AdvSCanner: Generating Adversarial Smart Contracts to Exploit Reentrancy Vulnerabilities Using LLM and Static Analysis

Smart contracts are prone to vulnerabilities, with reentrancy attacks posing significant risks due to their destructive potential. While various methods exist for detecting reentrancy vulnerabilities in smart contracts, such as static analysis, these approaches often suffer from high false positive...

Full description

Saved in:
Bibliographic Details
Published in:IEEE/ACM International Conference on Automated Software Engineering : [proceedings] pp. 1019 - 1031
Main Authors: Wu, Yin, Xie, Xiaofei, Peng, Chenyang, Liu, Dijun, Wu, Hao, Fan, Ming, Liu, Ting, Wang, Haijun
Format: Conference Proceeding
Language:English
Published: ACM 27.10.2024
Subjects:
Analytical models
Code Generation
Large Language Model
Large language models
Reentrancy Vulnerability
Security
Smart Contract
Smart contracts
Software
Software engineering
Static analysis
ISSN:2643-1572
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Smart contracts are prone to vulnerabilities, with reentrancy attacks posing significant risks due to their destructive potential. While various methods exist for detecting reentrancy vulnerabilities in smart contracts, such as static analysis, these approaches often suffer from high false positive rates and lack the ability to directly illustrate how vulnerabilities can be exploited in attacks.In this paper, we tackle the challenging task of generating ASCs for identified reentrancy vulnerabilities. To address this difficulty, we introduce AdvSCanner, a novel method that leverages the Large Language Model (LLM) and static analysis to automatically generate adversarial smart contracts (ASCs) designed to exploit reentrancy vulnerabilities in victim contracts. The basic idea of AdvSCanner is to extract attack flows associated with reentrancy vulnerabilities using static analysis and utilize them to guide LLM in generating ASCs. To mitigate the inherent inaccuracies in LLM outputs, AdvSCanner incorporates a self-reflection component, which collects compilation and attack-triggering feedback from the generated ASCs and refines the ASC generation if necessary. Experimental evaluations demonstrate the effectiveness of AdvSCanner, achieving a significantly higher success rate (76.41%) compared to baseline methods, which only achieve 6.92% and 18.97%, respectively. Furthermore, a case study illustrates that AdvSCanner can greatly reduce auditing time from 24 hours (without assistance) to approximately 3 hours when used during the auditing process.CCS CONCEPTS* Software and its engineering → Software verification and validation.
ISSN:2643-1572
DOI:10.1145/3691620.3695482