AdvSCanner: Generating Adversarial Smart Contracts to Exploit Reentrancy Vulnerabilities Using LLM and Static Analysis

AGEStaticAGEStatic is an innovative project aimed at enhancing the security of Ethereum smart contracts by automatically generating exploit smart contracts. The project leverages large language models (LLMs) and static analysis to automatically generate adversarial smart contracts (ASCs) designed to exploit reentrancy vulnerabilities in victim contracts, which are among the most critical security issues in smart contracts.<b>Dataset</b>We have collected and integrated multiple smart contracts with reentrancy vulnerabilities from various sources. To obtain more representative samples, we filtered out ineligible and duplicate smart contracts according to the standards mentioned above, resulting in a total of 78 unique smart contracts (14 are duplicate.)<b>Size</b>: The dataset includes 78 smart contracts (14 duplicates), each verified for relevance and uniqueness,such as ERAP, ESC, Smartbugs, RSD, ATR, and SSE.<b>Standards for Dataset Collection</b>:<b>Solidity Smart Contract</b>: The AGEStatic tool we designed is aimed at Solidity smart contracts, with Solidity versions ranging from 0.4.0 to 0.8.25.<b>Open-source and Peer-reviewed Dataset</b>: The reentrancy vulnerabilities datasets are collected from widely-used or peer-reviewed open-source datasets that have obtained general public acceptance and applications in relevant research.<b>Marked as Reentrancy Vulnerability</b>: The most vital standard requires the existence of reentrancy vulnerability, which can be categorized into two types: manually injected vulnerability (MI) and real-world vulnerability (RW).<b>Detection by Static Analysis Tool</b>: These contracts in the dataset should be identified as reentrancy vulnerability by traditional static analysis tools that output reentrancy reports for each contract.<b>Fully Functional Characteristics</b>: Smart contracts with only partial functions cannot support attack verification experiments; therefore, the contracts satisfy logical integrity and full functionality characteristics.<b>Physical Experiment</b>This section describes the environment and code used for running the static analysis experiments and generating exploit contracts.<b>Static Analysis</b>: The static analysis experiments, obtained from GitHub, are run on an Ubuntu 22.04 system with the following hardware specifications:<b>Operating System</b>: Ubuntu 22.04<b>CPU</b>: Intel(R) Core(TM) i7-9750H @ 2.60GHz (2 cores and 2 threads)<b>Cache Size</b>: 12288 KB<b>Memory Size</b>: 6085248 KB<b>Exploit Contract Generation</b>: We leverage APIs of gpt-3.5-turbo, gpt-4, or gpt-4o using Python. The environment specifications are as follows:<b>Required Packages</b>:<code><strong>python==3.10.0</strong></code><code><strong>openai==0.28.0</strong></code><code><strong>py-solc-x==2.0.2</strong></code><b>Experiment Results</b>The experimental results include RQ1, RQ2, RQ3, and RQ4.

AGEStatic是一项创新性项目，旨在通过自动生成利用型智能合约，提升以太坊（Ethereum）智能合约的安全性。本项目借助大语言模型（Large Language Model, LLM）与静态分析技术，自动生成针对受害合约重入漏洞的对抗性智能合约（Adversarial Smart Contracts, ASCs）——重入漏洞是智能合约领域最关键的安全问题之一。 ## 数据集 我们从多类来源收集并整合了多款存在重入漏洞的智能合约。为获取更具代表性的样本，我们依据前述标准筛选出不合格与重复的智能合约，最终得到总计78份唯一智能合约（其中14份为重复样本）。 ## 数据集规模 本数据集共包含78份智能合约（含14份重复样本），所有合约均经过相关性与唯一性验证，数据来源包括ERAP、ESC、Smartbugs、RSD、ATR及SSE等。 ## 数据集采集标准 ### Solidity智能合约 我们研发的AGEStatic工具面向Solidity智能合约，支持的Solidity版本范围为0.4.0至0.8.25。 ### 开源且经同行评审的数据集 本数据集的重入漏洞样本采集自广泛使用或经同行评审的开源数据集，这些数据集已获得学术界普遍认可并应用于相关研究领域。 ### 标记为重入漏洞 最核心的标准为合约必须存在重入漏洞，可分为两类：手动注入漏洞（Manually Injected Vulnerability, MI）与真实世界漏洞（Real-world Vulnerability, RW）。 ### 静态分析工具检测验证 数据集中的所有合约需经传统静态分析工具识别为重入漏洞，并为每份合约输出重入漏洞检测报告。 ### 具备完整功能特性 仅包含部分功能的智能合约无法支撑攻击验证实验，因此入选合约需满足逻辑完整性与全功能特性。 ## 实体实验 本节介绍用于开展静态分析实验与生成利用合约的环境及代码。 ### 静态分析实验 静态分析实验部署于Ubuntu 22.04系统，相关资源取自GitHub，硬件配置如下： - 操作系统：Ubuntu 22.04 - CPU：Intel(R) Core(TM) i7-9750H @ 2.60GHz（2核心2线程） - 缓存大小：12288 KB - 内存大小：6085248 KB ### 利用合约生成 我们通过Python调用gpt-3.5-turbo、gpt-4或gpt-4o的API生成利用合约，环境配置如下： #### 所需依赖包 python==3.10.0 openai==0.28.0 py-solc-x==2.0.2 ## 实验结果 实验结果涵盖研究问题RQ1、RQ2、RQ3及RQ4。