099)