AdvSCanner : Generating adversarial smart contracts to exploit reentrancy vulnerabilities using LLM and static analysis

Author

Yin WU
Xiaofei XIE, Singapore Management UniversityFollow
Chenyang PENG
Dijun LIU
Hao WU
Ming FAN
Tin LIU
Haijun WANG

Publication Type

Conference Proceeding Article

Publication Date

10-2024

Abstract

Smart contracts are prone to vulnerabilities, with reentrancy attacks posing significant risks due to their destructive potential. While various methods exist for detecting reentrancy vulnerabilities in smart contracts, such as static analysis, these approaches often suffer from high false positive rates and lack the ability to directly illustrate how vulnerabilities can be exploited in attacks. In this paper, we tackle the challenging task of generating ASCs for identified reentrancy vulnerabilities. To address this difficulty, we introduce AdvSCanner, a novel method that leverages the Large Language Model (LLM) and static analysis to automatically generate adversarial smart contracts (ASCs) designed to exploit reentrancy vulnerabilities in victim contracts. The basic idea of AdvSCanner is to extract attack flows associated with reentrancy vulnerabilities using static analysis and utilize them to guide LLM in generating ASCs. To mitigate the inherent inaccuracies in LLM outputs, AdvSCanner incorporates a self-reflection component, which collects compilation and attack-triggering feedback from the generated ASCs and refines the ASC generation if necessary. Experimental evaluations demonstrate the effectiveness of AdvSCanner, achieving a significantly higher success rate (76.41%) compared to baseline methods, which only achieve 6.92% and 18.97%, respectively. Furthermore, a case study illustrates that AdvSCanner can greatly reduce auditing time from 24 hours (without assistance) to approximately 3 hours when used during the auditing process.

Keywords

Reentrancy vulnerabilities detection, Adversarial smart contracts, Large language models, LLMS

Discipline

Artificial Intelligence and Robotics | Information Security

Publication

Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering (ASE 2024) : Sacramento CA, USA, October 27 - November 1

First Page

1019

Last Page

1031

Identifier

10.1145/3691620.3695482

Publisher

Association for Computing Machinery

City or Country

Sacramento CA, USA

Citation

WU, Yin; XIE, Xiaofei; PENG, Chenyang; LIU, Dijun; WU, Hao; FAN, Ming; LIU, Tin; and WANG, Haijun. AdvSCanner : Generating adversarial smart contracts to exploit reentrancy vulnerabilities using LLM and static analysis. (2024). Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering (ASE 2024) : Sacramento CA, USA, October 27 - November 1. 1019-1031.
Available at: https://ink.library.smu.edu.sg/sis_research/9798

Additional URL

https://doi.org/10.1145/3691620.3695482