四川大学学报(自然科学版)2025,Vol.62Issue(3):641-650,10.DOI:10.19907/j.0490-6756.250014
LCFuzzer:基于大语言模型辅助的智能合约模糊测试方法
LCFuzzer:Large language model assisted fuzzing approach forsmart contract vulnerability detection
摘要
Abstract
As the application of smart contract technology expands across various domains,the complexity of their code and functional logic has been increasing,and the security issues associated with smart contracts have become more prominent.Currently,fuzz testing is the mainstream approach for vulnerability detection in smart contracts.However,these methods have limitations,particularly in their inability to deeply explore critical functions and paths within the contract.To address this challenge,this paper proposes a novel fuzz testing framework called LCFuzzer,which leverages the advanced code understanding and analysis capabili-ties of large language models(LLMs).LCFuzzer incorporates three key indicators:high-risk functions,criti-cal paths,and function-call dependencies.The proposed framework utilizes prompt engineering to guide the LLMs in analyzing the smart contract under test.It generates insightful analysis results,which are then passed to the fuzz tester to enhance the testing process.Moreover,LCFuzzer improves the seed scoring mechanism by allocating more mutation energy to higher-scoring seeds.This targeted approach helps in ex-ploring deeper states within the smart contract and allows for more efficient vulnerability detection.The per-formance of LCFuzzer is evaluated using a dataset of 518 real-world smart contracts.During testing,LCFuzzer successfully identified 141 vulnerabilities,achieving a higher vulnerability detection rate and lower false positive rate compared to the popular tool sFuzz.Specifically,the number of real vulnerabilities detected increased by an average of 6.7%,and the branch coverage improved by an average of 7%.These results demonstrate that LCFuzzer outperforms existing tools,providing superior accuracy and branch coverage in fuzz testing for smart contracts.In summary,the key innovation of LCFuzzer lies in its use of LLMs to guide the fuzz testing process through the identification of high-risk functions,critical paths,and function-call depen-dencies.This enables a more focused and efficient vulnerability detection approach compared to traditional fuzzing methods,which tend to lack the precision required for exploring the complex state spaces of smart contracts.Furthermore,the optimization of the seed scoring mechanism enhances the exploration of deeper contract states,resulting in improved detection rates and coverage.The experimental results validate LCFuzzer as an effective and promising tool for improving the accuracy and efficiency of smart contract vul-nerability discovery,offering significant advancements in the field of smart contract security analysis.关键词
智能合约/模糊测试/漏洞挖掘/大语言模型Key words
Smart contracts/Fuzz testing/Vulnerability detection/Large language models分类
信息技术与安全科学引用本文复制引用
柳蓉,杨频,贾鹏,张雨轩..LCFuzzer:基于大语言模型辅助的智能合约模糊测试方法[J].四川大学学报(自然科学版),2025,62(3):641-650,10.基金项目
国家重点研发计划项目(2021YFB3101803) (2021YFB3101803)
