Zero-Shot Detection of Bytecode-Level Ponzi Contract Using LLM
摘要
Smart contracts on Ethereum have driven the development of decentralized financial applications, but they have also become a breeding ground for fraudulent activities, particularly Ponzi schemes. These schemes often obscure the flow of funds and the relationships among participants, making their true nature difficult to detect–especially when only the contract’s bytecode is publicly available. Conventional detection methods largely depend on access to source code or large-scale labeled datasets to train supervised learning models. However, in real-world blockchain environments, only compiled bytecode is typically accessible on-chain, and obtaining labeled data is costly and often impractical. To address this challenge, we propose a novel approach to identify Ponzi schemes directly from Ethereum bytecode, without relying on source code or labeled data. Under a zero-shot setting, we utilize large language models to interpret and assess critical code fragments extracted from the contract, aiming to judge whether their functionality matches typical Ponzi-like fund behaviors. Our method first decompiles the bytecode into an intermediate form that preserves key semantic information, then constructs a data flow graph to represent data dependencies and control flow relationships within the contract. Based on this graph, we apply a set of manually defined rules to locate and extract code segments that are strongly related to fund transfer logic. These segments are then provided to the language model for further reasoning and judgment. By integrating bytecode analysis with LLM-based interpretation, our method can detect suspicious fund flow patterns even when the original source code is not available.