E^XG^EN: Cross-platform, Automated Exploit Generation for Smart Contract Vulnerabilities

Smart contracts, just like other computer programs, are prone to a variety of vulnerabilities, which lead to severe consequences including massive token and coin losses. Prior works have explored automated exploit generation for vulnerable Ethereum contracts. However, the scopes of prior works are limited in both vulnerability types and contract platforms. In this paper, we propose a cross-platform framework, called EXGEN, to generate multiple transactions as exploits to given vulnerable smart contracts. EXGEN first translates either Ethereum or EOS contracts to an intermediate representation (IR). Then, EXGEN generates symbolic attack contracts with transactions in a partial order and then symbolically executes the attack contracts together with the target to find and solve all the constraints. Lastly, EXGEN concretizes all the symbols, generates attack contracts with multiple transactions, and verifies the generated contracts' exploitability on a private chain with values crawled from the public chain. We implemented a prototype of EXGEN and evaluated it on Ethereum and EOS benchmarks. EXGEN successfully exploits 1,258/1,399 (89.9%) Ethereum and 126/130 (96.9%) EOS vulnerabilities. EXGEN is also able to exploit zero-day vulnerabilities on EOS.