Skip to content

w030w/VCScope

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
data/processed
data/processed
 
 
results
results
 
 
sol-env
sol-env
 
 
tasks
tasks
 
 
.gitattributes
.gitattributes
 
 
llm_config.json
llm_config.json
 
 
readme.md
readme.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

VCScope

VCScope is a static analysis tool designed to detect security issues in signature verification functions (VFs) used in off-chain signing and on-chain verification (OSOV) workflows. This artifact accompanies the paper:

Huixin Wang, Kailun Yan (✉️), and Wenrui Diao (✉️). From Patterns to Precision: LLM-Guided Detection of Signature Verification Flaws in Smart Contracts. The 33rd IEEE International Conference on Software Analysis, Evolution, and Reengineering, Limassol, Cyprus. March 17-20, 2026.

Overview

Off-chain Signing and On-chain Verification (OSOV) is a widely adopted pattern in decentralized systems. This artifact provides:

  • The source code for the rule-based static analysis tool.
  • LLM prompt design and summarization outputs.
  • Datasets of real-world verification functions.
  • All scripts required to reproduce the evaluation results in the paper.

Project Structure

.
├── tasks/                     # Main Python scripts for different pipeline stages
├── tasks/detection/           # Rule-based analysis modules
├── data/processed/            # Real-world VF dataset (JSONs, zipped contracts)
├── results/                   # Detection results, LLM outputs, and summaries
├── sol-env/                   # Solidity environment including OpenZeppelin contracts
├── llm_config.json            # Configuration for LLM prompts
├── readme.md                  # This file

Requirements

  • Python 3.12+
  • Ubuntu 22.04.5 LTS (tested)
  • Slither (pip install slither-analyzer)
  • Other dependencies listed in requirements.txt

Reproducing Results

To run the entire detection pipeline:

# Step 1: Similar Function Detection
python tasks/1_1_similar_detection.py

# Step 2: Usage Analysis with LLM Summaries
python tasks/2_1_usage_analysis.py

# Step 3: Rule-based Detection
python tasks/3_1_detection.py

Each script in tasks/ performs a distinct step:

  • 1_x scripts: grouping and fingerprinting functions

  • 2_x scripts: LLM-based summarization

  • 3_x scripts: detection and result comparison

Data

  • Over 22,000 real-world VFs collected and analyzed

  • Field usage statistics and summaries: results/llm/meta_summary/

  • Detection results: results/detect/

License

This artifact is released solely for evaluation purposes under the terms of the conference artifact evaluation process.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages