GasGuard: An LLM-Based Automated Gas Vulnerability Detection and Mitigation System
摘要
Security concerns are a critical barrier to the mass adoption of blockchain. Among the various security challenges, gas-related vulnerabilities constitute a significant challenge to detect and repair. Existing tools fail to accurately identify these vulnerabilities, necessitating expensive and time-consuming manual audits. This paper introduces GasGuard, one of the first LLM-based automated vulnerability detection and mitigation tools designed to address gas-based vulnerabilities in Ethereum smart contracts. GasGuard extends the capabilities of the Gas Gauge tool by integrating a novel LLM-driven mitigation mechanism that not only detects but also automatically prevents gas wastage without manual intervention. Our approach involves a new static analyzer that efficiently processes contract data and reports, a comprehensive data set derived from more than 900 loops in real-world smart contracts, and a fine-tuned LLM. Our extensive experimental evaluation on over 60 prompt-engineered and fine-tuned GPT models demonstrates that GasGuard can achieve an accuracy of over 98%. Finally, GasGuard represents a significant advancement in smart contract security. It provides a proof of concept that similar approaches can be utilized to address other types of vulnerabilities, significantly reducing the time and cost of smart contract auditing.