Sys: DeFi Exploit Detection and Synthesis
- Sys is a knowledge-driven system for end-to-end vulnerability detection and automated exploit synthesis in DeFi, integrating protocol semantics and multi-hop reasoning.
- It employs a Hierarchical Knowledge Graph, LLM-guided working memory construction, SMT-based path validation, and asset-level economic simulation to ensure exploit feasibility.
- Empirical evaluations show high recall and exploit success rates, outperforming traditional methods by synthesizing exploits that recover significant value from DeFi protocols.
\Sys is a knowledge-driven agentic system designed for end-to-end vulnerability detection and automated exploit synthesis in Decentralized Finance (DeFi) smart contracts. Unlike prior tools that treat exploit synthesis as code generation, \Sys frames the problem as structured reasoning grounded in protocol semantics, root cause analysis, and exploit primitive construction. By embedding DeFi knowledge in a Hierarchical Knowledge Graph (HKG) and orchestrating LLM-guided multi-hop reasoning, symbolic validation, and economic simulation, \Sys achieves state-of-the-art results in exploit detection, proof-of-concept construction, and discovered value within the DeFi ecosystem (Liang et al., 4 May 2026).
1. System Architecture and Components
\Sys comprises four core modules arranged into an end-to-end pipeline:
- Hierarchical Knowledge Graph (HKG): Encodes domain knowledge at three abstraction layers—contract semantics, failure modes, and exploit primitives. The HKG serves as long-term memory and supports structured retrieval for reasoning.
- LLM-Guided Multi-Hop Reasoning Agent: Dynamically builds a task-specific Working Memory (WM) from HKG subgraphs, executes breadth-first multi-layer reasoning, and outputs abstract exploit transaction sequences.
- SMT-Based Reachability Checker: Validates logical exploit feasibility via symbolic program path exploration and constraint solving.
- Asset-Level State Simulator: Evaluates exploit scripts for economic viability, simulating token balances and protocol state to ensure exploits yield positive net asset gains.
The workflow is implemented as a pipeline: HKG → WM construction → exploit plan synthesis → reachability validation → concrete exploit script generation → profit simulation → on-chain execution (e.g., via Foundry).
2. Hierarchical Knowledge Graph Structure
The HKG centralizes protocol and exploit knowledge as an ontology-conformant directed graph . Its layers are:
- Contract Semantics Layer (): Nodes represent protocol-level abstractions such as Prot (protocol), Acc (access control), Eco (economic model), Dep (dependency), and their relationships (e.g., enforces, adopts, depends_on). Nodes decompose into primary categories, subcategories, and implementation logic.
- Failure Mode Layer (): Captures FP (failure pattern), Cond (trigger condition), RC (root cause), Imp (impact), Inv (invariant violation), and their causality (e.g., caused_by, needs, can_cause, leads_to).
- Exploit Primitive Layer (): Encodes exploit techniques using Skel (exploit skeleton), Prim (exploit primitive), Ex (example). Primitives are typed by semantic roles: Setup, EnvManip, ExploitAmp, ArbExit.
Cross-layer edges encode causal and exploitative relations, such as Protocol → Failure Pattern or Failure Pattern → Exploit Skeleton. The graph is instantiated in database and embedding backends (Neo4j and Faiss).
Table: Selected Node Types and Relations in HKG
| Layer (Symbol) | Node Types | Example Relations |
|---|---|---|
| Contract () | Prot, Acc, Eco, Dep | enforces, adopts, depends_on |
| Failure () | FP, Cond, RC, Imp, Inv | caused_by, needs, can_cause, leads_to |
| Exploit () | Skel, Prim, Ex | start_at, next, illustrated_by |
The multi-layered design enables precise retrieval and compositional tracing of vulnerability-to-exploit mappings.
3. Exploit Plan Synthesis via Structured Reasoning
Exploit synthesis is operationalized as structured, multi-hop reasoning over the HKG. The LLM agent constructs a working memory tailored to the target protocol's semantics and vulnerability landscape:
- Working Memory Construction: Top- seed nodes (Prots) are retrieved via embedding similarity, then expanded through intra- and inter-layer traversals.
- Multi-Hop Reasoning: Breadth-first expansion through contract semantics to failure patterns, root causes, and possible exploit skeletons. Chain-of-thought (CoT) filtering ensures coherence.
- Exploit Plan Output: The agent outputs an ordered sequence , where each specifies a contract 0, entrypoint 1, parameters 2, and the targeted operation 3.
This structured approach enables compositional and semantically anchored exploit plans, in contrast to surface-level fuzzing or unrestricted LLM code synthesis.
4. Two-Stage Validation: Path Feasibility and Economic Profitability
Validation is staged to ensure only logically and economically sound exploits are retained.
A. SMT-Based Path Reachability
- For each plan transaction 4, symbolic traversal generates call paths and associated predicates 5.
- The system checks satisfiability (6) using Z3; plans with unsatisfiable branch predicates are pruned.
B. Asset-Level State Simulation
- State 7 (balances, on-chain state) is advanced through each action in the exploit script.
- Economic viability is required: exploits are only retained if the simulated wealth change
8
holds under over-approximation of protocol mechanics (slippage and gas omitted).
Only scripts passing both validation stages proceed to concrete deployment.
5. Empirical Evaluation and Comparative Performance
\Sys was benchmarked on three datasets: 72 Code4rena-audited projects (2,573 contracts), 88 historical DeFi attacks, and Secure3-hosted bug bounty programs.
Key results:
- Detection (Code4rena): Recall = 0.98, Precision = 0.82, Accuracy = 0.87, F1-score = 0.90.
- Exploit Reproduction (Historical Attacks): 85/88 exploits successfully reproduced (96.6% Exploit Success Rate), totaling \$116.2M in recovered value.
- Comparative Baselines:
- ItyFuzz ESR ≈ 19.2%
- Verite ESR ≈ 48.1%
- A1 (LLM-based generator) ESR ≈ 48.4%
- \Sys achieves 2–5× higher ESR and 8.5× higher revenue recovery.
In bug bounty scenarios, \Sys found 21 unknown bugs (16 confirmed or fixed), securing \$\mathcal{S}$92,900 in bounties.
6. Case Studies, Impact, and Limitations
Notable case studies include reproduction of high-profile exploits (e.g., uwerx flash-loan, bzx price-manipulation) with matching or exceeding profit versus attacker traces. \Sys demonstrated semantic discovery in cases such as MergeTokenPortal over-minting, connecting root causes in ERC20 fee-on-transfer incompatibilities to actionable PoCs.
Limitations include:
- HKG Quality: The reasoning chain is anchored in curated HKG knowledge; poor data can mislead exploit plan synthesis.
- SMT Scalability: Inter-procedural path constraint solving may scale poorly for highly complex protocols.
- Economic Simulation: The profit model over-approximates AMM behavior and omits slippage, possibly admitting marginally unprofitable candidates.
Future directions encompass automated HKG expansion from live security feeds, integration of gas/slippage models, modular/parallel SMT solvers, and extending coverage to cross-chain/layer-2 protocols.
7. Significance in the DeFi Security Landscape
\Sys marks a departure from both fuzzer-based and unconstrained LLM-based exploit generation approaches by coupling structured DeFi knowledge representation with compositional LLM-guided reasoning and formal-logic validation. Achieving superior recall and exploit success rates, it provides a pathway for scalable, high-fidelity exploit verification and contributes concrete evidence to protocol security postures. The two-stage logical and economic validation ensures practical relevance of generated PoCs, addressing the historical bottleneck of exploit feasibility assessment in DeFi security research (Liang et al., 4 May 2026).