EXGEN: Cross-platform, Automated Exploit Generation for Smart Contract Vulnerabilities

Ling Jin, Yinzhi Cao, Yan Chen, Di Zhang, Simone Campanoni

Research output: Contribution to journalArticlepeer-review

1 Scopus citations


Smart contracts, just like other computer programs, are prone to a variety of vulnerabilities, which lead to severe consequences including massive token and coin losses. Prior works have explored automated exploit generation for vulnerable Ethereum contracts. However, the scopes of prior works are limited in both vulnerability types and contract platforms. In this paper, we propose a cross-platform framework, called EXGEN, to generate multiple transactions as exploits to given vulnerable smart contracts. EXGEN first translates either Ethereum or EOS contracts to an intermediate representation (IR). Then, EXGEN generates symbolic attack contracts with transactions in a partial order and then symbolically executes the attack contracts together with the target to find and solve all the constraints. Lastly, EXGEN concretizes all the symbols, generates attack contracts with multiple transactions, and verifies the generated contracts' exploitability on a private chain with values crawled from the public chain. We implemented a prototype of EXGEN and evaluated it on Ethereum and EOS benchmarks. EXGEN successfully exploits 1,258/1,399 (89.9%) Ethereum and 126/130 (96.9%) EOS vulnerabilities. EXGEN is also able to find zero-day vulnerabilities on EOS.

Original languageEnglish (US)
JournalIEEE Transactions on Dependable and Secure Computing
StateAccepted/In press - 2022


  • Automated Exploit Generation
  • Blockchain
  • Smart Contract
  • Symbolic Execution

ASJC Scopus subject areas

  • Computer Science(all)
  • Electrical and Electronic Engineering


Dive into the research topics of 'EXGEN: Cross-platform, Automated Exploit Generation for Smart Contract Vulnerabilities'. Together they form a unique fingerprint.

Cite this