The last 18 months have seen an explosion of activity in both industry and research in the Generative AI space, specifically Large Language Models (LLMs). Smart contract vulnerability detection is no exception; as smart contracts exist on public chains and can have billions of dollars transacted daily, continuous improvement in vulnerability detection is crucial. This has led to many researchers investigating the usage of generative large language models (LLMs) to aid in detecting vulnerabilities in smart contracts. This paper presents a systemic review of the current LLM-based smart contract vulnerability detection tools, comparing them against traditional static and dynamic analysis tools like Slither and Mythril. Our analysis highlights key areas where each performs better and shows that while these tools show promise, the LLM-based tools available for testing are not ready to replace more traditional tools. We conclude with recommendations on how LLMs are best used in the vulnerability detection process and offer insights for improving on the state-of-the-art via hybrid approaches and targeted pre-training of much smaller models.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

GenDetect: Generative Large Language Model Usage in Smart Contract Vulnerability Detection

  • Peter Ince,
  • Jiangshan Yu,
  • Joseph K. Liu,
  • Xiaoning Du,
  • Xiapu Luo

摘要

The last 18 months have seen an explosion of activity in both industry and research in the Generative AI space, specifically Large Language Models (LLMs). Smart contract vulnerability detection is no exception; as smart contracts exist on public chains and can have billions of dollars transacted daily, continuous improvement in vulnerability detection is crucial. This has led to many researchers investigating the usage of generative large language models (LLMs) to aid in detecting vulnerabilities in smart contracts. This paper presents a systemic review of the current LLM-based smart contract vulnerability detection tools, comparing them against traditional static and dynamic analysis tools like Slither and Mythril. Our analysis highlights key areas where each performs better and shows that while these tools show promise, the LLM-based tools available for testing are not ready to replace more traditional tools. We conclude with recommendations on how LLMs are best used in the vulnerability detection process and offer insights for improving on the state-of-the-art via hybrid approaches and targeted pre-training of much smaller models.