Oracle-Guided Vulnerability Diversity and Exploit Synthesis of Smart Contracts Using LLMs
Many smart contracts are prone to exploits, which has given rise to analysis tools that try to detect and fix vulnerabilities. Such analysis tools are often trained and evaluated on limited data sets, which has the following drawbacks: 1. The ground truth is often based on the verdict of related tools rather than an actual verification result; 2. Data sets focus on low-level vulnerabilities like reentrancy and overflow; 3. Data sets lack concrete exploit examples. To address these shortcomings, we introduce XploGen, which uses a model-based oracle specification of the business logic of the smart contracts to synthesize valid exploits using LLMs. Our experiments, involving 104 synthesized vulnerability-exploit pairs, demonstrated a 57% success rate in exploiting targeted aspects of the contract. They achieved exploit efficiency with an average of only 3.5 transactions per exploit, highlighting the effectiveness of our methodology.
Thu 31 OctDisplayed time zone: Pacific Time (US & Canada) change
15:30 - 16:30 | Smart contract and block chain 2NIER Track / Research Papers / Tool Demonstrations at Camellia Chair(s): Vladimir Filkov University of California at Davis, USA | ||
15:30 15mTalk | Semantic Sleuth: Identifying Ponzi Contracts via Large Language Models Research Papers Cong Wu The University of Hong Kong, Jing Chen Wuhan University, Ziwei Wang Wuhan University, Ruichao Liang Wuhan University, Ruiying Du Wuhan University | ||
15:45 15mTalk | AdvSCanner: Generating Adversarial Smart Contracts to Exploit Reentrancy Vulnerabilities Using LLM and Static Analysis Research Papers Yin Wu Xi'an Jiaotong University, Xiaofei Xie Singapore Management University, Chenyang Peng Xi'an Jiaotong University, Dijun Liu Ant Group, Hao Wu Xi'an JiaoTong University, Ming Fan Xi'an Jiaotong University, Ting Liu Xi'an Jiaotong University, Haijun Wang Xi’an Jiaotong University | ||
16:00 10mTalk | ContractTinker: LLM-Empowered Vulnerability Repair for Real-World Smart Contracts Tool Demonstrations Che Wang Peking University, China, Jiashuo Zhang Peking University, China, Jianbo Gao Beijing Jiaotong University, Libin Xia Peking University, Zhi Guan Peking University, Zhong Chen | ||
16:10 10mTalk | HighGuard: Cross-Chain Business Logic Monitoring of Smart Contracts Tool Demonstrations Mojtaba Eshghie KTH Royal Institute of Technology, Cyrille Artho KTH Royal Institute of Technology, Sweden, Hans Stammler KTH Royal Institute of Technology, Wolfgang Ahrendt Chalmers University of Technology, Thomas T. Hildebrandt University of Copenhagen, Gerardo Schneider University of Gothenburg | ||
16:20 10mTalk | Oracle-Guided Vulnerability Diversity and Exploit Synthesis of Smart Contracts Using LLMs NIER Track Mojtaba Eshghie KTH Royal Institute of Technology, Cyrille Artho KTH Royal Institute of Technology, Sweden | ||