San Francisco, the United States, December 17th, 2025, FinanceWire
BitsLab’s audit and security research brand MoveBit has released a new research work, “Belobog: Move Language Fuzzing Framework For Real-World Smart Contracts” (arXiv: 2512.02918, preprint). The paper is publicly available on arXiv: https://arxiv.org/abs/2512.02918.
Move has become a foundational language for many Web3 developers. Its strong type system and resource-oriented semantics provide strict guarantees around asset ownership, unauthorised transfers, and data race prevention, which is why multiple ecosystems increasingly deploy critical assets and core protocols on Move to achieve stronger security and lower systemic risk.
However, MoveBit’s long-term auditing shows that critical vulnerabilities rarely arise from obvious issues such as syntax errors or type mismatches. Instead, they arise from real-world system complexity — cross-module interactions, hidden assumptions, and composable call sequences — explaining why high-impact incidents still occur and why Move security research must go further.
According to MoveBit, a key gap is the absence of an effective fuzzing solution tailored to Move. Its stricter constraints make traditional fuzzing ineffective, as generating transaction sequences that are both type-correct and semantically reachable is difficult; when executions fail, deep states and absolute vulnerability paths remain unexplored.
To address this challenge, MoveBit collaborated with a university research team to develop and publish the Belobog research, releasing it on arXiv as a preprint to share early progress and gather community feedback. The work is being submitted to PLDI’26, with updates to be shared after the submission outcome and peer review are completed.
Making Fuzzing “Run in” Move: From Random Trial-and-Error to Type Guidance
Belobog’s core idea is simple: since Move’s type system is fundamental, fuzzing should use types as guidance rather than an obstacle. Traditional random or mutation-based fuzzing in Move produces mostly invalid inputs, leading to frequent execution failures and little meaningful coverage before deeper states can be reached.
Belobog equips the fuzzer with a “map.” By building a type graph from Move’s type semantics, it guides transaction generation and mutation along valid type relationships, producing executable call sequences that move deeper into the contract’s state space.
MoveBit emphasises that the practical value of this change is not primarily about more complex algorithms, but about direct outcomes: a higher ratio of effective samples, improved exploration efficiency, and a better chance of reaching deeper paths where real-world vulnerabilities often occur.
Handling Heavy Constraints: Using Concolic Execution to “Open the Door”
In real Move contracts, critical logic is often protected by layers of checks and constraints, making mutation-only fuzzing prone to getting stuck at boundaries. Belobog addresses this with concolic execution, combining concrete execution with symbolic guidance to satisfy branch conditions, penetrate guarded paths, and reach deeper states with greater coverage.
MoveBit highlights this as particularly relevant in Move, where multiple layers of constraints can reinforce confidence in safety, while meaningful issues may remain hidden in the interactions among those constraints. Belobog’s objective is to push testing closer to these “gaps.”
Aligning With the Real World: Beyond Demos Toward Real Attack Paths
MoveBit positions Belobog as a framework evaluated against real projects and real vulnerability conclusions, rather than focusing on limited demo scenarios. Based on the paper’s reported experimental results, Belobog was assessed on 109 real-world Move innovative contract projects and detected 100% of Critical vulnerabilities and 79% of Major vulnerabilities, as confirmed by human security experts.
A further point highlighted in the work is that Belobog can reproduce full exploits from real on-chain incidents without relying on prior knowledge of vulnerabilities. The stated value of this capability is that it more closely reflects real adversarial conditions: attackers often succeed not through a single isolated function bug, but through complete paths and state evolution.
Framing the Work: Not Just “Another Tool”
MoveBit emphasises that this work is not just a single tool, but a practical direction that translates real-world security experience into reusable, verifiable methods. In this sense, Belobog is not “another fuzzer,” but a step toward more realistic Move fuzzing — able to execute reliably, reach deeper states, and better reflect real attack paths.
The team describes Belobog as a developer-friendly framework designed to lower adoption barriers and support continuous security testing within existing workflows, rather than one-off fuzzing. MoveBit also plans to open-source Belobog, positioning it as shared community infrastructure rather than a standalone experimental tool.
Paper (preprint): https://arxiv.org/abs/2512.02918
(Also submitted to PLDI’26 and currently awaiting peer review.)
About MoveBit
MoveBit is a subsidiary brand of BitsLab and a blockchain security company focused on the Move ecosystem. It was an early adopter of formal verification in Move and one of the earliest contributors to the ecosystem. The team combines academic and industry security expertise, with research published at top conferences such as NDSS and CCS, and provides comprehensive security audit services for leading global projects.
