Smart contracts extended blockchain functionality beyond simple transactions, powering complex applications like decentralized finance (DeFi). However, this complexity introduces serious security challenges, including price manipulation and inflation attacks. Despite the development of various security tools, the rapid rise in financially motivated exploits continues to pose a significant threat to the blockchain ecosystem. These financially motivated exploits often stem from Monetarily Exploitable Vulnerabilities (MEVuls), which refer to vulnerabilities arising from exploitable implementations in monetary transactions or value-transfer logic. Due to their complexity, intricate chains of function calls, multifaceted logic, and diverse manifestations across different smart contracts, MEVuls are particularly challenging for current security tools to identify. Instead of providing actionable insights, existing tools frequently generate excessive warnings that overwhelm developers without effectively mitigating risks. To address the challenge of recognizing MEVuls, we first formalize MEVuls based on common real-world financial exploits. Then, we introduce FAUDITOR, a specialized fuzzer designed to detect MEVuls in smart contracts. The key insight is that leveraging smart contracts' finance-related interfaces directly exposes critical vulnerabilities, making detection more targeted. We further integrate auditors' reports using NLP to extract valuable insights on exploitation patterns, enabling a more informed search strategy. Additionally, FAUDITOR employs a self-learning mechanism that refines its detection strategies over time, allowing it to improve based on prior fuzzing results. In our evaluation, FAUDITOR impressively reveals 220 zero-day MEVuls. Meanwhile, compared to existing fuzzers, FAUDITOR detects vulnerabilities faster and achieves better instruction coverage.

翻译：智能合约将区块链功能从简单交易扩展到支持去中心化金融（DeFi）等复杂应用。然而，这种复杂性也带来了严重的安全挑战，包括价格操纵和通胀攻击。尽管已有多种安全工具被开发，但金融动机驱动的攻击行为仍对区块链生态系统构成重大威胁。这些攻击通常源于货币可利用漏洞（Monetarily Exploitable Vulnerabilities, MEVuls），即由货币交易或价值转移逻辑中的可攻击性实现所引发的漏洞。由于MEVuls具有复杂性、复杂的函数调用链、多层面逻辑以及在不同智能合约中的多样化表现形式，现有安全工具难以有效识别。现有工具不仅未能提供可操作的建议，反而常产生大量警告信息，使开发者不堪重负却无法有效降低风险。为解决MEVuls识别难题，我们首先基于真实世界的金融攻击形式化定义了MEVuls。随后，我们提出FAUDITOR——一种专门用于检测智能合约中MEVuls的模糊测试工具。其核心思路在于直接利用智能合约的金融相关接口暴露关键漏洞，使检测更具针对性。进一步地，我们通过自然语言处理技术整合审计报告，提取攻击模式的关键洞察，从而实现更智能的搜索策略。此外，FAUDITOR采用自学习机制，可根据历史模糊测试结果持续优化检测策略。实验评估中，FAUDITOR成功发现220个零日MEVuls。与现有模糊测试工具相比，FAUDITOR不仅检测速度更快，还实现了更高的指令覆盖率。