Detecting State Manipulation Vulnerabilities in Smart Contracts Using LLM and Static Analysis

TL;DR

This paper introduces PriceSleuth, a novel approach combining Large Language Models and static analysis to proactively detect price manipulation vulnerabilities in DeFi smart contracts, enhancing security in blockchain applications.

Contribution

It presents a new method that integrates LLMs with static analysis techniques to identify price manipulation vulnerabilities in smart contracts, which was not previously explored.

Findings

Preliminary results show effectiveness of PriceSleuth.

Method successfully identifies core price calculation logic.

Detects potential malicious exploitation of price variables.

Abstract

An increasing number of DeFi protocols are gaining popularity, facilitating transactions among multiple anonymous users. State Manipulation is one of the notorious attacks in DeFi smart contracts, with price variable being the most commonly exploited state variable-attackers manipulate token prices to gain illicit profits. In this paper, we propose PriceSleuth, a novel method that leverages the Large Language Model (LLM) and static analysis to detect Price Manipulation (PM) attacks proactively. PriceSleuth firstly identifies core logic function related to price calculation in DeFi contracts. Then it guides LLM to locate the price calculation code statements. Secondly, PriceSleuth performs backward dependency analysis of price variables, instructing LLM in detecting potential price manipulation. Finally, PriceSleuth utilizes propagation analysis of price variables to assist LLM in detecting whether these variables are maliciously exploited. We presented preliminary experimental results to substantiate the effectiveness of PriceSleuth . And we outline future research directions for PriceSleuth.