Smart contracts, serving as the cornerstone of decentralized applications on blockchain platforms, autonomously manage trillion-dollar digital assets across diverse domains, making them prime targets for malicious exploits. Fuzzing has emerged as a promising technique for detecting vulnerabilities in smart contracts, yet existing methods face two main challenges. (1) The logical gap in state transitions and combinatorial redundancy hinders effective tradeoffs between bug detection efficiency and state space exploration cost, leading to critical execution paths to be overlooked. (2) Rule-based sequence mutation strategies suffer from path redundancy and inadequate guidance from contract logic, resulting in performance bottlenecks that stall the exploration of in-depth vulnerability-oriented paths.

To tackle these challenges, we propose EchoFuzz, an LLM-guided fuzzing framework that introduces Vulnerable Function Call Sequences (VFCS) - minimal, behavior-preserving execution paths that expose bugs through essential state transitions. EchoFuzz consists of two key procedures. First, we develop a chain-guided LLM approach that mimics the workflow of expert auditors, combining static analysis with logical understanding to generate contract-specific VFCS candidates that eliminate combinatorial redundancy. Second, we adopt an iterative fuzzing strategy that employs LLMs to adaptively promote exploration, taking advantage of the real-time feedback to steer the fuzzer towards unexplored branches. Experimental results show that EchoFuzz significantly outperforms the state-of-the-art methods, achieving 29% improvement in branch coverage and discovering 62% more vulnerabilities than the top competitors. In addition, EchoFuzz has discovered 37 previously unknown vulnerabilities in real-world smart contract projects, underscoring its robust performance and practicality.