This work addresses the constraint pollution problem that commonly hinders hybrid fuzzing in smart contract vulnerability discovery—where path conditions are cluttered with irrelevant global state variables and defensive checks, leading to SMT solver timeouts. To mitigate this, the authors propose NeuroSCA, a novel framework that integrates large language models (LLMs) into hybrid fuzzing as a semantic constraint abstraction layer. NeuroSCA retains only the core constraints relevant to the target branch for solving, while ensuring completeness and correctness through a validator-in-the-loop mechanism. By synergistically combining LLMs, symbolic execution, SMT solving, and gray-box fuzzing, the approach significantly accelerates the solving of polluted paths, achieving higher code coverage and vulnerability detection rates on real-world contracts without incurring performance overhead on simpler contracts, all while maintaining manageable computational costs.

Hybrid fuzzing combines greybox fuzzing's throughput with the precision of symbolic execution to uncover deep smart contract vulnerabilities. However, its effectiveness is often limited by constraint pollution: in real world contracts, path conditions pick up semantic noise from global state and defensive checks that are syntactically intertwined with, but semantically peripheral to, the target branch, causing SMT timeouts. We propose NeuroSCA (Neuro-Symbolic Constraint Abstraction), a lightweight framework that selectively inserts a Large Language Model (LLM) as a semantic constraint abstraction layer. NeuroSCA uses the LLM to identify a small core of goal-relevant constraints, solves only this abstraction with an SMT solver, and validates models via concrete execution in a verifier-in-the-loop refinement mechanism that reintroduces any missed constraints and preserves soundness. Experiments on real-world contracts show that NeuroSCA speeds up solving on polluted paths, increases coverage and bug-finding rates on representative hard contracts, and, through its selective invocation policy, achieves these gains with only modest overhead and no loss of effectiveness on easy contracts.