Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Towards Secure Program Partitioning for Smart Contracts with LLM's In-Context Learning

Ye Liu, Yuqing Niu, Chengyan Ma, Ruidong Han, Wei Ma, Yi Li, Debin Gao, David Lo

TL;DR

PartitionGPT introduces an automated, LLM-driven framework for secure program partitioning of smart contracts to prevent sensitive data leakage. By combining taint analysis, program slicing, and in-context learning with a formal equivalence checker, it generates compilable and verifiably partitioned contracts that run privileged code in secure environments. Empirical evaluation across 18 annotated contracts and nine victim contracts demonstrates a 78% success rate in partition generation, roughly 30% code reduction, and defense against eight manipulation attacks, with moderate gas overhead due to inter-enclave communication. The work advances practical privacy-preserving smart contract development, enabling least-privilege execution while maintaining functional equivalence, and sets the stage for automated sensitive-data identification and refined partition ranking in future work.

Abstract

Smart contracts are highly susceptible to manipulation attacks due to the leakage of sensitive information. Addressing manipulation vulnerabilities is particularly challenging because they stem from inherent data confidentiality issues rather than straightforward implementation bugs. To tackle this by preventing sensitive information leakage, we present PartitionGPT, the first LLM-driven approach that combines static analysis with the in-context learning capabilities of large language models (LLMs) to partition smart contracts into privileged and normal codebases, guided by a few annotated sensitive data variables. We evaluated PartitionGPT on 18 annotated smart contracts containing 99 sensitive functions. The results demonstrate that PartitionGPT successfully generates compilable, and verified partitions for 78% of the sensitive functions while reducing approximately 30% code compared to function-level partitioning approach. Furthermore, we evaluated PartitionGPT on nine real-world manipulation attacks that lead to a total loss of 25 million dollars, PartitionGPT effectively prevents eight cases, highlighting its potential for broad applicability and the necessity for secure program partitioning during smart contract development to diminish manipulation vulnerabilities.

Towards Secure Program Partitioning for Smart Contracts with LLM's In-Context Learning

TL;DR

PartitionGPT introduces an automated, LLM-driven framework for secure program partitioning of smart contracts to prevent sensitive data leakage. By combining taint analysis, program slicing, and in-context learning with a formal equivalence checker, it generates compilable and verifiably partitioned contracts that run privileged code in secure environments. Empirical evaluation across 18 annotated contracts and nine victim contracts demonstrates a 78% success rate in partition generation, roughly 30% code reduction, and defense against eight manipulation attacks, with moderate gas overhead due to inter-enclave communication. The work advances practical privacy-preserving smart contract development, enabling least-privilege execution while maintaining functional equivalence, and sets the stage for automated sensitive-data identification and refined partition ranking in future work.

Abstract

Smart contracts are highly susceptible to manipulation attacks due to the leakage of sensitive information. Addressing manipulation vulnerabilities is particularly challenging because they stem from inherent data confidentiality issues rather than straightforward implementation bugs. To tackle this by preventing sensitive information leakage, we present PartitionGPT, the first LLM-driven approach that combines static analysis with the in-context learning capabilities of large language models (LLMs) to partition smart contracts into privileged and normal codebases, guided by a few annotated sensitive data variables. We evaluated PartitionGPT on 18 annotated smart contracts containing 99 sensitive functions. The results demonstrate that PartitionGPT successfully generates compilable, and verified partitions for 78% of the sensitive functions while reducing approximately 30% code compared to function-level partitioning approach. Furthermore, we evaluated PartitionGPT on nine real-world manipulation attacks that lead to a total loss of 25 million dollars, PartitionGPT effectively prevents eight cases, highlighting its potential for broad applicability and the necessity for secure program partitioning during smart contract development to diminish manipulation vulnerabilities.

Paper Structure

This paper contains 29 sections, 3 equations, 9 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Background and Motivation
  3. Blockchain and Smart Contracts, and Their Privacy Issues
  4. A Motivating Example
  5. Approach
  6. Overview
  7. Identification of Sensitive Functions
  8. Program Slicing and Partitioning
  9. LLM-driven Fine-grained Partitioning
  10. Revising and Repairing Program Partitions
  11. Ranking the Top-K Appropriate Program Partitions
  12. Illustration Example
  13. Equivalence Checking
  14. Evaluation
  15. Implementation
  16. ...and 14 more sections

Figures (9)

  • Figure 1: Illustration of Jimbo's key attack step.
  • Figure 2: The overview of PartitionGPT.
  • Figure 3: The prompt for generating/repairing program partitions.
  • Figure 4: The prompt for fixing grammar errors of program partitions.
  • Figure 5: The impact of Top-K selection.
  • ...and 4 more figures

Theorems & Definitions (2)

  • Definition 1
  • Definition 2