Conference item
SymGPT: auditing smart contracts via combining symbolic execution with large language models
- Abstract:
- To govern smart contracts running on Ethereum, multiple Ethereum Request for Comment (ERC) standards have been developed, each defining a set of rules governing contract behavior. Violating these rules can cause serious security issues and financial losses, signifying the importance of verifying ERC compliance. Today’s practices of such verification include manual audits, expert-developed program-analysis tools, and large language models (LLMs), all of which remain ineffective at detecting ERC rule violations. This paper introduces SymGPT, a tool that combines LLMs with symbolic execution to automatically verify smart contracts’ compliance with ERC rules. We begin by empirically analyzing 132 ERC rules from three major ERC standards, examining their content, security implications, and natural language descriptions. Based on this study, SymGPT instructs an LLM to translate ERC rules into a domain-specific language, synthesizes constraints from the translated rules to model potential rule violations, and performs symbolic execution for violation detection. Our evaluation shows that SymGPT identifies 5,783 ERC rule violations in 4,000 real- world contracts, including 1,375 violations with clear attack paths for financial theft. Furthermore, SymGPT outperforms six automated techniques and a security-expert auditing service, underscoring its superiority over current smart contract analysis methods.
- Publication status:
- Accepted
- Peer review status:
- Peer reviewed
Actions
Access Document
- Files:
-
-
(Preview, Accepted manuscript, pdf, 839.2KB, Terms of use)
-
Authors
+ UK Research and Innovation
More from this funder
- Funder identifier:
- https://ror.org/001aqnf71
- Grant:
- 10066667
+ Engineering and Physical Sciences Research Council
More from this funder
- Funder identifier:
- https://ror.org/0439y7842
- Grant:
- EP/T006544/2
- EP/T014709/2
- Publisher:
- Association for Computing Machinery
- Journal:
- Proceedings of the ACM on Programming Languages More from this journal
- Volume:
- 10
- Article number:
- 109
- Acceptance date:
- 2025-12-17
- Event title:
- OOPSLA 2026
- Event location:
- Oakland, California, United States
- Event website:
- https://2026.splashcon.org/track/oopsla-2026
- Event start date:
- 2026-10-03
- Event end date:
- 2026-10-09
- EISSN:
-
2475-1421
- Language:
-
English
- Pubs id:
-
2383148
- Local pid:
-
pubs:2383148
- Deposit date:
-
2026-03-02
- ARK identifier:
Terms of use
- Copyright holder:
- Xia et al
- Copyright date:
- 2026
- Rights statement:
- © 2026 Copyright held by the owner/author(s).
- Licence:
- CC Attribution (CC BY)
If you are the owner of this record, you can report an update to it here: Report update to this record