Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Hyperion: Unveiling DApp Inconsistencies using LLM and Dataflow-Guided Symbolic Execution

Shuo Yang, Xingwei Lin, Jiachi Chen, Qingyuan Zhong, Lei Xiao, Renke Huang, Yanlin Wang, Zibin Zheng

TL;DR

Hyperion addresses the problem of front-end description–back-end contract inconsistencies in DApps by integrating a fine-tuned LLaMA2-based description analyzer (HyperText) with a dataflow-guided symbolic execution engine on contract IR (HyperCode). The approach defines seven concrete inconsistency types, jointly leveraging natural language understanding and bytecode semantics to automatically detect mismatches. Across a ground-truth set of 54 DApps and a large-scale set of 835 DApps, Hyperion achieves a recall of 84.06% and precision of 92.06% on the former, and identifies inconsistencies in 459 of the 835 DApps with 92.10% precision on the latter, underscoring the prevalence and risk of such issues. The work delivers substantial practical impact by providing ready-to-use tooling and datasets to improve trust and transparency in the DApp ecosystem, and it opens avenues for further research into automated frontend-contract alignment.

Abstract

The rapid advancement of blockchain platforms has significantly accelerated the growth of decentralized applications (DApps). Similar to traditional applications, DApps integrate front-end descriptions that showcase their features to attract users, and back-end smart contracts for executing their business logic. However, inconsistencies between the features promoted in front-end descriptions and those actually implemented in the contract can confuse users and undermine DApps's trustworthiness. In this paper, we first conducted an empirical study to identify seven types of inconsistencies, each exemplified by a real-world DApp. Furthermore, we introduce HYPERION, an approach designed to automatically identify inconsistencies between front-end descriptions and back-end code implementation in DApps. This method leverages a fine-tuned large language model LLaMA2 to analyze DApp descriptions and employs dataflow-guided symbolic execution for contract bytecode analysis. Finally, HYPERION reports the inconsistency based on predefined detection patterns. The experiment on our ground truth dataset consisting of 54 DApps shows that HYPERION reaches 84.06% overall recall and 92.06% overall precision in reporting DApp inconsistencies. We also implement HYPERION to analyze 835 real-world DApps. The experimental results show that HYPERION discovers 459 real-world DApps containing at least one inconsistency.

Hyperion: Unveiling DApp Inconsistencies using LLM and Dataflow-Guided Symbolic Execution

TL;DR

Hyperion addresses the problem of front-end description–back-end contract inconsistencies in DApps by integrating a fine-tuned LLaMA2-based description analyzer (HyperText) with a dataflow-guided symbolic execution engine on contract IR (HyperCode). The approach defines seven concrete inconsistency types, jointly leveraging natural language understanding and bytecode semantics to automatically detect mismatches. Across a ground-truth set of 54 DApps and a large-scale set of 835 DApps, Hyperion achieves a recall of 84.06% and precision of 92.06% on the former, and identifies inconsistencies in 459 of the 835 DApps with 92.10% precision on the latter, underscoring the prevalence and risk of such issues. The work delivers substantial practical impact by providing ready-to-use tooling and datasets to improve trust and transparency in the DApp ecosystem, and it opens avenues for further research into automated frontend-contract alignment.

Abstract

The rapid advancement of blockchain platforms has significantly accelerated the growth of decentralized applications (DApps). Similar to traditional applications, DApps integrate front-end descriptions that showcase their features to attract users, and back-end smart contracts for executing their business logic. However, inconsistencies between the features promoted in front-end descriptions and those actually implemented in the contract can confuse users and undermine DApps's trustworthiness. In this paper, we first conducted an empirical study to identify seven types of inconsistencies, each exemplified by a real-world DApp. Furthermore, we introduce HYPERION, an approach designed to automatically identify inconsistencies between front-end descriptions and back-end code implementation in DApps. This method leverages a fine-tuned large language model LLaMA2 to analyze DApp descriptions and employs dataflow-guided symbolic execution for contract bytecode analysis. Finally, HYPERION reports the inconsistency based on predefined detection patterns. The experiment on our ground truth dataset consisting of 54 DApps shows that HYPERION reaches 84.06% overall recall and 92.06% overall precision in reporting DApp inconsistencies. We also implement HYPERION to analyze 835 real-world DApps. The experimental results show that HYPERION discovers 459 real-world DApps containing at least one inconsistency.
Paper Structure (28 sections, 11 equations, 11 figures, 4 tables)

This paper contains 28 sections, 11 equations, 11 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background
  3. DApp and Smart Contract
  4. Large Language Model
  5. Inconsistencies Definition
  6. Data Collection
  7. Data Analysis
  8. Definition of DApp Inconsistencies
  9. Methodology
  10. Overview
  11. LLM-based DApp Description Analysis
  12. Instruction-Tuning
  13. Inconsistency-related Attributes Extraction
  14. Contract Semantic Analysis
  15. Decompilation and Dataflow Analysis
  16. ...and 13 more sections

Figures (11)

  • Figure 1: Workflow of defining DApp inconsistencies.
  • Figure 2: DApp descriptions (top) and contract snippet (bottom) of BNB Ultra.
  • Figure 3: DApp description (top) and contract snippet (bottom) of MILKY token.
  • Figure 4: Description (top) and contract snippet (bottom) of Baby BNB Tiger.
  • Figure 5: Contract code snippet of Metarevo.
  • ...and 6 more figures