Go to OpenReview Public Article ORCID homepageLLAMA: Multi-Feedback Smart Contract Fuzzing Framework with LLM-Guided Seed Generation
Abstract: Smart contracts play a pivotal role in blockchain ecosystems, and fuzzing remains a critical approach to securing them. However, existing smart contract fuzzers often optimize either seed generation or mutation scheduling in isolation and rely on narrow, fragmented feedback signals, leaving multi-transaction reasoning and stagnation recovery under-explored. In this work, we propose a Large Language Models (LLMs)-based Multi-feedback Smart Contract Fuzzing framework (LLAMA). Key components of the proposed LLAMA include: (i) a hierarchical prompting strategy that guides LLMs to generate structurally valid, context-aware multi-transaction initial seeds, together with a lightweight pre-fuzzing phase that validates and prioritizes high-potential LLM-generated candidates; (ii) a multi-feedback-guided evolutionary optimization module that jointly optimizes seed selection and mutation scheduling by a group of constraints for driving an LLM-bootstrapped bandit scheduler. (iii) an LLM-guided hybrid fuzzing module that integrates evolutionary fuzzing with a dual-channel recovery mechanism, which concurrently employs asynchronous coverage-stagnation- based LLM reseeding and selective symbolic execution to resolve complex path constraints. Our extensive experiments demonstrate that LLAMA outperforms state-of-the-art fuzzers in both coverage and vulnerability detection. Specifically, it achieves 92% instruction coverage on small contracts and 81% on large contracts, while detecting 132 out of 148 known vulnerabilities across diverse categories. Ablation studies further evidence that the proposed multi-feedback and hybrid recovery strategies have strong impact on LLAMA’s performance. The results explain LLAMA’s effectiveness, adaptability, and practicality in complex smart contract scenarios.
External IDs:doi:10.1109/tifs.2026.3666859
Loading