Detecting State Manipulation Vulnerabilities in Smart Contracts Using LLM and Static Analysis
By: Hao Wu , Haijun Wang , Shangwang Li and more
Potential Business Impact:
Finds fake money trades before they happen.
An increasing number of DeFi protocols are gaining popularity, facilitating transactions among multiple anonymous users. State Manipulation is one of the notorious attacks in DeFi smart contracts, with price variable being the most commonly exploited state variable-attackers manipulate token prices to gain illicit profits. In this paper, we propose PriceSleuth, a novel method that leverages the Large Language Model (LLM) and static analysis to detect Price Manipulation (PM) attacks proactively. PriceSleuth firstly identifies core logic function related to price calculation in DeFi contracts. Then it guides LLM to locate the price calculation code statements. Secondly, PriceSleuth performs backward dependency analysis of price variables, instructing LLM in detecting potential price manipulation. Finally, PriceSleuth utilizes propagation analysis of price variables to assist LLM in detecting whether these variables are maliciously exploited. We presented preliminary experimental results to substantiate the effectiveness of PriceSleuth . And we outline future research directions for PriceSleuth.
Similar Papers
LLM-Powered Detection of Price Manipulation in DeFi
Cryptography and Security
Finds hidden money theft in online finance.
Generative Large Language Model usage in Smart Contract Vulnerability Detection
Cryptography and Security
AI helps find bugs in online money contracts.
Enhancing Smart Contract Vulnerability Detection in DApps Leveraging Fine-Tuned LLM
Cryptography and Security
Finds hidden bugs in online money apps.