This program is tentative and subject to change.
DeFi (Decentralized Finance) is one of the most important applications of today’s cryptocurrencies and smart contracts. It manages hundreds of billions in Total Value Locked (TVL) on-chain, yet it remains susceptible to common DeFi price manipulation attacks. Despite state-of-the-art (SOTA) systems like DeFiRanger and DeFort, we found that they are less effective to non-standard price models in custom DeFi protocols, which account for 44.2% of the 95 DeFi price manipulation attacks reported over the past three years.
In this paper, we introduce the first LLM-based approach, DeFiScope, for detecting DeFi price manipulation attacks in both standard and custom price models. Our insight is that large language models (LLMs) have certain intelligence to abstract price calculation from code and infer the trend of token price changes based on the extracted price models. To further strengthen LLMs in this aspect, we leverage Foundry to synthesize on-chain data and use it to fine-tune a DeFi price specific LLM. Together with the high-level DeFi operations recovered from low-level transaction data, DeFiScope detects various DeFi price manipulations according to systematically mined patterns. Experimental results show that DeFiScope achieves a high precision of 96% and a recall rate of 80%, significantly outperforming SOTA approaches. Moreover, we evaluate DeFiScope’s cost-effectiveness and demonstrate its practicality by helping our industry partner confirm 147 real-world price manipulation attacks, including discovering 81 previously unknown historical incidents.
This program is tentative and subject to change.
Wed 19 NovDisplayed time zone: Seoul change
11:00 - 12:30 | |||
11:00 10mTalk | When Does Wasm Malware Detection Fail? A Systematic Analysis of Their Robustness to Evasion Research Papers Taeyoung Kim Sungkyunkwan University, Sanghak Oh Sungkyunkwan University, Kiho Lee ETRI (Electronics and Telecommunications Research Institute), South Korea, Weihang Wang University of Southern California, Yonghwi Kwon University of Maryland, Sanghyun Hong Oregon State University, Hyoungshick Kim Sungkyunkwan University | ||
11:10 10mTalk | RFCAudit: AI Agent for Auditing Protocol Implementations Against RFC Specifications Research Papers Mingwei Zheng Purdue University, Chengpeng Wang Purdue University, Xuwei Liu Purdue University, USA, Jinyao Guo Purdue University, Shiwei Feng Purdue University, Xiangyu Zhang Purdue University | ||
11:20 10mTalk | Time to separate from StackOverflow and match with ChatGPT for encryption Journal-First Track | ||
11:30 10mTalk | Demystifying Cross-Language C/C++ Binaries: A Robust Software Component Analysis Approach Research Papers Meiqiu Xu Northeastern University, China, Ying Wang Northeastern University, Wei Tang HUA WEI, Xian Zhan HUA WEI, Shing-Chi Cheung Hong Kong University of Science and Technology, Hai Yu Northeastern University, China, Zhiliang Zhu Northeastern University, China | ||
11:40 10mTalk | Detecting Various DeFi Price Manipulations with LLM Reasoning Research Papers Juantao Zhong Lingnan University, Daoyuan Wu Lingnan University, Ye Liu Singapore Management University, Maoyi Xie Nanyang Technological University, Yang Liu Nanyang Technological University, Yi Li Nanyang Technological University, Ning Liu City University of Hong Kong | ||
11:50 10mTalk | Uncovering Prompt Elements: Cloning System Prompts from Behavioral Traces Research Papers Yi Qian State Key Laboratory for Novel Software Technology, Nanjing University, Pengfei State Key Laboratory for Novel Software Technology, Nanjing University, Hao Wu , Ligeng Chen Honor Device Co., Ltd, Bing Mao Nanjing University | ||
12:00 10mTalk | CRYPTBARA: Dependency-Guided Detection of Python Cryptographic API Misuses Research Papers | ||
12:10 10mTalk | A Large Scale Study of AI-based Binary Function Similarity Detection Techniques for Security Researchers and Practitioners Research Papers Jingyi Shi Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Yufeng Chen Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Yang Xiao Chinese Academy of Sciences, Yuekang Li UNSW, Zhengzi Xu Imperial Global Singapore, Sihao Qiu Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China, Chi Zhang Institute of Information Engineering, CAS; School of Cyber Security, UCAS, Keyu Qi Institute of Information Engineering, CAS; School of Cyber Security, UCAS, Yeting Li Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Xingchu Chen Institute of Information Engineering, CAS; School of Cyber Security, UCAS, Yanyan Zou Institute of Information Engineering, Chinese Academy of Sciences, Yang Liu Nanyang Technological University, Wei Huo Institute of Information Engineering at Chinese Academy of Sciences | ||
12:20 10mTalk | FirmProj: Detecting Firmware Leakage in IoT Update Processes via Companion App Analysis Research Papers Wenzhi Li Shandong University, Jialong Guo Shandong University, Jiongyi Chen National University of Defense Technology, Fan Li Shandong University, Yujie Xing Shandong University, Yanbo Xu Shanghai Jiao Tong University, Shishuai Yang Shandong University, Wenrui Diao Shandong University | ||