In this research, we introduce an advanced approach for the detection of smart contract vulnerabilities leveraging Large Language Models (LLMs). Smart contracts are pivotal in the ecosystem of decentralized finance (DeFi), functioning as automated protocols for data management and transaction execution. The foundation of numerous blockchain-based applications lies in smart contract technology. Nevertheless, these contracts’ code vulnerabilities can become targets for malicious exploitation, leading to substantial financial damages, exemplified by the 2016 Dao smart contract incident which incurred a loss of 55 million USD. In response to such challenges, detection mechanisms for smart contract vulnerabilities have been devised, drawing upon conventional static analysis, fuzzy testing, and machine learning methodologies. Owing to the swift progression of LLMs, such as GPT, a broad spectrum of entities has adopted these models for routine operational management. By recognizing LLMs’ inherent capability to comprehend programming code, we investigate their aptitude for identifying smart contract vulnerabilities. We have integrated prompt engineering techniques, including the Chain of Thought (CoT), Plan-and-Solve, and few-shot learning, to augment the LLMs’ vulnerability detection efficacy. Furthermore, a sequence of empirical studies has been orchestrated to validate the effectiveness of our proposed prompt engineering strategies against diverse smart contract vulnerabilities.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Smart Contract Vulnerability Detection Manner Based on Large Language Model

  • I-Fang Su,
  • Shun-Ming Wang,
  • Yu-Chi Chung,
  • Yi-Hsien Tsai

摘要

In this research, we introduce an advanced approach for the detection of smart contract vulnerabilities leveraging Large Language Models (LLMs). Smart contracts are pivotal in the ecosystem of decentralized finance (DeFi), functioning as automated protocols for data management and transaction execution. The foundation of numerous blockchain-based applications lies in smart contract technology. Nevertheless, these contracts’ code vulnerabilities can become targets for malicious exploitation, leading to substantial financial damages, exemplified by the 2016 Dao smart contract incident which incurred a loss of 55 million USD. In response to such challenges, detection mechanisms for smart contract vulnerabilities have been devised, drawing upon conventional static analysis, fuzzy testing, and machine learning methodologies. Owing to the swift progression of LLMs, such as GPT, a broad spectrum of entities has adopted these models for routine operational management. By recognizing LLMs’ inherent capability to comprehend programming code, we investigate their aptitude for identifying smart contract vulnerabilities. We have integrated prompt engineering techniques, including the Chain of Thought (CoT), Plan-and-Solve, and few-shot learning, to augment the LLMs’ vulnerability detection efficacy. Furthermore, a sequence of empirical studies has been orchestrated to validate the effectiveness of our proposed prompt engineering strategies against diverse smart contract vulnerabilities.