Oracle-Guided Vulnerability Diversity and Exploit Synthesis of Smart Contracts Using LLMs
Abstract
Many smart contracts are prone to exploits, which has given rise to analysis tools that try to detect and fix vulnerabilities. Such analysis tools are often trained and evaluated on limited data sets, which has the following drawbacks: 1. The ground truth is often based on the verdict of related tools rather than an actual verification result; 2. Data sets focus on low-level vulnerabilities like reentrancy and overflow; 3. Data sets lack concrete exploit examples. To address these shortcomings, we introduce XploGen, which uses a model-based oracle specification of the business logic of the smart contracts to synthesize valid exploits using LLMs. Our experiments, involving 104 synthesized vulnerability-exploit pairs, demonstrated a 57% success rate in exploiting targeted aspects of the contract. They achieved exploit efficiency with an average of only 3.5 transactions per exploit, highlighting the effectiveness of our methodology.
References
[1]
2024. Comprehensive List of DeFi Hacks & Exploits. https://chainsec.io/defi-hacks/
[2]
2024. Foundry-Rs/Foundry. Foundry, https://github.com/foundry-rs/foundry
[3]
2024. Smartbugs/Smartbugs-Curated. SmartBugs.
[4]
2024. Yearn-Security/Disclosures at Master · Yearn/Yearn-Security. https://github.com/yearn/yearn-security/tree/master/disclosures
[5]
Stefanos Chaliasos, Marcos Antonios Charalambous, Liyi Zhou, Rafaila Galanopoulou, Arthur Gervais, Dimitris Mitropoulos, and Ben Livshits. 2024. Smart Contract and DeFi Security Tools: Do They Meet the Needs of Practitioners?. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering. 1--13. arXiv:2304.02981 [cs]
[6]
Mojtaba Eshghie. 2024. Mojtaba-Eshghie/HighGuard. https://github.com/mojtaba-eshghie/HighGuard
[7]
M Eshghie, W Ahrendt, C Artho, TT Hildebrandt, and G Schneider. 2023. CLawK: Monitoring Business Processes in Smart Contracts (2023). 2305 (2023).
[8]
Mojtaba Eshghie, Wolfgang Ahrendt, Cyrille Artho, Thomas Troels Hildebrandt, and Gerardo Schneider. 2023. Capturing Smart Contract Design with DCR Graphs. arXiv:2305.04581 [cs].
[9]
Mojtaba Eshghie, Cyrille Artho, and Dilian Gurov. 2021. Dynamic Vulnerability Detection on Smart Contracts Using Machine Learning. In Evaluation and Assessment in Software Engineering (EASE 2021). Association for Computing Machinery, New York, NY, USA, 305--312.
[10]
Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: a static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE, 8--15.
[11]
João F. Ferreira, Pedro Cruz, Thomas Durieux, and Rui Abreu. 2020. SmartBugs: A Framework to Analyze Solidity Smart Contracts. arXiv:2007.04771 [cs]
[12]
Asem Ghaleb and Karthik Pattabiraman. 2020. How Effective Are Smart Contract Analysis Tools? Evaluating Smart Contract Static Analysis Tools Using Bug Injection. In Proceedings of the 29th ACM SIGSOET International Symposium on Software Testing and Analysis. 415--427. arXiv:2005.11613 [cs]
[13]
Gustavo Grieco, Will Song, Artur Cygan, Josselin Feist, and Alex Groce. 2020. Echidna: effective, usable, and fast fuzzing for smart contracts. In Proceedings of the 29th ACM SIGSOFT international symposium on software testing and analysis. 557--560.
[14]
Hanyang Guo, Yingye Chen, Xiangping Chen, Yuan Huang, and Zibin Zheng. 2024. Smart Contract Code Repair Recommendation Based on Reinforcement Learning and Multi-metric Optimization. ACM Transactions on Software Engineering and Methodology 33, 4 (April 2024). 106:1--106:31.
[15]
Thomas T. Hildebrandt, Håkon Normann, Morten Marquard, Søren Debois, and Tijs Slaats. 2022. Decision Modelling in Timed Dynamic Condition Response Graphs with Data. In Business Process Management Workshops. Springer, Cham, 362--374.
[16]
Hai Jin, Zeli Wang, Ming Wen, Weiqi Dai, Yu Zhu, and Deqing Zou. 2021. Aroc: An automatic repair framework for on-chain smart contracts. IEEE Transactions on Software Engineering 48, 11 (2021), 4611--4629.
[17]
Ling Jin, Yinzhi Cao, Yan Chen, Di Zhang, and Simone Campanoni. 2023. ExGen: Cross-platform, Automated Exploit Generation for Smart Contract Vulnerabilities. IEEE Transactions on Dependable and Secure Computing 20, 1 (Jan. 2023), 650--664.
[18]
Ki Byung Kim and Jonghyup Lee. 2020. Automated Generation of Test Cases for Smart Contract Security Analyzers. IEEE Access 8 (2020). 209377--209392.
[19]
Johannes Krupp and Christian Rossow. 2018. {teEther}: Gnawing at Ethereum to Automatically Exploit Smart Contracts. In 27th USENIX Security Symposium (USENIX Security 18). 1317--1333.
[20]
Ye Liu, Yue Xue, Daoyuan Wu, Yuqiang Sun, Yi Li, Miaolei Shi, and Yang Liu. 2024. PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation. arXiv:2405.02580 [cs]
[21]
Gabriele Morello, Mojtaba Eshghie, Sofia Bobadilla, and Martin Monperrus. 2024. DISL: Fueling Research with A Large Dataset of Solidity Smart Contracts. arXiv:2403.16861 [cs]
[22]
Mark Mossberg, Felipe Manzano, Eric Hennenfent, Alex Groce, Gustavo Grieco, Josselin Feist, Trent Brunson, and Artem Dinaburg. 2019. Manticore: A user-friendly symbolic execution framework for binaries and smart contracts. In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 1186--1189.
[23]
sallywang147. 2024. Sallywang147/attackDB. https://github.com/sallywang147/attackDB
[24]
sayan. 2024. Sayan011/Immunefi-bug-bounty-writeups-list. https://github.com/sayan011/Immunefi-bug-bounty-writeups-list
[25]
André Storhaug. 2024. Andstor/Verified-Smart-Contracts. https://github.com/andstor/verified-smart-contracts
[26]
Yuqiang Sun, Daoyuan Wu, Yue Xue, Han Liu, Wei Ma, Lyuye Zhang, Miaolei Shi, and Yang Liu. 2024. LLM4Vuln: A Unified Evaluation Framework for Decoupling and Enhancing LLMs' Vulnerability Reasoning. arXiv:2401.16185 [cs]
[27]
Yuqiang Sun, Daoyuan Wu, Yue Xue, Han Liu, Haijun Wang, Zhengzi Xu, Xiaofei Xie, and Yang Liu. 2023. GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis. arXiv:2308.03314 [cs]
[28]
SunWeb3Sec. 2023. DeFi Hacks Reproduce - Foundry. https://github.com/SunWeb3Sec/DeFiHackLabs
[29]
Christof Ferreira Torres, Julian Schütte, and Radu State. 2018. Osiris: Hunting for integer bugs in ethereum smart contracts. In Proceedings of the 34th annual computer security applications conference. 664--676.
[30]
Haijun Wang, Ye Liu, Yi Li, Shang-Wei Lin, Cyrille Artho, Lei Ma, and Yang Liu. 2022. Oracle-Supported Dynamic Exploit Generation for Smart Contracts. IEEE Transactions on Dependable and Secure Computing 19, 3 (May 2022), 1795--1809.
[31]
Haijun Wang, Ye Liu, Yi Li, Shang-Wei Lin, Cyrille Artho, Lei Ma, and Yang Liu. 2022. Oracle-Supported Dynamic Exploit Generation for Smart Contracts. IEEE Transactions on Dependable and Secure Computing 19, 3 (May 2022), 1795--1809. Conference Name: IEEE Transactions on Dependable and Secure Computing.
[32]
Sally Junsong Wang, Kexin Pei, and Junfeng Yang. 2024. SMARTINV: Multimodal Learning for Smart Contract Invariant Inference. In 2024 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 125--125.
[33]
Mengya Zhang, Xiaokuan Zhang, Yinqian Zhang, and Zhiqiang Lin. 2020. {TXSPECTOR}: Uncovering Attacks in Ethereum from Transactions. In 29th USENIX Security Symposium (USENIX Security 20). 2775--2792.
[34]
Qingzhao Zhang, Yizhuo Wang, Juanru Li, and Siqi Ma. 2020. EthPloit: From Fuzzing to Efficient Exploit Generation against Smart Contracts. In 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER). 116--126.
[35]
Zibin Zheng, Jianzhong Su, Jiachi Chen, David Lo, Zhijie Zhong, and Mingxi Ye. 2023. DAppSCAN: Building Large-Scale Datasets for Smart Contract Weaknesses in DApp Projects. arXiv:2305.08456 [cs]
[36]
Liyi Zhou, Xihan Xiong, Jens Ernstberger, Stefanos Chaliasos, Zhipeng Wang, Ye Wang, Kaihua Qin, Roger Wattenhofer, Dawn Song, and Arthur Gervais. 2023. SoK: Decentralized Finance (DeFi) Attacks. arXiv:2208.13035 [cs].
Index Terms
- Oracle-Guided Vulnerability Diversity and Exploit Synthesis of Smart Contracts Using LLMs
Recommendations
AdvSCanner: Generating Adversarial Smart Contracts to Exploit Reentrancy Vulnerabilities Using LLM and Static Analysis
ASE '24: Proceedings of the 39th IEEE/ACM International Conference on Automated Software EngineeringSmart contracts are prone to vulnerabilities, with reentrancy attacks posing significant risks due to their destructive potential. While various methods exist for detecting reentrancy vulnerabilities in smart contracts, such as static analysis, these ...
ContractFuzzer: fuzzing smart contracts for vulnerability detection
ASE '18: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software EngineeringDecentralized cryptocurrencies feature the use of blockchain to transfer values among peers on networks without central agency. Smart contracts are programs running on top of the blockchain consensus protocol to enable people make agreements while ...
EOSFuzzer: Fuzzing EOSIO Smart Contracts for Vulnerability Detection
Internetware '20: Proceedings of the 12th Asia-Pacific Symposium on InternetwareEOSIO is one typical public blockchain platform. It is scalable in terms of transaction speeds and has a growing ecosystem supporting smart contracts and decentralized applications. However, the vulnerabilities within the EOSIO smart contracts have led ...
Comments
Information & Contributors
Information
Published In
October 2024
2587 pages
ISBN:9798400712487
DOI:10.1145/3691620
- General Chair:
- Vladimir Filkov,
- Program Co-chairs:
- Baishakhi Ray,
- Minghui Zhou
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 27 October 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
ASE '24: 39th IEEE/ACM International Conference on Automated Software Engineering
October 27 - November 1, 2024
CA, Sacramento, USA
Acceptance Rates
Overall Acceptance Rate 82 of 337 submissions, 24%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 124Total Downloads
- Downloads (Last 12 months)124
- Downloads (Last 6 weeks)39
Reflects downloads up to 08 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in