OpDiffer: LLM-Assisted Opcode-Level Differential Testing of Ethereum Virtual Machine

• URL: http://arxiv.org/abs/2504.12034v1
• Date: Wed, 16 Apr 2025 12:48:00 GMT
• Title: OpDiffer: LLM-Assisted Opcode-Level Differential Testing of Ethereum Virtual Machine
• Authors: Jie Ma, Ningyu He, Jinwen Xi, Mingzhe Xing, Haoyu Wang, Ying Gao, Yinliang Yue,
• Abstract summary: Security issues in Virtual Machine could lead to inconsistent behaviors among smart contracts.<n>We propose OpDiffer, a differential testing framework for EVM.<n>Compared to state-of-the-art baselines, OpDiffer can improve code coverage by at most 71.06%, 148.40% and 655.56%, respectively.
• Score: 15.034031075384174
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: As Ethereum continues to thrive, the Ethereum Virtual Machine (EVM) has become the cornerstone powering tens of millions of active smart contracts. Intuitively, security issues in EVMs could lead to inconsistent behaviors among smart contracts or even denial-of-service of the entire blockchain network. However, to the best of our knowledge, only a limited number of studies focus on the security of EVMs. Moreover, they suffer from 1) insufficient test input diversity and invalid semantics; and 2) the inability to automatically identify bugs and locate root causes. To bridge this gap, we propose OpDiffer, a differential testing framework for EVM, which takes advantage of LLMs and static analysis methods to address the above two limitations. We conducted the largest-scale evaluation, covering nine EVMs and uncovering 26 previously unknown bugs, 22 of which have been confirmed by developers and three have been assigned CNVD IDs. Compared to state-of-the-art baselines, OpDiffer can improve code coverage by at most 71.06%, 148.40% and 655.56%, respectively. Through an analysis of real-world deployed Ethereum contracts, we estimate that 7.21% of the contracts could trigger our identified EVM bugs under certain environmental settings, potentially resulting in severe negative impact on the Ethereum ecosystem.

Related papers

• Copy-and-Paste? Identifying EVM-Inequivalent Code Smells in Multi-chain Reuse Contracts [30.94426976245966]
  More developers are reusing Solidity contracts on other compatible blockchains.<n>This inconsistency reveals design flaws in reused contracts, exposing code smells that hinder code reusability.<n>In this paper, we conducted the first empirical study to reveal the causes and characteristics of EVM-Inequivalent Code Smells.
  arXiv  Detail & Related papers  (2025-04-10T09:37:19Z)
• Are You Getting What You Pay For? Auditing Model Substitution in LLM APIs [60.881609323604685]
  Large Language Models (LLMs) accessed via black-box APIs introduce a trust challenge.<n>Users pay for services based on advertised model capabilities.<n> providers may covertly substitute the specified model with a cheaper, lower-quality alternative to reduce operational costs.<n>This lack of transparency undermines fairness, erodes trust, and complicates reliable benchmarking.
  arXiv  Detail & Related papers  (2025-04-07T03:57:41Z)
• Retention Score: Quantifying Jailbreak Risks for Vision Language Models [60.48306899271866]
  Vision-Language Models (VLMs) are integrated with Large Language Models (LLMs) to enhance multi-modal machine learning capabilities.<n>This paper aims to assess the resilience of VLMs against jailbreak attacks that can compromise model safety compliance and result in harmful outputs.<n>To evaluate a VLM's ability to maintain its robustness against adversarial input perturbations, we propose a novel metric called the textbfRetention Score.
  arXiv  Detail & Related papers  (2024-12-23T13:05:51Z)
• Scam Detection for Ethereum Smart Contracts: Leveraging Graph Representation Learning for Secure Blockchain [1.2180334969164464]
  This paper proposes to use graphical representation learning technology to find transaction patterns and distinguish malicious transaction contracts.<n>Our research opens up more possibilities for trust and security in the ecosystem.
  arXiv  Detail & Related papers  (2024-12-16T21:56:01Z)
• MarvelOVD: Marrying Object Recognition and Vision-Language Models for Robust Open-Vocabulary Object Detection [107.15164718585666]
  We investigate the root cause of VLMs' biased prediction under the open vocabulary detection context. Our observations lead to a simple yet effective paradigm, coded MarvelOVD, that generates significantly better training targets. Our method outperforms the other state-of-the-arts by significant margins.
  arXiv  Detail & Related papers  (2024-07-31T09:23:57Z)
• All Your Tokens are Belong to Us: Demystifying Address Verification Vulnerabilities in Solidity Smart Contracts [24.881450403784786]
  Vulnerabilities in the process of address verification can lead to great security issues. We design and implement AVVERIFIER, a lightweight taint analyzer based on static EVM opcode simulation. After a large-scale evaluation of over 5 million smart contracts, we have identified 812 vulnerable smart contracts that were undisclosed by our community.
  arXiv  Detail & Related papers  (2024-05-31T01:02:07Z)
• Remeasuring the Arbitrage and Sandwich Attacks of Maximal Extractable Value in Ethereum [7.381773144616746]
  Maximal Extractable Value (MEV) drives the prosperity of the blockchain ecosystem. We propose a profitability identification algorithm to identify MEV activities on our collected largest-ever dataset. We have characterized the overall landscape of the MEV ecosystem, the impact the private transaction architectures bring in, and the adoption of back-running mechanisms.
  arXiv  Detail & Related papers  (2024-05-28T08:17:15Z)
• Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study [44.25093111430751]
  In 2023 alone, such vulnerabilities led to substantial financial losses exceeding a billion of US dollars. Various tools have been developed to detect and mitigate vulnerabilities in smart contracts. This study investigates the gap between the effectiveness of existing security scanners and the vulnerabilities that still persist in practice.
  arXiv  Detail & Related papers  (2023-12-27T11:26:26Z)
• Blockchain Large Language Models [65.7726590159576]
  This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions. The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System.
  arXiv  Detail & Related papers  (2023-04-25T11:56:18Z)
• ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning [80.85273827468063]
  Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable. We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts. We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
  arXiv  Detail & Related papers  (2021-03-23T15:04:44Z)
• Eth2Vec: Learning Contract-Wide Code Representations for Vulnerability Detection on Ethereum Smart Contracts [0.0]
  We propose Eth2Vec, a machine-learning-based static analysis tool for vulnerability detection, with robustness against code rewrites in smart contracts. Eth2Vec automatically learns features of vulnerable bytecodes with knowledge through a neural network for language processing.
  arXiv  Detail & Related papers  (2021-01-07T05:28:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.