FLAMES: Fine-tuning LLMs to Synthesize Invariants for Smart Contract Security

TL;DR

FLAMES uses domain-adapted large language models to automatically synthesize executable security guards for smart contracts, significantly improving automated defense capabilities without relying on vulnerability labels or formal specs.

Contribution

Introduces FLAMES, a novel LLM-based method that synthesizes deployable runtime guards for smart contracts, outperforming prior approaches in effectiveness and automation.

Findings

Achieves 96.7% compilability of synthesized invariants.

Produces exact or semantically equivalent matches in 44.5% of test cases.

Prevents 20.4% of real exploits while maintaining contract functionality.

Abstract

Smart contract vulnerabilities cost billions of dollars annually, yet existing automated analysis tools fail to generate deployable defenses. We present FLAMES, a novel automated approach that synthesizes executable runtime guards as Solidity "require" statements to harden smart contracts against exploits. Unlike prior work that relies on vulnerability labels, symbolic analysis, or natural language specifications, FLAMES employs domain-adapted large language models trained through fill-in-the-middle supervised fine-tuning on real-world invariants extracted from 514,506 verified contracts. Our extensive evaluation across three dimensions demonstrates FLAMES's effectiveness: (1) Compilation: FLAMES achieves 96.7% compilability for synthesized invariant (2) Semantic Quality: on a curated test set of 5,000 challenging invariants, FLAMES produces exact or semantically equivalent matches to ground truth in 44.5% of cases; (3) Exploit Mitigation: FLAMES prevents 22 out of 108 real exploits (20.4%) while preserving contract functionality, and (4) FLAMES successfully blocks the real-world APEMAGA incident by synthesizing a pre-condition that mitigates the attack. FLAMES establishes that domain-adapted LLMs can automatically generate production-ready security defenses for smart contracts without requiring vulnerability detection, formal specifications, or human intervention. We release our code, model weights, datasets, and evaluation infrastructure to enable reproducible research in this critical domain.