Belobog: Move Language Fuzzing Framework For Real-World Smart Contracts

Move is a research-oriented programming language designed for secure and verifiable smart contract development and has been widely used in managing billions of digital assets in blockchains, such as Sui and Aptos. Move features a strong static type system and explicit resource semantics to enforce safety properties such as the prevention of data races, invalid asset transfers, and entry vulnerabilities. However, smart contracts written in Move may still contain certain vulnerabilities that are beyond the reach of its type system. It is thus essential to validate Move smart contracts. Unfortunately, due to its strong type system, existing smart contract fuzzers are ineffective in producing syntactically or semantically valid transactions to test Move smart contracts. This paper introduces the first fuzzing framework, Belobog, for Move smart contracts. Belobog is type-aware and ensures that all generated and mutated transactions are well-typed. More specifically, for a target Move smart contract, Belobog first constructs a type graph based on Move’s type system, and then generates or mutates a transaction based on the graph trace derived from the type graph. In order to overcome the complex checks in Move smart contracts, we further design and implement a concolic executor in Belobog. We evaluated Belobog on 109 real-world Move smart contract projects. The experimental results show that Belobog is able to detect 100% critical and 79% major vulnerabilities manually audited by human experts. We further selected two recent notorious incidents in the Move ecosystem, i.e., Cetus and Nemo. Belobog successfully reproduced full exploits for both of them, without any prior knowledge. Moreover, we applied Belobog on three ongoing auditing projects and found 2 critical, 2 major, and 3 medium new vulnerabilities, all acknowledged by the project developers.

💡 Research Summary

The paper presents Belobog, the first fuzzing framework specifically designed for Move smart contracts. Move’s strong static type system and resource‑oriented semantics provide safety guarantees, yet logical bugs and design flaws can still exist beyond what the type system can catch. Existing fuzzers built for the Ethereum Virtual Machine (EVM) fail on Move because they cannot generate well‑typed transactions; most inputs are rejected by the Move Virtual Machine before any code is exercised.

Belobog addresses three core challenges inherent to Move: (1) object type safety, (2) generic type parameters of functions and structs, and (3) object abilities (drop, store, etc.) that dictate how objects can be created, transferred, or consumed. The authors illustrate these challenges with a simple contract containing a flash‑loan function loan<T> that returns a Coin<T> and a “hot‑potato” object Receipt<T> which must be consumed in the same transaction. Real‑world analysis of two billion Sui transactions shows that over 80 % of the most‑used packages contain at least one type parameter or a hot‑potato object, confirming the prevalence of these features.

The core of Belobog is a type graph constructed from the Move module’s definitions. Nodes represent struct types, function signatures, and abilities; edges encode production/consumption relationships, type‑parameter bindings, and ability constraints. This graph captures all static constraints required for a transaction to be well‑typed. Using the graph, Belobog can:

• Randomly generate a transaction by selecting a seed function node, then walking the graph to add prerequisite calls that produce required input objects, ensuring that every hot‑potato object is later consumed. Concrete type parameters are instantiated consistently across the transaction.
• Mutate existing seed transactions (changing constants, adding or removing calls) while re‑validating against the graph to preserve type correctness.
• Concolic execution: after a syntactically valid transaction is built, Belobog runs it on the Move VM while simultaneously tracking symbolic constraints on primitive inputs (e.g., u64). An SMT solver (Z3) is invoked to solve branch conditions, allowing the fuzzer to explore hard‑coded checks that pure random values would miss.

Implementation details include automatic extraction of the type graph from Move’s intermediate representation, a dynamic object pool that crawls on‑chain objects related to the target contract, and integration with a lightweight AFL‑style mutation engine. The concolic executor is tightly coupled with the VM to keep execution overhead modest (≈300 ms per transaction including symbolic solving).

Evaluation was performed on 109 real‑world Move projects (78 from a commercial audit firm, 31 from prior academic work). Belobog generated over 100 k transactions and achieved the following results:

• Detected 100 % of manually verified critical vulnerabilities and 79 % of major ones.
• Reproduced full exploits for the high‑profile Cetus ($200 M loss) and Nemo ($2.6 M loss) incidents without any prior knowledge of the bugs.
• In three ongoing audit engagements, uncovered 7 new bugs (2 critical, 2 major, 3 medium), all acknowledged by the developers.

Compared to state‑of‑the‑art Move fuzzers (ItyFuzz, Sui‑Fuzzer), Belobog raised the proportion of valid transactions from 0 % to ≈95 % and dramatically increased code‑path coverage thanks to the concolic component.

Limitations and future work: The current prototype focuses on Aptos and Sui; extending to other Move‑based chains will require handling additional module loading semantics. The type‑graph construction can become costly for contracts with many external dependencies, and the concolic executor may suffer performance degradation on contracts with deep recursion or large loops. Optimizations such as incremental graph updates, path pruning, or more efficient symbolic engines are suggested.

In conclusion, Belobog demonstrates that a type‑aware, graph‑guided approach combined with concolic execution can bridge the gap between Move’s compile‑time safety guarantees and dynamic testing needs. It provides a practical, scalable solution for uncovering logical vulnerabilities in Move smart contracts, paving the way for more robust security assurance in emerging Move‑based blockchain ecosystems.