Security Researchers Uncover 100+ Compiler Bugs Using LLM-Assisted Fuzzing

Summary

A comprehensive technical investigation into compiler fuzzing for smart-contract languages has revealed over 100 previously unknown bugs across five major compilers: Sui Move, Cairo, Solang, Solidity, and Leo. The research demonstrates how coverage-guided fuzzing combined with LLM-assisted mutators can effectively target compiler internals beyond simple parser failures.

Unlike traditional fuzzing approaches that focus on lexer/parser crashes, this work generates structurally valid programs to trigger bugs in semantic analysis, type checking, and code generation passes. The methodology adapts established fuzzing techniques to the unique challenges of small-language compilers, which have limited optimization passes and smaller corpus sizes compared to mainstream languages like C/C++.

The research includes detailed discussions of fuzzing harness design, custom mutators leveraging LLMs and tree-sitter grammars, corpus collection strategies, and automated triage workflows. All bugs discovered were triggered against mature, production-grade, audited compilers running valid code—not malformed input—making these findings particularly significant for blockchain development security.

• Automated triage and LLM-assisted bug minimization dramatically improve fuzzing workflow efficiency and scalability
• Bugs found in mature, production compilers against valid code represent real security risks for smart contract ecosystems

Editorial Opinion

This research exemplifies how LLM-assisted techniques are unlocking new capabilities in security and quality assurance domains. The ability to leverage LLMs for grammar-aware test case generation represents a meaningful advance in compiler fuzzing methodology. For smart contract development, where security is paramount, these findings underscore that even thoroughly audited production compilers benefit from rigorous, AI-enhanced fuzzing campaigns.