AdvSCanner : Generating adversarial smart contracts to exploit reentrancy vulnerabilities using LLM and static analysis
Smart contracts are prone to vulnerabilities, with reentrancy attacks posing significant risks due to their destructive potential. While various methods exist for detecting reentrancy vulnerabilities in smart contracts, such as static analysis, these approaches often suffer from high false positive...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2024
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/9798 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-10798 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-107982024-12-12T09:00:03Z AdvSCanner : Generating adversarial smart contracts to exploit reentrancy vulnerabilities using LLM and static analysis WU, Yin XIE, Xiaofei PENG, Chenyang LIU, Dijun WU, Hao FAN, Ming LIU, Tin WANG, Haijun Smart contracts are prone to vulnerabilities, with reentrancy attacks posing significant risks due to their destructive potential. While various methods exist for detecting reentrancy vulnerabilities in smart contracts, such as static analysis, these approaches often suffer from high false positive rates and lack the ability to directly illustrate how vulnerabilities can be exploited in attacks. In this paper, we tackle the challenging task of generating ASCs for identified reentrancy vulnerabilities. To address this difficulty, we introduce AdvSCanner, a novel method that leverages the Large Language Model (LLM) and static analysis to automatically generate adversarial smart contracts (ASCs) designed to exploit reentrancy vulnerabilities in victim contracts. The basic idea of AdvSCanner is to extract attack flows associated with reentrancy vulnerabilities using static analysis and utilize them to guide LLM in generating ASCs. To mitigate the inherent inaccuracies in LLM outputs, AdvSCanner incorporates a self-reflection component, which collects compilation and attack-triggering feedback from the generated ASCs and refines the ASC generation if necessary. Experimental evaluations demonstrate the effectiveness of AdvSCanner, achieving a significantly higher success rate (76.41%) compared to baseline methods, which only achieve 6.92% and 18.97%, respectively. Furthermore, a case study illustrates that AdvSCanner can greatly reduce auditing time from 24 hours (without assistance) to approximately 3 hours when used during the auditing process. 2024-10-27T07:00:00Z text https://ink.library.smu.edu.sg/sis_research/9798 info:doi/10.1145/3691620.3695482 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Reentrancy vulnerabilities detection Adversarial smart contracts Large language models LLMS Artificial Intelligence and Robotics Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Reentrancy vulnerabilities detection Adversarial smart contracts Large language models LLMS Artificial Intelligence and Robotics Information Security |
| spellingShingle |
Reentrancy vulnerabilities detection Adversarial smart contracts Large language models LLMS Artificial Intelligence and Robotics Information Security WU, Yin XIE, Xiaofei PENG, Chenyang LIU, Dijun WU, Hao FAN, Ming LIU, Tin WANG, Haijun AdvSCanner : Generating adversarial smart contracts to exploit reentrancy vulnerabilities using LLM and static analysis |
| description |
Smart contracts are prone to vulnerabilities, with reentrancy attacks posing significant risks due to their destructive potential. While various methods exist for detecting reentrancy vulnerabilities in smart contracts, such as static analysis, these approaches often suffer from high false positive rates and lack the ability to directly illustrate how vulnerabilities can be exploited in attacks. In this paper, we tackle the challenging task of generating ASCs for identified reentrancy vulnerabilities. To address this difficulty, we introduce AdvSCanner, a novel method that leverages the Large Language Model (LLM) and static analysis to automatically generate adversarial smart contracts (ASCs) designed to exploit reentrancy vulnerabilities in victim contracts. The basic idea of AdvSCanner is to extract attack flows associated with reentrancy vulnerabilities using static analysis and utilize them to guide LLM in generating ASCs. To mitigate the inherent inaccuracies in LLM outputs, AdvSCanner incorporates a self-reflection component, which collects compilation and attack-triggering feedback from the generated ASCs and refines the ASC generation if necessary. Experimental evaluations demonstrate the effectiveness of AdvSCanner, achieving a significantly higher success rate (76.41%) compared to baseline methods, which only achieve 6.92% and 18.97%, respectively. Furthermore, a case study illustrates that AdvSCanner can greatly reduce auditing time from 24 hours (without assistance) to approximately 3 hours when used during the auditing process. |
| format |
text |
| author |
WU, Yin XIE, Xiaofei PENG, Chenyang LIU, Dijun WU, Hao FAN, Ming LIU, Tin WANG, Haijun |
| author_facet |
WU, Yin XIE, Xiaofei PENG, Chenyang LIU, Dijun WU, Hao FAN, Ming LIU, Tin WANG, Haijun |
| author_sort |
WU, Yin |
| title |
AdvSCanner : Generating adversarial smart contracts to exploit reentrancy vulnerabilities using LLM and static analysis |
| title_short |
AdvSCanner : Generating adversarial smart contracts to exploit reentrancy vulnerabilities using LLM and static analysis |
| title_full |
AdvSCanner : Generating adversarial smart contracts to exploit reentrancy vulnerabilities using LLM and static analysis |
| title_fullStr |
AdvSCanner : Generating adversarial smart contracts to exploit reentrancy vulnerabilities using LLM and static analysis |
| title_full_unstemmed |
AdvSCanner : Generating adversarial smart contracts to exploit reentrancy vulnerabilities using LLM and static analysis |
| title_sort |
advscanner : generating adversarial smart contracts to exploit reentrancy vulnerabilities using llm and static analysis |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2024 |
| url |
https://ink.library.smu.edu.sg/sis_research/9798 |
| _version_ |
1819113141856894976 |