VeriExploit: Automatic Bug Reproduction in Smart Contracts via LLMs and Formal Methods
This program is tentative and subject to change.
Bug reproduction is becoming an important task in the security analysis of Solidity smart contracts. By simulating attacks, developers and auditors can better understand how a vulnerability is triggered in practice. To reproduce a bug, one often needs to define an attacker contract and a specific sequence of interactions that exploit the vulnerability. However, in smart contracts, there are rarely automated tools that can generate such contracts and sequences and validate their correctness. Existing security tools, such as formal verifiers, are effective at detecting bugs, but they are not designed for bug reproduction. They often omit execution traces or produce incomplete ones. Moreover, their reports rarely reflect the behavior patterns of attacker contracts. This gap motivates our work. We propose VeriExploit, a framework that combines formal methods and large language models to automatically generate, validate, and refine reproduction contracts and execution steps. Given a vulnerable contract and its counterexample, VeriExploit produces a contract that re-triggers the same bug and outputs a concrete trace showing how the exploit works. Experiments show that VeriExploit is effective at automating bug reproduction, achieving a success rate of 88.46% on our benchmark dataset.
This program is tentative and subject to change.
Tue 18 NovDisplayed time zone: Seoul change
14:00 - 15:30 | |||
14:00 10mTalk | Leveraging Mixture-of-Experts Framework for Smart Contract Vulnerability Repair with Large Language Model Research Papers Hang Yuan Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, China, Xizhi Hou Institute of Software, Chinese Academy of Sciences; University of Chinese Academy of Sciences, Lei Yu Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, China, Li Yang Institute of Software, Chinese Academy of Sciences, Jiayue Tang Institute of Software, CAS, Univ. of Chinese Academy of Sciences, Jiadong Xu Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, Yifei Liu Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, Fengjun Zhang Institute of Software, Chinese Academy of Sciences, China, Chun Zuo Sinosoft | ||
14:10 10mTalk | Why Is My Transaction Risky? Understanding Smart Contract Semantics and Interactions in the NFT Ecosystem Research Papers Yujing Chen Zhejiang University, Xuanming Liu Zhejiang University, Zhiyuan Wan Zhejiang University, Zuobin Wang Zhejiang University, David Lo Singapore Management University, Difan Xie Hangzhou High-Tech Zone (Binjiang) Institute of Blockchain and Data Security, Xiaohu Yang Zhejiang University | ||
14:20 10mTalk | Demystifying OpenZeppelin's Own Vulnerabilities and Analyzing Their Propagation in Smart Contracts Research Papers Han Liu The Hong Kong University of Science and Technology, Daoyuan Wu Lingnan University, Yuqiang Sun Nanyang Technological University, Shuai Wang Hong Kong University of Science and Technology, Yang Liu Nanyang Technological University, Yixiang Chen East China Normal University | ||
14:30 10mTalk | PROMFUZZ: Leveraging LLM-Driven and Bug-Oriented Composite Analysis for Detecting Functional Bugs in Smart Contracts Research Papers Xingshuang Lin Zhejiang University, Qinge Xie Georgia Institute of Technology, Binbin Zhao Zhejiang University, Yuan Tian , Saman Zonouz Georgia Institute of Technology, Na Ruan Shanghai Jiaotong University, Jiliang Li Xi'an Jiaotong University, Raheem Beyah Georgia Institute of Technology, Shouling Ji Zhejiang University | ||
14:40 10mTalk | VeriExploit: Automatic Bug Reproduction in Smart Contracts via LLMs and Formal Methods Research Papers Chenfeng Wei The University of Manchester, Shiyu Cai The University of Manchester, Yiannis Charalambous The University of Manchester, Tong Wu , Sangharatna Godboley NIT Warangal, Lucas C. Cordeiro University of Manchester, UK and Federal University of Amazonas, Brazil | ||
14:50 10mTalk | SolContractEval: A Benchmark for Evaluating Contract-Level Solidity Code Generation Research Papers Zhifan Ye Zhejiang University, Jiachi Chen Sun Yat-sen University, Zhenzhe Shao Sun Yat-sen University, Lingfeng Bao Zhejiang University, Xiaohu Yang Zhejiang University, Zhongxin Liu Zhejiang University | ||
15:00 10mTalk | PrefGen: A Preference-Driven Methodology for Secure Yet Gas-Efficient Smart Contract Generation Research Papers Zhiyuan Peng Shanghai Jiao Tong University, Xin Yin Zhejiang University, Zijie Zhou China University of Petroleum (Beijing), Chenhao Ying Shanghai Jiao Tong University, Chao Ni Zhejiang University, Yuan Luo Shanghai Jiao Tong University Pre-print | ||
15:10 10mTalk | Soleker: Uncovering Vulnerabilities in Solana Smart Contracts Research Papers Kunsong Zhao The Hong Kong Polytechnic University, Yunpeng Tian The Hong Kong Polytechnic University, Zuchao Ma The Hong Kong Polytechnic University, Xiapu Luo Hong Kong Polytechnic University | ||
15:20 10mTalk | Have We Solved Access Control Vulnerability Detection in Smart Contracts? A Benchmark Study Research Papers Han Liu The Hong Kong University of Science and Technology, Daoyuan Wu Lingnan University, Yuqiang Sun Nanyang Technological University, Shuai Wang Hong Kong University of Science and Technology, Yang Liu Nanyang Technological University | ||