Search papers, labs, and topics across Lattice.
The paper introduces NeuroSCA, a hybrid fuzzing framework for smart contracts that uses a large language model (LLM) to abstract away irrelevant constraints, mitigating constraint pollution and improving SMT solver performance. By identifying and solving only the core, goal-relevant constraints, NeuroSCA reduces SMT solving time on polluted paths. Experiments on real-world contracts demonstrate that NeuroSCA increases code coverage and bug-finding rates while maintaining performance on simpler contracts.
LLMs can surgically remove semantic noise from smart contract constraints, dramatically accelerating hybrid fuzzing without sacrificing soundness.
Hybrid fuzzing combines greybox fuzzing's throughput with the precision of symbolic execution to uncover deep smart contract vulnerabilities. However, its effectiveness is often limited by constraint pollution: in real world contracts, path conditions pick up semantic noise from global state and defensive checks that are syntactically intertwined with, but semantically peripheral to, the target branch, causing SMT timeouts. We propose NeuroSCA (Neuro-Symbolic Constraint Abstraction), a lightweight framework that selectively inserts a Large Language Model (LLM) as a semantic constraint abstraction layer. NeuroSCA uses the LLM to identify a small core of goal-relevant constraints, solves only this abstraction with an SMT solver, and validates models via concrete execution in a verifier-in-the-loop refinement mechanism that reintroduces any missed constraints and preserves soundness. Experiments on real-world contracts show that NeuroSCA speeds up solving on polluted paths, increases coverage and bug-finding rates on representative hard contracts, and, through its selective invocation policy, achieves these gains with only modest overhead and no loss of effectiveness on easy contracts.
