Detecting Buggy Contracts via Smart Testing
- URL: http://arxiv.org/abs/2409.04597v1
- Date: Fri, 6 Sep 2024 20:09:01 GMT
- Title: Detecting Buggy Contracts via Smart Testing
- Authors: Sally Junsong Wang, Jianan Yao, Kexin Pei, Hidedaki Takahashi, Junfeng Yang,
- Abstract summary: We propose a self-deciding foundation model based system, called SmartSys, to support hybrid smart contract dynamic analyses.
The key idea is to teach foundation models about performance bottlenecks of different dynamic analysis techniques, making it possible to forecast the right technique and generates effective fuzz targets.
The interesting results of SmartSys include:.
discovering a smart contract protocol vulnerability that has escaped eleven tools and survived multiple audits for over a year;.
improving coverage by up to 14.3% on real-world benchmarks compared to the baselines.
- Score: 9.421353895657132
- License: http://creativecommons.org/licenses/by-sa/4.0/
- Abstract: Smart contracts are susceptible to critical vulnerabilities. Hybrid dynamic analyses, such as concolic execution assisted fuzzing and foundation model assisted fuzzing, have emerged as highly effective testing techniques for smart contract bug detection recently. This hybrid approach has shown initial promise in real-world benchmarks, but it still suffers from low scalability to find deep bugs buried in complex code patterns. We observe that performance bottlenecks of existing dynamic analyses and model hallucination are two main factors limiting the scalability of this hybrid approach in finding deep bugs. To overcome the challenges, we design an interactive, self-deciding foundation model based system, called SmartSys, to support hybrid smart contract dynamic analyses. The key idea is to teach foundation models about performance bottlenecks of different dynamic analysis techniques, making it possible to forecast the right technique and generates effective fuzz targets that can reach deep, hidden bugs. To prune hallucinated, incorrect fuzz targets, SmartSys feeds foundation models with feedback from dynamic analysis during compilation and at runtime. The interesting results of SmartSys include: i) discovering a smart contract protocol vulnerability that has escaped eleven tools and survived multiple audits for over a year; ii) improving coverage by up to 14.3\% on real-world benchmarks compared to the baselines.
Related papers
- Dynamic Attention Analysis for Backdoor Detection in Text-to-Image Diffusion Models [70.03122709795122]
Previous backdoor detection methods primarily focus on the static features of backdoor samples.
This study introduces a novel backdoor detection perspective named Dynamic Attention Analysis (DAA), showing that these dynamic characteristics serve as better indicators for backdoor detection.
Our approach significantly surpasses existing detection methods, achieving an average F1 Score of 79.49% and an AUC of 87.67%.
arXiv Detail & Related papers (2025-04-29T07:59:35Z) - Towards Model Resistant to Transferable Adversarial Examples via Trigger Activation [95.3977252782181]
Adversarial examples, characterized by imperceptible perturbations, pose significant threats to deep neural networks by misleading their predictions.
We introduce a novel training paradigm aimed at enhancing robustness against transferable adversarial examples (TAEs) in a more efficient and effective way.
arXiv Detail & Related papers (2025-04-20T09:07:10Z) - Detecting Functional Bugs in Smart Contracts through LLM-Powered and Bug-Oriented Composite Analysis [34.8337182669106]
We design and implement PROMFUZZ, an automated and scalable system to detect functional bugs in smart contracts.
We first propose a novel Large Language Model (LLM)-driven analysis framework, which leverages a dual-agent prompt engineering strategy.
Finally, we design a bug-oriented fuzzing engine, which maps the logical information from the high-level business model to the low-level smart contract implementations.
arXiv Detail & Related papers (2025-03-31T04:39:51Z) - Offline Model-Based Optimization: Comprehensive Review [61.91350077539443]
offline optimization is a fundamental challenge in science and engineering, where the goal is to optimize black-box functions using only offline datasets.
Recent advances in model-based optimization have harnessed the generalization capabilities of deep neural networks to develop offline-specific surrogate and generative models.
Despite its growing impact in accelerating scientific discovery, the field lacks a comprehensive review.
arXiv Detail & Related papers (2025-03-21T16:35:02Z) - Sycophancy in Large Language Models: Causes and Mitigations [0.0]
Large language models (LLMs) have demonstrated remarkable capabilities across a wide range of natural language processing tasks.
Their tendency to exhibit sycophantic behavior poses significant risks to their reliability and ethical deployment.
This paper provides a technical survey of sycophancy in LLMs, analyzing its causes, impacts, and potential mitigation strategies.
arXiv Detail & Related papers (2024-11-22T16:56:49Z) - Smart Contract Vulnerability Detection based on Static Analysis and Multi-Objective Search [3.297959314391795]
This paper introduces a method for detecting vulnerabilities in smart contracts using static analysis and a multi-objective optimization algorithm.
We focus on four types of vulnerabilities: reentrancy, call stack overflow, integer overflow, and timestamp dependencies.
We validate our approach using an open-source dataset collected from Etherscan, containing 6,693 smart contracts.
arXiv Detail & Related papers (2024-09-30T23:28:17Z) - A Discrepancy Aware Framework for Robust Anomaly Detection [51.710249807397695]
We present a Discrepancy Aware Framework (DAF), which demonstrates robust performance consistently with simple and cheap strategies.
Our method leverages an appearance-agnostic cue to guide the decoder in identifying defects, thereby alleviating its reliance on synthetic appearance.
Under the simple synthesis strategies, it outperforms existing methods by a large margin. Furthermore, it also achieves the state-of-the-art localization performance.
arXiv Detail & Related papers (2023-10-11T15:21:40Z) - FABind: Fast and Accurate Protein-Ligand Binding [127.7790493202716]
$mathbfFABind$ is an end-to-end model that combines pocket prediction and docking to achieve accurate and fast protein-ligand binding.
Our proposed model demonstrates strong advantages in terms of effectiveness and efficiency compared to existing methods.
arXiv Detail & Related papers (2023-10-10T16:39:47Z) - VulnSense: Efficient Vulnerability Detection in Ethereum Smart Contracts
by Multimodal Learning with Graph Neural Network and Language Model [0.0]
VulnSense is a comprehensive approach to efficiently detect vulnerabilities in smart contracts.
Our framework combines three types of features from smart contracts including source code, opcode sequences, and control flow graph.
We employ Bidirectional Representations from Transformers (BERT), Bidirectional Long Short-Term Memory (BiLSTM) and Graph Neural Network (GNN) models to extract and analyze these features.
The experimental outcomes demonstrate the superior performance of our proposed approach, achieving an average accuracy of 77.96% across all three categories of vulnerable smart contracts.
arXiv Detail & Related papers (2023-09-15T15:26:44Z) - Enhancing Smart Contract Security Analysis with Execution Property Graphs [48.31617821205042]
We introduce Clue, a dynamic analysis framework specifically designed for a runtime virtual machine.
Clue captures critical information during contract executions, employing a novel graph-based representation, the Execution Property Graph.
evaluation results reveal Clue's superior performance with high true positive rates and low false positive rates, outperforming state-of-the-art tools.
arXiv Detail & Related papers (2023-05-23T13:16:42Z) - HyMo: Vulnerability Detection in Smart Contracts using a Novel
Multi-Modal Hybrid Model [1.16095700765361]
Existing analysis techniques are capable of identifying a large number of smart contract security flaws, but they rely too much on rigid criteria established by specialists.
We propose HyMo as a multi-modal hybrid deep learning model, which intelligently considers various input representations to consider multimodality.
We show that our hybrid HyMo model has excellent smart contract vulnerability detection performance.
arXiv Detail & Related papers (2023-04-25T19:16:21Z) - Deep Smart Contract Intent Detection [5.642524477190184]
textscSmartIntentNN is a deep learning model designed to automatically detect development intent in smart contracts.
We trained and evaluated textscSmartIntentNN on a dataset comprising over 40,000 real-world smart contracts.
arXiv Detail & Related papers (2022-11-19T15:40:26Z) - Improving robustness of jet tagging algorithms with adversarial training [56.79800815519762]
We investigate the vulnerability of flavor tagging algorithms via application of adversarial attacks.
We present an adversarial training strategy that mitigates the impact of such simulated attacks.
arXiv Detail & Related papers (2022-03-25T19:57:19Z) - Adversarial GLUE: A Multi-Task Benchmark for Robustness Evaluation of
Language Models [86.02610674750345]
Adversarial GLUE (AdvGLUE) is a new multi-task benchmark to explore and evaluate the vulnerabilities of modern large-scale language models under various types of adversarial attacks.
We apply 14 adversarial attack methods to GLUE tasks to construct AdvGLUE, which is further validated by humans for reliable annotations.
All the language models and robust training methods we tested perform poorly on AdvGLUE, with scores lagging far behind the benign accuracy.
arXiv Detail & Related papers (2021-11-04T12:59:55Z) - Firearm Detection via Convolutional Neural Networks: Comparing a
Semantic Segmentation Model Against End-to-End Solutions [68.8204255655161]
Threat detection of weapons and aggressive behavior from live video can be used for rapid detection and prevention of potentially deadly incidents.
One way for achieving this is through the use of artificial intelligence and, in particular, machine learning for image analysis.
We compare a traditional monolithic end-to-end deep learning model and a previously proposed model based on an ensemble of simpler neural networks detecting fire-weapons via semantic segmentation.
arXiv Detail & Related papers (2020-12-17T15:19:29Z) - RobustBench: a standardized adversarial robustness benchmark [84.50044645539305]
Key challenge in benchmarking robustness is that its evaluation is often error-prone leading to robustness overestimation.
We evaluate adversarial robustness with AutoAttack, an ensemble of white- and black-box attacks.
We analyze the impact of robustness on the performance on distribution shifts, calibration, out-of-distribution detection, fairness, privacy leakage, smoothness, and transferability.
arXiv Detail & Related papers (2020-10-19T17:06:18Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.