In the first two years of the project, we achieved significant breakthroughs in smart contract security, contributing to the development of secure compilation, execution, and dynamic analysis.
One of our core achievements is the Hardening Contract Compiler (HCC), a compiler that automatically integrates security checks into smart contract source code. HCC models contract logic into Code Property Graphs (CPGs), allowing vulnerability detection across different languages and platforms. Our prototype supports the Solidity language for Ethereum and Hyperledger Fabric, mitigating critical issues such as reentrancy attacks, integer bugs, and unchecked calls. We evaluated HCC on a dataset of 10k Solidity contracts, including top Ethereum contracts, demonstrating its effectiveness in protecting complex real-world applications.
We also developed Brigade, a system that mitigates cross-chain attacks—a growing threat in decentralized finance. Brigade secures cross-chain transactions by employing event detection systems to prevent token losses across blockchains like Ethereum, Solana, and Binance Smart Chain. It successfully identified and mitigated eight real-world attacks across these networks.
Based on dynamic program analysis techniques, our EF/CF fuzzer introduces a novel approach for smart contract vulnerability detection. Unlike existing fuzzers, EF/CF leverages conventional software fuzzing tools (e.g. AFL++), made possible through a transpilation pipeline that converts contract bytecode into native C++ code. This approach enables high-throughput fuzzing for complex contracts, identifying vulnerabilities related to reentrancy and cross-contract interactions.
We also investigated security vulnerabilities of smart contracts developed for the Solana blockchain. Solana differs significantly from Ethereum, requiring new dynamic analysis tools. We developed FuzzDelSol, the first binary-only, coverage-guided fuzzer for Solana smart contracts. It detects Solana-specific bugs like missing signer checks and cross-program invocation issues. In an evaluation of 6,049 Solana programs, FuzzDelSol found 92 bugs across 52 contracts.