PROMFUZZ: Leveraging LLM-Driven and Bug-Oriented Composite Analysis for Detecting Functional Bugs in Smart Contracts
This program is tentative and subject to change.
Smart contracts are fundamental pillars of the blockchain, playing a crucial role in facilitating various business transactions. However, these smart contracts are vulnerable to exploitable bugs that can lead to substantial monetary losses. A recent study reveals that over $80%$ of these exploitable bugs, which are primarily functional bugs, can evade the detection of current tools. Automatically identifying functional bugs in smart contracts presents challenges from multiple perspectives. The primary issue is the significant gap between understanding the high-level logic of the business model and checking the low-level implementations in smart contracts. Furthermore, identifying deeply rooted functional bugs in smart contracts requires the automated generation of effective detection oracles based on various bug features.
To address these challenges, we design and implement PROMFUZZ, an automated and scalable system to detect functional bugs, in smart contracts. In PROMFUZZ, we first propose a novel Large Language Model (LLM)-driven analysis framework, which leverages a dual-agent prompt engineering strategy to pinpoint potentially vulnerable functions for further scrutiny. We then implement a dual-stage coupling approach, which focuses on generating invariant checkers that leverage logic information extracted from potentially vulnerable functions. Finally, we design a bug-oriented fuzzing engine, which maps the logical information from the high-level business model to the low-level smart contract implementations, and performs the bug-oriented fuzzing on targeted functions. We evaluate PROMFUZZ from $4$ perspectives on $5$ ground-truth datasets and compare it with multiple state-of-the-art methods. The results show that PROMFUZZ achieves $86.96%$ recall and $93.02%$ F1-score in detecting functional bugs, marking at least a $50%$ improvement in both metrics over state-of-the-art methods. Moreover, we perform an in-depth analysis on $10$ real-world DeFi projects and detect $30$ zero-day bugs. Our further case studies, the risky first deposit bug and the AMM price oracle manipulation bug on real-world DeFi projects, demonstrate the serious risks of the exploitable functional bugs in smart contracts. Up to now, $24$ zero-day bugs have been assigned CVE IDs. Our discoveries have safeguarded assets totaling $$18.2$ billion from potential monetary losses.
This program is tentative and subject to change.
Tue 18 NovDisplayed time zone: Seoul change
14:00 - 15:30 | |||
14:00 10mTalk | Leveraging Mixture-of-Experts Framework for Smart Contract Vulnerability Repair with Large Language Model Research Papers Hang Yuan Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, China, Xizhi Hou Institute of Software, Chinese Academy of Sciences; University of Chinese Academy of Sciences, Lei Yu Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, China, Li Yang Institute of Software, Chinese Academy of Sciences, Jiayue Tang Institute of Software, CAS, Univ. of Chinese Academy of Sciences, Jiadong Xu Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, Yifei Liu Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, Fengjun Zhang Institute of Software, Chinese Academy of Sciences, China, Chun Zuo Sinosoft | ||
14:10 10mTalk | Why Is My Transaction Risky? Understanding Smart Contract Semantics and Interactions in the NFT Ecosystem Research Papers Yujing Chen Zhejiang University, Xuanming Liu Zhejiang University, Zhiyuan Wan Zhejiang University, Zuobin Wang Zhejiang University, David Lo Singapore Management University, Difan Xie Hangzhou High-Tech Zone (Binjiang) Institute of Blockchain and Data Security, Xiaohu Yang Zhejiang University | ||
14:20 10mTalk | Demystifying OpenZeppelin's Own Vulnerabilities and Analyzing Their Propagation in Smart Contracts Research Papers Han Liu The Hong Kong University of Science and Technology, Daoyuan Wu Lingnan University, Yuqiang Sun Nanyang Technological University, Shuai Wang Hong Kong University of Science and Technology, Yang Liu Nanyang Technological University, Yixiang Chen East China Normal University | ||
14:30 10mTalk | PROMFUZZ: Leveraging LLM-Driven and Bug-Oriented Composite Analysis for Detecting Functional Bugs in Smart Contracts Research Papers Xingshuang Lin Zhejiang University, Qinge Xie Georgia Institute of Technology, Binbin Zhao Zhejiang University, Yuan Tian , Saman Zonouz Georgia Institute of Technology, Na Ruan Shanghai Jiaotong University, Jiliang Li Xi'an Jiaotong University, Raheem Beyah Georgia Institute of Technology, Shouling Ji Zhejiang University | ||
14:40 10mTalk | VeriExploit: Automatic Bug Reproduction in Smart Contracts via LLMs and Formal Methods Research Papers Chenfeng Wei The University of Manchester, Shiyu Cai The University of Manchester, Yiannis Charalambous The University of Manchester, Tong Wu , Sangharatna Godboley NIT Warangal, Lucas C. Cordeiro University of Manchester, UK and Federal University of Amazonas, Brazil | ||
14:50 10mTalk | SolContractEval: A Benchmark for Evaluating Contract-Level Solidity Code Generation Research Papers Zhifan Ye Zhejiang University, Jiachi Chen Sun Yat-sen University, Zhenzhe Shao Sun Yat-sen University, Lingfeng Bao Zhejiang University, Xiaohu Yang Zhejiang University, Zhongxin Liu Zhejiang University | ||
15:00 10mTalk | PrefGen: A Preference-Driven Methodology for Secure Yet Gas-Efficient Smart Contract Generation Research Papers Zhiyuan Peng Shanghai Jiao Tong University, Xin Yin Zhejiang University, Zijie Zhou China University of Petroleum (Beijing), Chenhao Ying Shanghai Jiao Tong University, Chao Ni Zhejiang University, Yuan Luo Shanghai Jiao Tong University Pre-print | ||
15:10 10mTalk | Soleker: Uncovering Vulnerabilities in Solana Smart Contracts Research Papers Kunsong Zhao The Hong Kong Polytechnic University, Yunpeng Tian The Hong Kong Polytechnic University, Zuchao Ma The Hong Kong Polytechnic University, Xiapu Luo Hong Kong Polytechnic University | ||
15:20 10mTalk | Have We Solved Access Control Vulnerability Detection in Smart Contracts? A Benchmark Study Research Papers Han Liu The Hong Kong University of Science and Technology, Daoyuan Wu Lingnan University, Yuqiang Sun Nanyang Technological University, Shuai Wang Hong Kong University of Science and Technology, Yang Liu Nanyang Technological University | ||