Candidate: Behkish Nassirzadeh
Date: August 8, 2025
Time: 1:00 PM
Location: Online - contact the candidate for more information.
Supervisor(s): Dr. Anwar Hasan, Dr. Vijay Ganesh (Adjunct)
Abstract:
The adoption of blockchain technologies in security-critical and high-throughput do- mains remains limited by persistent challenges in scalability, reliability, and automated vulnerability mitigation. This thesis presents a cohesive body of work that addresses two fundamental limitations of modern blockchain systems: the difficulty of ensuring safe, efficient execution in smart contracts and the lack of robust mechanisms for secure data connectivity through decentralized oracle networks (DONs).
To address the first challenge, we introduce a suite of tools, GasGauge, GasGuard, and GasGaugeAI, that advance the detection, analysis, and automated repair of gas-related Denial-of-Service (DoS) vulnerabilities in Ethereum smart contracts. GasGauge lever- ages static-dynamic analysis to model safe loop bounds and identify Out-of-Gas (OOG) risks. GasGuard builds on this foundation by integrating a fine-tuned large language model (LLM) to insert guard conditions that prevent unsafe execution automatically. GasGaugeAI extends the pipeline with a novel dual-LLM framework that classifies state-dependent vulnerabilities, generates Foundry-based test cases, synthesizes function-level repairs, and validates fixes iteratively. Across hundreds of real-world contracts, these systems demonstrate the potential of AI-guided repair to drastically reduce manual auditing efforts and prevent exploitable gas exhaustion patterns.
Beyond contract-level vulnerabilities, this thesis tackles the broader problem of trustworthy data connectivity in decentralized applications. We propose CountChain, a game-theoretic decentralized oracle network for secure aggregation in counting systems. Built on this foundation, AdChain applies DON principles to online advertising, mitigating discrepancy fraud through incentive-aligned protocols and Prebid.js integration. Our experiments show that CountChain and AdChain offer both scalability and provable security under rational adversaries.
We further unify these contributions through a formal analysis of blockchain vulnerabilities at multiple levels, smart contracts, consensus layers, and oracles, highlighting common attack surfaces and mapping mitigation strategies using static analysis, fuzzing, and LLM-based repair. Finally, we explore how emerging AI methods, particularly LLMs and program synthesis tools, offer a scalable path forward for building self-healing blockchain systems.
Together, the tools, systems, and theoretical insights presented in this thesis contribute to the vision of blockchain infrastructures that are both secure and scalable by design, bridging the gap between automated repair and game-theoretic connectivity.