Smart contracts are fundamental pillars of the blockchain, playing a crucial role in facilitating various business transactions. However, these smart contracts are vulnerable to exploitable bugs that can lead to substantial monetary losses. A recent study reveals that over 80% of these exploitable bugs, which are primarily functional bugs, can evade the detection of current tools. The primary issue is the significant gap between understanding the high-level logic of the business model and checking the low-level implementations in smart contracts. Furthermore, identifying deeply rooted functional bugs in smart contracts requires the automated generation of effective detection oracles based on various bug features. To address these challenges, we design and implement PROMFUZZ, an automated and scalable system to detect functional bugs, in smart contracts. In PROMFUZZ, we first propose a novel Large Language Model (LLM)-driven analysis framework, which leverages a dual-agent prompt engineering strategy to pinpoint potentially vulnerable functions for further scrutiny. We then implement a dual-stage coupling approach, which focuses on generating invariant checkers that leverage logic information extracted from potentially vulnerable functions. Finally, we design a bug-oriented fuzzing engine, which maps the logical information from the high-level business model to the low-level smart contract implementations, and performs the bug-oriented fuzzing on targeted functions. We compare PROMFUZZ with multiple state-of-the-art methods. The results show that PROMFUZZ achieves 86.96% recall and 93.02% F1-score in detecting functional bugs, marking at least a 50% improvement in both metrics over state-of-the-art methods. Moreover, we perform an in-depth analysis on real-world DeFi projects and detect 30 zero-day bugs. Up to now, 24 zero-day bugs have been assigned CVE IDs.

翻译：智能合约是区块链的基础支柱，在促进各类商业交易中发挥着关键作用。然而，这些智能合约易受可利用缺陷的影响，可能导致重大的经济损失。近期研究表明，超过80%的这些可利用缺陷（主要是功能缺陷）能够逃逸现有工具的检测。核心问题在于理解业务模型的高层逻辑与检查智能合约底层实现之间存在显著鸿沟。此外，识别智能合约中根深蒂固的功能缺陷需要基于多种缺陷特征自动生成有效的检测预言。为应对这些挑战，我们设计并实现了PROMFUZZ，一个用于检测智能合约中功能缺陷的自动化、可扩展系统。在PROMFUZZ中，我们首先提出了一种新颖的大型语言模型（LLM）驱动分析框架，该框架利用双智能体提示工程策略来定位潜在易受攻击的函数以供进一步审查。随后，我们实现了一种双阶段耦合方法，专注于生成利用从潜在易受攻击函数中提取的逻辑信息的不变量检查器。最后，我们设计了一个面向缺陷的模糊测试引擎，该引擎将高层业务模型中的逻辑信息映射到智能合约的底层实现，并对目标函数执行面向缺陷的模糊测试。我们将PROMFUZZ与多种最先进方法进行比较。结果表明，在检测功能缺陷方面，PROMFUZZ实现了86.96%的召回率和93.02%的F1分数，这两项指标相比最先进方法至少提升了50%。此外，我们对现实世界的DeFi项目进行了深入分析，并检测出30个零日缺陷。截至目前，已有24个零日缺陷被分配了CVE编号。