A Smart Contract Vulnerability Detection Manner Based on Large Language Model
摘要
In this research, we introduce an advanced approach for the detection of smart contract vulnerabilities leveraging Large Language Models (LLMs). Smart contracts are pivotal in the ecosystem of decentralized finance (DeFi), functioning as automated protocols for data management and transaction execution. The foundation of numerous blockchain-based applications lies in smart contract technology. Nevertheless, these contracts’ code vulnerabilities can become targets for malicious exploitation, leading to substantial financial damages, exemplified by the 2016 Dao smart contract incident which incurred a loss of 55 million USD. In response to such challenges, detection mechanisms for smart contract vulnerabilities have been devised, drawing upon conventional static analysis, fuzzy testing, and machine learning methodologies. Owing to the swift progression of LLMs, such as GPT, a broad spectrum of entities has adopted these models for routine operational management. By recognizing LLMs’ inherent capability to comprehend programming code, we investigate their aptitude for identifying smart contract vulnerabilities. We have integrated prompt engineering techniques, including the Chain of Thought (CoT), Plan-and-Solve, and few-shot learning, to augment the LLMs’ vulnerability detection efficacy. Furthermore, a sequence of empirical studies has been orchestrated to validate the effectiveness of our proposed prompt engineering strategies against diverse smart contract vulnerabilities.