Conference:International World Wide Web Conference (WWW)
CCF level:CCF A
Categories:交叉/综合/新兴
Year:2025
Conference time:Sydney, Australia April – 2 May 2025
9
Title:
SuiGPT MAD: Move AI Decompiler to Improve Transparency and Auditability on Non-Open-Source Blockchain Smart Contract
SuiGPT MAD:移动AI反编译器以提高非开源区块链智能合约的透明度和可审计性
Authors:
Web3、智能合约、透明度、Sui、Move、审计工具、Web 应用、大型语言模型、快速工程
Abstract:
The vision of Web3 is to improve user control over data and assets, but one challenge that complicates this vision is the prevalence of non-transparent, scam-prone applications and vulnerable smart contracts that put Web3 users at risk. While code audits are one solution to this problem, the lack of smart contracts source code on many blockchain platforms, such as Sui, hinders the ease of auditing. A promising approach to this issue is the use of a decompiler to reverse-engineer smart contract bytecode. However, existing decompilers for Sui produce code that is difficult to understand and cannot be directly recompiled. To address this, we developed the SuiGPT Move AI Decompiler (MAD), a Large Language Model (LLM)-powered web application that decompiles smart contract bytecodes on Sui into logically correct, human-readable, and re-compilable source code with prompt engineering. Our evaluation shows that MAD’s output successfully passes original unit tests and achieves a 73.33% recompilation success rate on real-world smart contracts. Additionally, newer models tend to deliver improved performance, suggesting that MAD’s approach will become increasingly effective as LLMs continue to advance. In a user study involving 12 developers, we found that MAD significantly reduced the auditing workload compared to using traditional decompilers. Participants found MAD’s outputs comparable to the original source code, improving accessibility for understanding and auditing non-open-source smart contracts. Through qualitative interviews with these developers and Web3 projects, we further discussed the strengths and concerns of MAD. MAD has practical implications for blockchain smart contract transparency, auditing, and education. It empowers users to easily and independently review and audit non-open-source smart contracts, fostering accountability and decentralization. Moreover, MAD’s methodology could potentially extend to other smart contract languages, like Solidity, further enhancing Web3 transparency.
Web3 的愿景是增强用户对数据和资产的控制,但一个挑战使这一愿景变得更加复杂:不透明、易受诈骗的应用程序和易受攻击的智能合约的盛行,使 Web3 用户面临风险。虽然代码审计是解决这个问题的一种方法,但许多区块链平台(例如 Sui)缺乏智能合约源代码,阻碍了审计的便捷性。解决这个问题的一个有效方法是使用反编译器对智能合约字节码进行逆向工程。然而,现有的 Sui 反编译器生成的代码难以理解,并且无法直接重新编译。为了解决这个问题,我们开发了 SuiGPT Move AI 反编译器 (MAD),这是一款基于大型语言模型 (LLM) 的 Web 应用程序,它可以将 Sui 上的智能合约字节码反编译为逻辑正确、易于阅读且可快速重新编译的源代码。我们的评估表明,MAD 的输出成功通过了原始单元测试,并在实际智能合约中实现了 73.33% 的重新编译成功率。此外,新模型往往会带来更佳的性能,这表明随着 LLM 的不断发展,MAD 方法将变得越来越有效。在一项涉及 12 位开发人员的用户研究中,我们发现与使用传统反编译器相比,MAD 显著减少了审计工作量。参与者发现 MAD 的输出结果与原始源代码相当,从而提高了理解和审计非开源智能合约的可及性。通过对这些开发人员和 Web3 项目进行定性访谈,我们进一步探讨了 MAD 的优势和不足之处。MAD 对区块链智能合约的透明度、审计和教育具有实际意义。它使用户能够轻松独立地审查和审计非开源智能合约,从而促进问责制和去中心化。此外,MAD 的方法论还可以扩展到其他智能合约语言,例如 Solidity,从而进一步增强 Web3 的透明度。
https://dl.acm.org/doi/pdf/10.1145/3696410.3714790
10
Title:
TimeChain: A Secure and Decentralized Off-chain Storage System for IoT Time Series Data
TimeChain:一个用于物联网时间序列数据的安全且去中心化的链下存储系统
Authors:
Abstract:
Blockchain-based distributed storage systems offer enhanced security, transparency, and lower costs compared to traditional centralized storage, making them ideal for peer-to-peer collaboration. However, with the trend towards the Web of Things (WoT), lower transaction speeds and higher computational requirements limit their access to high-density data such as IoT. To address this, we propose TimeChain, an efficient off-chain blockchain storage system for IoT time series data. TimeChain batches discrete time series data, storing only the hash value of each batch on-chain while keeping the complete data off-chain. This significantly reduces storage overhead on the blockchain and storage latency by 37.4 times. TimeChain adopts an adaptive packaging mechanism to reduce the additional latency in range queries by converting the batch processing problem into a graph partitioning problem. To reduce the overhead of node selection, TimeChain integrates a node selection mechanism based on consensus protocol, combining node selection and consensus processes together. TimeChain also proposes a Locality-Sensitive Hashing tree-based data integrity verification mechanism to reduce transmission size. Our evaluation shows a reduction in query latency by 64.6% and storage latency by 35.3% compared to existing systems.
基于区块链的分布式存储系统相比传统的中心化存储,具有更高的安全性、透明度和更低的成本,使其成为点对点协作的理想选择。然而,随着物联网 (WoT) 的发展,较低的交易速度和更高的计算要求限制了其对物联网 (IoT) 等高密度数据的访问。为了解决这个问题,我们提出了 TimeChain,一个高效的物联网时间序列链下区块链存储系统。TimeChain 对离散时间序列数据进行批处理,仅将每个批次的哈希值存储在链上,同时将完整的数据保留在链下。这显著降低了区块链上的存储开销,并将存储延迟降低了 37.4 倍。TimeChain 采用自适应打包机制,将批处理问题转化为图分区问题,从而减少了范围查询中的额外延迟。为了降低节点选择的开销,TimeChain 集成了基于共识协议的节点选择机制,将节点选择和共识过程结合在一起。TimeChain 还提出了一种基于局部敏感哈希树的数据完整性验证机制,以减少传输大小。我们的评估表明,与现有系统相比,查询延迟减少了 64.6%,存储延迟减少了 35.3%。
https://dl.acm.org/doi/10.1145/3696410.3714791
11
Title:
Hunting in the Dark Forest: A Pre-trained Model for On-chain Attack Transaction Detection in Web3
黑暗森林狩猎:Web3 中用于链上攻击交易检测的预训练模型
Authors:
Abstract:
In recent years, a large number of on-chain attacks have emerged in the blockchain empowered Web3 ecosystem. In the year of 2023 alone, on-chain attacks have caused losses of over 585 million. Attackers use blockchain transactions to carry out on-chain attacks, for example, exploiting vulnerabilities or business logic flaws in Web3 applications. A wealth of efforts have been devoted to detecting on-chain attack transactions through expert patterns and machine learning techniques. However, in this ever-evolving ecosystem, the performance of current methods is limited in detecting new on-chain attacks, due to the obsoleting of attack recognition patterns or the reliance on on-chain attack samples. In this paper, we propose a universal approach for detecting on-chain attacks even when there are few or even no new on-chain attack samples. Specifically, an in-depth analysis of the transaction characteristics is conducted, and we propose a new insight to train a generic attack transaction detecting model, i.e., transaction reconstruction. Particularly, to overcome the over-fitting in the transaction reconstruction task, we use the web-scale function comments related to transactions as supervision information, rather than expert-confirmed labels. Experimental results demonstrate that the proposed approach surpasses the supervised state-of-the-art by 13% in AUC, with just 30 known on-chain attack samples. Moreover, without any known attack samples, our method can still detect new on-chain attacks in the wild (with a precision of 61.83%). Among attacks detected in the wild, we confirm 1,692 address poisoning attacks, a new type of on-chain attack targeting token holders. Our code is available at: https://github.com/wuzhy1ng/attack_trans_detection_www25.
近年来,在区块链赋能的 Web3 生态系统中,链上攻击层出不穷。仅在 2023 年,链上攻击就造成了超过 5.85 亿美元的损失。攻击者利用区块链交易发起链上攻击,例如利用 Web3 应用程序中的漏洞或业务逻辑缺陷。目前,人们已投入大量精力,利用专家模式和机器学习技术来检测链上攻击交易。然而,在这个不断发展的生态系统中,由于攻击识别模式的过时或对链上攻击样本的依赖,现有方法在检测新的链上攻击方面表现有限。本文提出了一种通用的链上攻击检测方法,即使在新的链上攻击样本很少甚至没有的情况下也能有效检测链上攻击。具体而言,我们深入分析了交易特征,并提出了一种训练通用攻击交易检测模型的新思路——交易重构。特别地,为了克服交易重构任务中的过拟合问题,我们使用与交易相关的网络规模函数注释作为监督信息,而非专家确认的标签。实验结果表明,仅使用 30 个已知的链上攻击样本,该方法的 AUC 就比目前最佳监督方法高出 13%。此外,在没有任何已知攻击样本的情况下,我们的方法仍然可以检测到在野外发生的新型链上攻击(准确率达到 61.83%)。在检测到的在野攻击中,我们确认了 1,692 起地址投毒攻击,这是一种针对代币持有者的新型链上攻击。我们的代码位于:https://github.com/wuzhy1ng/attack_trans_detection_www25。
https://dl.acm.org/doi/10.1145/3696410.3714928
12
Title:
Bridging Culture and Finance: A Multimodal Analysis of Memecoins in the Web3 Ecosystem
连接文化与金融:Web3 生态系统中 Memecoin 的多模态分析
Authors:
Memecoin, Web3, Multimodal Analysis, Blockchain
Memecoin、Web3、多模态分析、区块链
Abstract:
Memecoins, driven by social media engagement and cultural narratives, have rapidly grown within the Web3 ecosystem. Unlike traditional cryptocurrencies, they are shaped by humor, memes, and community sentiment. This paper introduces the Coin-Meme dataset, an open-source collection of visual, textual, community, and financial data from the Pump.fun platform on the Solana blockchain. We also propose a multimodal framework to analyze memecoins, uncovering patterns in cultural themes, community interaction, and financial behavior. Through clustering, sentiment analysis, and word cloud visualizations, we identify distinct thematic groups centered on humor, animals, and political satire. Additionally, we provide financial insights by analyzing metrics such as Market Entry Time and Market Capitalization, offering a comprehensive view of memecoins as both cultural artifacts and financial instruments within Web3. The Coin-Meme dataset is publicly available at https://github.com/hwlongCUHK/Coin-Meme.git.
在社交媒体参与和文化叙事的推动下,Memecoin 在 Web3 生态系统中迅速发展。与传统加密货币不同,它们受幽默、模因和社区情绪的影响。本文介绍了 Coin-Meme 数据集,这是一个来自 Solana 区块链上 Pump.fun 平台的开源视觉、文本、社区和财务数据集合。我们还提出了一个多模态框架来分析Memecoin,揭示其在文化主题、社区互动和财务行为中的模式。通过聚类、情绪分析和词云可视化,我们识别出以幽默、动物和政治讽刺为中心的不同主题类别。此外,我们还通过分析市场进入时间和市值等指标来提供财务洞察,从而全面展现模因币作为 Web3 生态系统中的文化产物和金融工具的双重身份。Coin-Meme 数据集已公开发布,网址为 https://github.com/hwlongCUHK/Coin-Meme.git。
https://dl.acm.org/doi/pdf/10.1145/3701716.3715561
关注我们,持续接收区块链最新论文
洞察区块链技术发展趋势
Follow us to keep receiving the latest blockchain papers