Belobog: Move Language Fuzzing Framework For Real-World Smart Contracts

• URL: http://arxiv.org/abs/2512.02918v1
• Date: Tue, 02 Dec 2025 16:36:13 GMT
• Title: Belobog: Move Language Fuzzing Framework For Real-World Smart Contracts
• Authors: Wanxu Xia, Ziqiao Kong, Zhengwei Li, Yi Lu, Pan Li, Liqun Yang, Yang Liu, Xiapu Luo, Shaohua Li,
• Abstract summary: This paper introduces the first fuzzing framework, Belobog, for Move smart contracts.<n>Belobog is type-aware and ensures that all generated and mutated transactions are well-typed.<n>We show that Belobog is able to detect 100% critical and 79% major vulnerabilities manually audited by human experts.
• Score: 37.83037587387153
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Move is a research-oriented programming language design for secure and verifiable smart contract development and has been widely used in managing billions of digital assets in blockchains, such as Sui and Aptos. Move features a strong static type system and explicit resource semantics to enforce safety properties such as the prevention of data races, invalid asset transfers, and entry vulnerabilities. However, smart contracts written in Move may still contain certain vulnerabilities that are beyond the reach of its type system. It is thus essential to validate Move smart contracts. Unfortunately, due to its strong type system, existing smart contract fuzzers are ineffective in producing syntactically or semantically valid transactions to test Move smart contracts. This paper introduces the first fuzzing framework, Belobog, for Move smart contracts. Belobog is type-aware and ensures that all generated and mutated transactions are well-typed. More specifically, for a target Move smart contract, Belobog first constructs a type graph based on Move's type system, and then generates or mutates a transaction based on the graph trace derived from the type graph. In order to overcome the complex checks in Move smart contracts, we further design and implement a concolic executor in Belobog. We evaluated Belobog on 109 real-world Move smart contract projects. The experimental results show that Belobog is able to detect 100\% critical and 79\% major vulnerabilities manually audited by human experts. We further selected two recent notorious incidents in Move smart contracts, i.e., Cetus and Nemo. Belobog successfully reproduced full exploits for both of them, without any prior knowledge.

Related papers

• One Signature, Multiple Payments: Demystifying and Detecting Signature Replay Vulnerabilities in Smart Contracts [56.94148977064169]
  lacking checks on signature usage conditions can lead to repeated verifications, increasing the risk of permission abuse and threatening contract assets.<n>We define this issue as the Signature Replay Vulnerability (SRV)<n>From 1,419 audit reports across 37 blockchain security companies, we identified 108 with detailed SRV descriptions and classified five types of SRVs.
  arXiv  Detail & Related papers  (2025-11-12T09:17:13Z)
• Trace: Securing Smart Contract Repository Against Access Control Vulnerability [58.02691083789239]
  GitHub hosts numerous smart contract repositories containing source code, documentation, and configuration files.<n>Third-party developers often reference, reuse, or fork code from these repositories during custom development.<n>Existing tools for detecting smart contract vulnerabilities are limited in their ability to handle complex repositories.
  arXiv  Detail & Related papers  (2025-10-22T05:18:28Z)
• Satellite: Detecting and Analyzing Smart Contract Vulnerabilities caused by Subcontract Misuse [38.22453729381166]
  Satellite is a new bytecode-level static analysis framework for subcontract misuse vulnerability detection in smart contracts.<n>Satellite successfully identifies 14 new/unknown SMV over 10,011 real-world smart contracts.
  arXiv  Detail & Related papers  (2025-09-28T06:39:58Z)
• LLAMA: Multi-Feedback Smart Contract Fuzzing Framework with LLM-Guided Seed Generation [56.84049855266145]
  We propose a Multi-feedback Smart Contract Fuzzing framework (LLAMA) that integrates evolutionary mutation strategies, and hybrid testing techniques.<n>LLAMA achieves 91% instruction coverage and 90% branch coverage, while detecting 132 out of 148 known vulnerabilities.<n>These results highlight LLAMA's effectiveness, adaptability, and practicality in real-world smart contract security testing scenarios.
  arXiv  Detail & Related papers  (2025-07-16T09:46:58Z)
• Decompiling Smart Contracts with a Large Language Model [51.49197239479266]
  Despite Etherscan's 78,047,845 smart contracts deployed on (as of May 26, 2025), a mere 767,520 ( 1%) are open source.<n>This opacity necessitates the automated semantic analysis of on-chain smart contract bytecode.<n>We introduce a pioneering decompilation pipeline that transforms bytecode into human-readable and semantically faithful Solidity code.
  arXiv  Detail & Related papers  (2025-06-24T13:42:59Z)
• SmartInv: Multimodal Learning for Smart Contract Invariant Inference [10.468390413756863]
  We present SmartInv, an accurate and fast smart contract invariant inference framework. Our key insight is that the expected behavior of smart contracts relies on understanding and reasoning across multimodal information. We evaluate SmartInv on real-world contracts and re-discover bugs that resulted in multi-million dollar losses.
  arXiv  Detail & Related papers  (2024-11-14T06:28:57Z)
• MuFuzz: Sequence-Aware Mutation and Seed Mask Guidance for Blockchain Smart Contract Fuzzing [19.606053533275958]
  We develop a sequence-aware mutation and seed mask guidance strategy for smart contract fuzzing. We implement our designs into a new smart contract fuzzer named MuFuzz, and extensively evaluate it on three benchmarks. Overall, MuFuzz achieves higher branch coverage than state-of-the-art fuzzers (up to 25%) and detects 30% more bugs than existing bug detectors.
  arXiv  Detail & Related papers  (2023-12-07T18:32:19Z)
• SmartIntentNN: Towards Smart Contract Intent Detection [5.9789082082171525]
  We introduce textscSmartIntentNN (Smart Contract Intent Neural Network), a deep learning-based tool designed to automate the detection of developers' intent in smart contracts. Our approach integrates a Universal Sentence for contextual representation of smart contract code, and employs a K-means clustering algorithm to highlight intent-related code features. Evaluations on 10,000 real-world smart contracts demonstrate that textscSmartIntentNN surpasses all baselines, achieving an F1-score of 0.8633.
  arXiv  Detail & Related papers  (2022-11-24T15:36:35Z)
• Deep Smart Contract Intent Detection [5.642524477190184]
  textscSmartIntentNN is a deep learning model designed to automatically detect development intents in smart contracts.<n>We trained and evaluated textscSmartIntentNN on a dataset containing over 40,000 real-world smart contracts.
  arXiv  Detail & Related papers  (2022-11-19T15:40:26Z)
• ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning [80.85273827468063]
  Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable. We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts. We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
  arXiv  Detail & Related papers  (2021-03-23T15:04:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.