Smart contract vulnerabilities cost billions of dollars annually, yet existing automated analysis tools fail to generate deployable defenses. We present FLAMES, a novel automated approach that synthesizes executable runtime guards as Solidity "require" statements to harden smart contracts against exploits. Unlike prior work that relies on vulnerability labels, symbolic analysis, or natural language specifications, FLAMES employs domain-adapted large language models trained through fill-in-the-middle supervised fine-tuning on real-world invariants extracted from 514,506 verified contracts. Our extensive evaluation across three dimensions demonstrates FLAMES's effectiveness: (1) Compilation: FLAMES achieves 96.7% compilability for synthesized invariant (2) Semantic Quality: on a curated test set of 5,000 challenging invariants, FLAMES produces exact or semantically equivalent matches to ground truth in 44.5% of cases; (3) Exploit Mitigation: FLAMES prevents 22 out of 108 real exploits (20.4%) while preserving contract functionality, and (4) FLAMES successfully blocks the real-world APEMAGA incident by synthesizing a pre-condition that mitigates the attack. FLAMES establishes that domain-adapted LLMs can automatically generate production-ready security defenses for smart contracts without requiring vulnerability detection, formal specifications, or human intervention. We release our code, model weights, datasets, and evaluation infrastructure to enable reproducible research in this critical domain.

翻译：智能合约漏洞每年造成数十亿美元损失，而现有自动化分析工具无法生成可部署的防御机制。本文提出FLAMES，一种创新的自动化方法，通过合成可执行的运行时防护（以Solidity "require"语句形式）来强化智能合约以抵御攻击。与依赖漏洞标签、符号分析或自然语言规范的先前工作不同，FLAMES采用经过领域适应的大语言模型，通过对从514,506份已验证合约中提取的真实不变量进行"填空式"监督微调训练而成。我们在三个维度上的广泛评估证明了FLAMES的有效性：（1）可编译性：FLAMES合成的不变量达到96.7%的编译通过率；（2）语义质量：在包含5,000个挑战性不变量的精选测试集上，FLAMES在44.5%的案例中生成与真实值完全匹配或语义等价的结果；（3）漏洞缓解：FLAMES成功阻止108个真实攻击中的22个（20.4%），同时保持合约功能完整性；（4）FLAMES通过合成缓解攻击的前置条件，成功阻断了现实世界的APEMAGA安全事件。FLAMES证明领域适应的大语言模型能够自动为智能合约生成生产级安全防御，且无需漏洞检测、形式化规范或人工干预。我们公开代码、模型权重、数据集及评估基础设施，以促进这一关键领域的可重复研究。