Wansen Wang,Caichang Tu,Zhaoyi Meng,Wenchao Huang,Yan Xiong

2024-12-05

Abstract:WebAssembly (WASM) has emerged as a crucial technology in smart contract development for several blockchain platforms. Unfortunately, since their introduction, WASM smart contracts have been subject to several security incidents caused by contract vulnerabilities, resulting in substantial economic losses. However, existing tools for detecting WASM contract vulnerabilities have accuracy limitations, one of the main reasons being the coarse-grained emulation of the on-chain data APIs. In this paper, we introduce WACANA, an analyzer for WASM contracts that accurately detects vulnerabilities through fine-grained emulation of on-chain data APIs. WACANA precisely simulates both the structure of on-chain data tables and their corresponding API functions, and integrates concrete and symbolic execution within a coverage-guided loop to balance accuracy and efficiency. Evaluations on a vulnerability dataset of 133 contracts show WACANA outperforming state-of-the-art tools in accuracy. Further validation on 5,602 real-world contracts confirms WACANA's practical effectiveness.

Cryptography and Security,Software Engineering

Mingxi Ye,Xingwei Lin,Yuhong Nan,Jiajing Wu,Zibin Zheng

DOI: https://doi.org/10.1145/3650212.3680321

2024-01-01

Abstract:In the context of boosting smart contract applications, prioritizing their security becomes paramount. Smart contract exploits often result in notable financial losses. Ensuring their security is by no means trivial. Rather than resulting in program crashes, most attacks in on-chain smart contracts aim to induce financial loss, referred to as profitable exploits. By constructing seemingly innocuous inputs, profitable exploits try to extract extra profit or compromise the interests of others. However, due to the complexity of call chains in on-chain smart contracts and the need for effective oracles for profitable exploits, smart contract fuzzing suffers from low efficiency and low effectiveness in finding profitable exploits. In this paper, we present Midas, a novel feedback-driven fuzzing framework to mine profitable exploits in on-chain smart contracts effectively. Midas consists of two modules: diverse validity fuzzing and profitable transaction identification. The diverse validity fuzzing module applies two waypoints to efficiently generate valid transactions, addressing the complexity of on-chain smart contract call chains. The profitable transaction identification module applies differential analysis to effectively identify profitable exploits, addressing the limitation of ad-hoc oracles. Evaluation of Midas over on-chain smart contracts showed it effectively identified 40 real-world exploits with a precision of 80%, outperforming state-of-the-art tools (i.e., ItyFuzz and Slither) in both efficiency and effectiveness. Particularly, Midas effectively mines five unknown exploits in valuable smart contracts, and two of them have already been confirmed by their DApp developers.

Jianfei Zhou,Ting Chen

DOI: https://doi.org/10.1049/blc2.12029

2023-01-01

IET Blockchain

Abstract:Over the past few years, blockchain platforms supporting WebAssembly (Wasm) smart contracts are gaining popularity. However, Wasm smart contracts are often compiled from memory‐unsafe languages (e.g. C and C++). And there is a lack of effective defense against integer overflow and stack overflow at the compiler and virtual machine (VM) layers, making Wasm smart contracts even more exploitable than native C and C++ programs. In this paper, the authors propose wasm overflow detector (WASMOD) to address the integer overflow and stack overflow vulnerabilities. The authors’ approach combines bytecode instrumentation, run‐time validation, and grey‐box fuzzing to detect these vulnerabilities. The authors applied their approach to the popular EOSIO blockchain and evaluated it on 4616 deployed Wasm smart contracts. The authors’ approach detected 13 real‐world vulnerable smart contracts.

Caichang Tu,Wansen Wang,Kaiwen Shi,Yan Xiong,Wenchao Huang

DOI: https://doi.org/10.1109/bigcom61073.2023.00022

2023-01-01

Abstract:Compiling smart contracts into WebAssembly (WASM) bytecode format for better execution performance is becoming a common choice of many blockchain smart contract platforms, including EOSIO smart contract platform, which has been using WASM as its smart contract compilation target since its release. Similar to Ethereum smart contracts, EOSIO smart contracts have suffered from various vulnerability attacks, causing serious economic losses. Although some security analysis tools for EOSIO smart contracts have been proposed in the academic community, they still have some limitations, such as inadequate coverage of vulnerabilities and a lack of information about the triggered conditions and call stack when a vulnerability is identified. This makes it difficult for developers to utilize these tools. To address these problems, this paper proposes EOSVERIF, an automatic fine-grained analyzer of EOSIO smart contracts. It supports the concatenation of the set of vulnerabilities supported by all previous EOSIO security analysis tools and can provide the triggering conditions and execution paths of detected vulnerabilities. Our experimental results show that EOSVERIF can effectively detect vulnerabilities in EOSIO smart contracts.

Dong Wang,Bo Jiang,W.K. Chan

DOI: https://doi.org/10.48550/arXiv.2007.15510

2020-08-05

Abstract:Many popular blockchain platforms are supporting smart contracts for building decentralized applications. However, the vulnerabilities within smart contracts have led to serious financial loss to their end users. For the EOSIO blockchain platform, effective vulnerability detectors are still limited. Furthermore, existing vulnerability detection tools can only support one blockchain platform. In this work, we present WANA, a cross-platform smart contract vulnerability detection tool based on the symbolic execution of WebAssembly bytecode. Furthermore, WANA proposes a set of test oracles to detect the vulnerabilities in EOSIO and Ethereum smart contracts based on WebAssembly bytecode analysis. Our experimental analysis shows that WANA can effectively detect vulnerabilities in both EOSIO and Ethereum smart contracts with high efficiency.

Software Engineering

Ningyu He,Ruiyi Zhang,Haoyu Wang,Lei Wu,Xiapu Luo,Yao Guo,Ting Yu,Xuxian Jiang

DOI: https://doi.org/10.48550/arxiv.2003.06568

2021-01-01

Abstract:The EOSIO blockchain, one of the representative Delegated Proof-of-Stake (DPoS) blockchain platforms, has grown rapidly recently. Meanwhile, a number of vulnerabilities and high-profile attacks against top EOSIO DApps and their smart contracts have also been discovered and observed in the wild, resulting in serious financial damages. Most of EOSIO's smart contracts are not open-sourced and they are typically compiled to WebAssembly (Wasm) bytecode, thus making it challenging to analyze and detect the presence of possible vulnerabilities. In this paper, we propose EOSAFE, the first static analysis framework that can be used to automatically detect vulnerabilities in EOSIO smart contracts at the bytecode level. Our framework includes a practical symbolic execution engine for Wasm, a customized library emulator for EOSIO smart contracts, and four heuristics-driven detectors to identify the presence of four most popular vulnerabilities in EOSIO smart contracts. Experiment results suggest that EOSAFE achieves promising results in detecting vulnerabilities, with an F1-measure of 98%. We have applied EOSAFE to all active 53,666 smart contracts in the ecosystem (as of November 15, 2019). Our results show that over 25% of the smart contracts are vulnerable. We further analyze possible exploitation attempts against these vulnerable smart contracts and identify 48 in-the-wild attacks (25 of them have been confirmed by DApp developers), resulting in financial loss of at least 1.7 million USD.

Peng Qian,Zhenguang Liu,Qinming He,Butian Huang,Duanzheng Tian,Xun Wang

DOI: https://doi.org/10.13328/j.cnki.jos.006375

2022-01-01

Journal of Software

Abstract: Smart contract, one of the most successful applications of blockchain, is taking the world by storm, playing an essential role in the blockchain ecosystem. However, frequent smart contract security incidents not only result in tremendous economic losses but also destroy the blockchain-based credit system. The security and reliability of smart contracts thus gain extensive attention from researchers worldwide. In this survey, we first summarize the common types and typical cases of smart contract vulnerabilities from three levels, i.e., Solidity code layer, EVM execution layer, and Block dependency layer. Further, we review the research progress of smart contract vulnerability detection and classify existing counterparts into five categories, i.e., formal verification, symbolic execution, fuzzing detection, intermediate representation, and deep learning. Empirically, we take 300 real-world smart contracts deployed on Ethereum as the test samples and compare the representative methods in terms of accuracy, F1-Score, and average detection time. Finally, we discuss the challenges in the field of smart contract vulnerability detection and combine with the deep learning technology to look forward to future research directions.

Lijin Quan,Lei Wu,Haoyu Wang

DOI: https://doi.org/10.48550/arxiv.1906.10362

2019-01-01

Abstract:As one of the representative Delegated Proof-of-Stake (DPoS) blockchain platforms, EOSIO's ecosystem grows rapidly in recent years. A number of vulnerabilities and corresponding attacks of EOSIO's smart contracts have been discovered and observed in the wild, which caused a large amount of financial damages. However, the majority of EOSIO's smart contracts are not open-sourced. As a result, the WebAssembly code may become the only available object to be analyzed in most cases. Unfortunately, current tools are web-application oriented and cannot be applied to EOSIO WebAssembly code directly, which makes it more difficult to detect vulnerabilities from those smart contracts. In this paper, we propose , a static analysis tool that can be used to detect vulnerabilities from EOSIO WASM code automatically. We focus on one particular type of vulnerabilities named fake-transfer, and the exploitation of such vulnerabilities has led to millions of dollars in damages. To the best of our knowledge, it is the first attempt to build an automatic tool to detect vulnerabilities of EOSIO's smart contracts. The experimental results demonstrate that our tool is able to detect fake transfer vulnerabilities quickly and precisely. EVulHunter is available on GitHub[Tool and benchmarks: https://github.com/EVulHunter/EVulHunter] and YouTube[Demo video: https://youtu.be/5SJ0ZJKVZvw].

Yuhe Huang,Bo Jiang,W.K. Chan

DOI: https://doi.org/10.48550/arXiv.2007.14903

2020-08-06

Abstract:EOSIO is one typical public blockchain platform. It is scalable in terms of transaction speeds and has a growing ecosystem supporting smart contracts and decentralized applications. However, the vulnerabilities within the EOSIO smart contracts have led to serious attacks, which caused serious financial loss to its end users. In this work, we systematically analyzed three typical EOSIO smart contract vulnerabilities and their related attacks. Then we presented EOSFuzzer, a general black-box fuzzing framework to detect vulnerabilities within EOSIO smart contracts. In particular, EOSFuzzer proposed effective attacking scenarios and test oracles for EOSIO smart contract fuzzing. Our fuzzing experiment on 3963 EOSIO smart contracts shows that EOSFuzzer is both effective and efficient to detect EOSIO smart contract vulnerabilities with high accuracy.

Software Engineering

Christoph Sendner,Lukas Petzi,Jasper Stang,Alexandra Dmitrienko

DOI: https://doi.org/10.48550/arXiv.2312.16533

2023-12-27

Cryptography and Security

Abstract:Ethereum smart contracts, which are autonomous decentralized applications on the blockchain that manage assets often exceeding millions of dollars, have become primary targets for cyberattacks. In 2023 alone, such vulnerabilities led to substantial financial losses exceeding a billion of US dollars. To counter these threats, various tools have been developed by academic and commercial entities to detect and mitigate vulnerabilities in smart contracts. Our study investigates the gap between the effectiveness of existing security scanners and the vulnerabilities that still persist in practice. We compiled four distinct datasets for this analysis. The first dataset comprises 77,219 source codes extracted directly from the blockchain, while the second includes over 4 million bytecodes obtained from Ethereum Mainnet and testnets. The other two datasets consist of nearly 14,000 manually annotated smart contracts and 373 smart contracts verified through audits, providing a foundation for a rigorous ground truth analysis on bytecode and source code. Using the unlabeled datasets, we conducted a comprehensive quantitative evaluation of 17 vulnerability scanners, revealing considerable discrepancies in their findings. Our analysis of the ground truth datasets indicated poor performance across all the tools we tested. This study unveils the reasons for poor performance and underscores that the current state of the art for smart contract security falls short in effectively addressing open problems, highlighting that the challenge of effectively detecting vulnerabilities remains a significant and unresolved issue.

Tiago Brito,Pedro Lopes,Nuno Santos,José Fragoso Santos

DOI: https://doi.org/10.1016/j.cose.2022.102745

2022-04-01

Abstract:WebAssembly is a new binary instruction format that allows targeted compiled code written in high-level languages to be executed with near-native speed by the browser's JavaScript engine. However, given that WebAssembly binaries can be compiled from unsafe languages like C/C++, classical code vulnerabilities such as buffer overflows or format strings can be transferred over from the original programs down to the cross-compiled binaries. As a result, this possibility of incorporating vulnerabilities in WebAssembly modules has widened the attack surface of modern web applications. This paper presents Wasmati, a static analysis tool for finding security vulnerabilities in WebAssembly binaries. It is based on the generation of a code property graph (CPG), a program representation previously adopted for detecting vulnerabilities in various languages but hitherto unapplied to WebAssembly. We formalize the definition of CPG for WebAssembly, introduce techniques to generate CPG for complex WebAssembly, and present four different query specification languages for finding vulnerabilities by traversing a program's CPG. We implemented ten queries capturing different vulnerability types and extensively tested Wasmati on four heterogeneous datasets. We show that Wasmati can scale the generation of CPGs for large real-world applications and can efficiently find vulnerabilities for all our query types. We have also tested our tool on WebAssembly binaries collected in the wild and identified several potential vulnerabilities, some of which we have manually confirmed to exist unless the enclosing application properly sanitizes the interaction with such affected binaries.

computer science, information systems

Jiachi Chen,Mingyuan Huang,Zewei Lin,Peilin Zheng,Zibin Zheng

2023-08-20

Abstract:With the increasing popularity of cryptocurrencies and blockchain technology, smart contracts have become a prominent feature in developing decentralized applications. However, these smart contracts are susceptible to vulnerabilities that hackers can exploit, resulting in significant financial losses. In response to this growing concern, various initiatives have emerged. Notably, the SWC vulnerability list played an important role in raising awareness and understanding of smart contract weaknesses. However, the SWC list lacks maintenance and has not been updated with new vulnerabilities since 2020. To address this gap, this paper introduces the Smart Contract Weakness Enumeration (SWE), a comprehensive and practical vulnerability list up until 2023. We collect 273 vulnerability descriptions from 86 top conference papers and journal papers, employing open card sorting techniques to deduplicate and categorize these descriptions. This process results in the identification of 40 common contract weaknesses, which are further classified into 20 sub-research fields through thorough discussion and analysis. SWE provides a systematic and comprehensive list of smart contract vulnerabilities, covering existing and emerging vulnerabilities in the last few years. Moreover, SWE is a scalable, continuously iterative program. We propose two update mechanisms for the maintenance of SWE. Regular updates involve the inclusion of new vulnerabilities from future top papers, while irregular updates enable individuals to report new weaknesses for review and potential addition to SWE.

Software Engineering

Ningyu He,Zhehao Zhao,Hanqin Guan,Jikai Wang,Shuo Peng,Ding Li,Haoyu Wang,Xiangqun Chen,Yao Guo

2024-08-16

Abstract:WebAssembly (Wasm), as a compact, fast, and isolation-guaranteed binary format, can be compiled from more than 40 high-level programming languages. However, vulnerabilities in Wasm binaries could lead to sensitive data leakage and even threaten their hosting environments. To identify them, symbolic execution is widely adopted due to its soundness and the ability to automatically generate exploitations. However, existing symbolic executors for Wasm binaries are typically platform-specific, which means that they cannot support all Wasm features. They may also require significant manual interventions to complete the analysis and suffer from efficiency issues as well. In this paper, we propose an efficient and fully-functional symbolic execution engine, named SeeWasm. Compared with existing tools, we demonstrate that SeeWasm supports full-featured Wasm binaries without further manual intervention, while accelerating the analysis by 2 to 6 times. SeeWasm has been adopted by existing works to identify more than 30 0-day vulnerabilities or security issues in well-known C, Go, and SGX applications after compiling them to Wasm binaries.

Cryptography and Security,Software Engineering

Dongcheng Li,W. Eric Wong,Xiaodan Wang,Sean Pan,Liang-Seng Koh

2024-10-01

Abstract:This paper introduces a method for detecting vulnerabilities in smart contracts using static analysis and a multi-objective optimization algorithm. We focus on four types of vulnerabilities: reentrancy, call stack overflow, integer overflow, and timestamp dependencies. Initially, smart contracts are compiled into an abstract syntax tree to analyze relationships between contracts and functions, including calls, inheritance, and data flow. These analyses are transformed into static evaluations and intermediate representations that reveal internal relations. Based on these representations, we examine contract's functions, variables, and data dependencies to detect the specified vulnerabilities. To enhance detection accuracy and coverage, we apply a multi-objective optimization algorithm to the static analysis process. This involves assigning initial numeric values to input data and monitoring changes in statement coverage and detection accuracy. Using coverage and accuracy as fitness values, we calculate Pareto front and crowding distance values to select the best individuals for the new parent population, iterating until optimization criteria are met. We validate our approach using an open-source dataset collected from Etherscan, containing 6,693 smart contracts. Experimental results show that our method outperforms state-of-the-art tools in terms of coverage, accuracy, efficiency, and effectiveness in detecting the targeted vulnerabilities.

Software Engineering

Zhaoxuan Li,Siqi Lu,Rui Zhang,Rui Xue,Wenqiu Ma,Rujin Liang,Ziming Zhao,Sheng Gao

DOI: https://doi.org/10.1007/s10664-022-10218-2

IF: 3.762

2022-10-14

Empirical Software Engineering

Abstract:Recently, although state-of-the-art (SOTA) tools were designed and developed to analyze the vulnerabilities of smart contracts on Ethereum, security incidents caused by these vulnerabilities are still widespread. This can be attributed to the fact that each tool has various standards for judging the severity of vulnerabilities. More importantly, tools fail to identify all the vulnerabilities accurately and comprehensively as the evolution of vulnerabilities. To this end, we first propose a vulnerability assessment model to unify the vulnerability measurement standards. Next, we design a static analysis tool called SmartFast , which expresses the contract source code as a novel intermediate representation named SmartIR. Using preset rules and taint tracking technology, SmartFast matches SmartIR to locate the vulnerability code. Furthermore, SmartFast can recommend the optimization of the contract code automatically. Finally, we implement a prototype of SmartFast with 25K lines of code and compare it with 7 SOTA tools on three datasets (a total of 13,687 public contracts). The results indicate that SmartFast is efficient (only took a few seconds per contract) and robust (0.4% failure rate and resistance to the general code confusion methods). Besides, compared with other tools, SmartFast can detect more kinds of vulnerabilities (119) with a higher precision rate (98.43%) and a recall rate (85.12%), which confirms the conclusion of the theoretical analysis in the paper.

computer science, software engineering

Qi Wang,Jianjun Chen,Zheyu Jiang,Run Guo,Ximeng Liu,Chao Zhang,Haixin Duan

DOI: https://doi.org/10.1109/sp54263.2024.00129

2024-01-01

Abstract:Web Application Firewalls (WAFs) are a crucial line of defense against web-based attacks. However, an emerging threat comes from protocol-level evasion vulnerabilities, in which adversaries exploit parsing discrepancies between the WAF HTTP parser and those of web applications to circumvent WAFs. Currently, uncovering these vulnerabilities still depends on manual, ad hoc methods. In this paper, we propose WAF Manis, a novel testing methodology to automatically discover protocol-level evasion vulnerabilities in WAFs. We evaluated WAF Manis against 14 popular WAFs including Cloudflare and ModSecurity and 20 popular web frameworks including Laravel and Spring. In total, we discovered 311 protocol-level evasion cases affecting all tested WAFs and applications. Due to the generic nature of protocol-level evasions, these evasion vulnerabilities do not hinge on specific payload patterns and can transmit any malicious payloads - for instance, SQL injection, XSS, or Log4jShell - to the target websites. We further analyzed these vulnerabilities and identified three primary reasons contributing to WAF evasions. We have reported those identified vulnerabilities to the affected providers and received acknowledgments and bug bounty rewards from Cloudflare WAF, Fortinet WAF, Alibaba Cloud WAF, Huawei Cloud WAF, ModSecurity, Go security Team, and the PHP security team.

Mingxi Ye,Yuhong Nan,Hong-Ning Dai,Shuo Yang,Xiapu Luo,Zibin Zheng

DOI: https://doi.org/10.1145/3674725

IF: 3.685

2024-06-28

ACM Transactions on Software Engineering and Methodology

Abstract:With the increasing popularity of Decentralized Applications (DApps) in blockchain, securing smart contracts has been a long-term, high-priority subject in the domain. Among the various research directions for vulnerability detection, fuzzing has received extensive attention because of its high effectiveness. However, with the increasing complexity of smart contracts, existing fuzzers may waste substantial time exploring locations irrelevant to smart contract vulnerabilities. In this paper, we present FunFuzz , a function-oriented fuzzer, which is dedicatedly tailored for detecting smart contract vulnerability with high effectiveness and efficiency. The key observation in our research is that most smart contract vulnerabilities exist in specific functions rather than randomly distributed in all program code like other traditional software. To this end, unlike traditional fuzzers which mainly target code coverage, FunFuzz identifies risky functions while pruning non-risky ones in smart contracts. In this way, it significantly narrows down the exploration scope during the fuzzing process. In addition, FunFuzz employs three unique strategies to direct itself towards effectively discovering vulnerabilities specific to smart contracts (e.g., reentrancy, block dependency, and gasless send). Extensive experiments on 170 real-world contracts demonstrate that FunFuzz outperforms state-of-the-art fuzzers in terms of effectiveness and efficiency.

computer science, software engineering

Meihua Xiao,Yangping Xu,Zehuan Li,Hongbin Wan

DOI: https://doi.org/10.3390/electronics13204093

IF: 2.9

2024-10-18

Electronics

Abstract:The development of smart contracts remains in its early stages, with significant differences in underlying programming languages and application platforms resulting in a lack of standardization. This lack of standardization increases the susceptibility to vulnerabilities and associated financial losses. To address security vulnerabilities in smart contracts on the Ethereum blockchain platform, this paper proposes a security audit method based on formal verification. The method integrates an input module, static analysis module, formal verification module, analog execution module, and report and recommendation module, which can accurately discover the security vulnerabilities and logical flaws of smart contracts through formal verification and other analysis techniques, thus realizing correctness detection. During the experiment, the method detects 8 types of common vulnerabilities in 148 smart contracts and marks 21 smart contracts with vulnerabilities. After manual review and analysis, it is found that 17 of these 21 marked smart contracts do have security vulnerabilities. The experimental results show that the proposed method can accurately detect security vulnerabilities and logic flaws in smart contracts through formal verification and other analysis techniques before smart contracts are deployed, thus significantly improving the security of smart contracts and reducing the economic losses that may be caused by code defects.

engineering, electrical & electronic,computer science, information systems,physics, applied

Dongfang Jia,Zhicong Liu,Zhengqi Zhang,Jun Ye

DOI: https://doi.org/10.1007/978-981-16-7469-3_108

2022-01-01

Abstract:In recent years, the second-generation blockchain platforms and applications represented by smart contracts have seen explosive growth, but frequent smart contract vulnerability incidents have seriously threatened the ecological security of blockchain. In view of the low efficiency of code audit based on expert experience, it is important to develop a general automation tool to mine smart contract vulnerabilities. In the beginning, the security threats of smart contracts should be investigated and analyzed, and many smart contract vulnerabilities and attack modes that occur frequently, such as code reentrant, access control, integer overflow, etc., were summarized. Then, the technology method of smart contract vulnerability detection conforming to The Times is obtained, and the current samples of smart contract vulnerability detection are summarized. The current investigation includes too few types of vulnerabilities, with a variety of inaccuracies and deviations. It is only carried out through manual audit. Through these methods, according to the state of including after put forward the general ideas of this kind of situation, and puts forward a kind of symbolic execution auxiliary fuzzy test framework, can reduce the symbolic execution channel congestion and fuzzy test code coverage degree is too little, so as to improve test efficiency, easy to dig holes of large and medium-sized intelligent contracts quality improvement.

Qingzhao Zhang,Yizhuo Wang,Juanru Li,Siqi Ma

DOI: https://doi.org/10.1109/saner48275.2020.9054822

2020-01-01

Abstract:Smart contracts, programs running on blockchain systems, leverage diverse decentralized applications (DApps). Unfortunately, well-known smart contract platforms, Ethereum for example, face serious security problems. Exploits to contracts may cause enormous financial losses, which emphasize the importance of smart contract testing. However, current exploit generation tools have difficulty to solve hard constraints in execution paths and cannot simulate the blockchain behaviors very well. These problems cause a loss of coverage and accuracy of exploit generation. To overcome the problems, we design and implement EthPloit, a smart contract exploit generator based on fuzzing. EthPloit adopts static taint analysis to generate exploit-targeted transaction sequences, a dynamic seed strategy to pass hard constraints and an instrumented Ethereum Virtual Machine to simulate blockchain behaviors. We evaluate EthPloit on 45,308 smart contracts and discovered 554 exploitable contracts. EthPloit automatically generated 644 exploits without any false positive and 306 of them cannot be generated by previous exploit generation tools.