TY - GEN
T1 - Verifying Event Completeness and Consistency in Token Contracts via Static Analysis and LLMs
AU - Li, Shangwang
AU - Wang, Haijun
AU - Wu, Hao
AU - Wu, Yin
AU - Fan, Ming
AU - Zhao, Yitao
AU - Liu, Ting
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - To ensure transparency and auditability, smart contracts on blockchain support event mechanisms that systematically log and record critical state changes, enabling external applications and users to monitor contract execution and track important transactions. Token contracts such as ERC20 must implement specific events like Transfer and Approval to accurately track asset movements and maintain system transparency. However, malicious developers may exploit incomplete or inconsistent event implementations to conceal operations, mislead users, and introduce security risks. In this paper, we propose TEGuard, a novel approach to verify event completeness and consistency in Token contracts by combining static analysis with large language models (LLMs). For completeness, we use flow analysis to identify blocks modifying critical state variables and extract related control flow to check whether required events are emitted. For consistency, we construct structured data dependency graphs through backward data flow analysis to extract event semantics and code semantics, employing a dual-LLM framework integrated with contract code snippet to verify semantic consistency. Our approach is designed to strengthen the security foundation of token contracts by addressing critical event-related vulnerabilities. We presented preliminary experimental results to validate the effectiveness of TEGuard.
AB - To ensure transparency and auditability, smart contracts on blockchain support event mechanisms that systematically log and record critical state changes, enabling external applications and users to monitor contract execution and track important transactions. Token contracts such as ERC20 must implement specific events like Transfer and Approval to accurately track asset movements and maintain system transparency. However, malicious developers may exploit incomplete or inconsistent event implementations to conceal operations, mislead users, and introduce security risks. In this paper, we propose TEGuard, a novel approach to verify event completeness and consistency in Token contracts by combining static analysis with large language models (LLMs). For completeness, we use flow analysis to identify blocks modifying critical state variables and extract related control flow to check whether required events are emitted. For consistency, we construct structured data dependency graphs through backward data flow analysis to extract event semantics and code semantics, employing a dual-LLM framework integrated with contract code snippet to verify semantic consistency. Our approach is designed to strengthen the security foundation of token contracts by addressing critical event-related vulnerabilities. We presented preliminary experimental results to validate the effectiveness of TEGuard.
KW - dataflow analysis
KW - event analysis
KW - LLM
KW - smart contract
UR - https://www.scopus.com/pages/publications/105017862018
U2 - 10.1109/CCSB66722.2025.11154237
DO - 10.1109/CCSB66722.2025.11154237
M3 - 会议稿件
AN - SCOPUS:105017862018
T3 - 2025 5th International Conference on Computer Science and Blockchain, CCSB 2025
SP - 199
EP - 203
BT - 2025 5th International Conference on Computer Science and Blockchain, CCSB 2025
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 5th International Conference on Computer Science and Blockchain, CCSB 2025
Y2 - 1 August 2025 through 3 August 2025
ER -