Framework for Smart Contract Vulnerability Detection
Faculty Mentor Information
Dr. Gaby Dagher (Mentor), Boise State University
Presentation Date
7-2024
Abstract
This research presents an improved, scalable framework that detects potential vulnerabilities in smart contracts. The framework is implemented in an automated system that utilizes large language models to analyze smart contracts and returns vulnerabilities, especially those likely to be exploited. The identified vulnerabilities are presented in a knowledge graph with detailed reasoning steps, decisions, and evidence. This knowledge graph is provided to the language model with another knowledge graph consisting of Solidity constructs and syntax to increase accuracy by achieving in-context learning. As an improvement to this framework’s predecessor’s accuracy, a new large language model agent, Tracer, is implemented. Tracer creates a knowledge graph of a smart contract’s function relation and an execution call trace. The effectiveness of the framework was evaluated on a dataset of historical Solidity vulnerabilities. The framework successfully identified vulnerabilities in smart contracts that were likely to be exploited. This research contributes to the field of blockchain security by providing a scalable solution for auditing smart contracts without requiring expert knowledge of Solidity and smart contracts.
Framework for Smart Contract Vulnerability Detection
This research presents an improved, scalable framework that detects potential vulnerabilities in smart contracts. The framework is implemented in an automated system that utilizes large language models to analyze smart contracts and returns vulnerabilities, especially those likely to be exploited. The identified vulnerabilities are presented in a knowledge graph with detailed reasoning steps, decisions, and evidence. This knowledge graph is provided to the language model with another knowledge graph consisting of Solidity constructs and syntax to increase accuracy by achieving in-context learning. As an improvement to this framework’s predecessor’s accuracy, a new large language model agent, Tracer, is implemented. Tracer creates a knowledge graph of a smart contract’s function relation and an execution call trace. The effectiveness of the framework was evaluated on a dataset of historical Solidity vulnerabilities. The framework successfully identified vulnerabilities in smart contracts that were likely to be exploited. This research contributes to the field of blockchain security by providing a scalable solution for auditing smart contracts without requiring expert knowledge of Solidity and smart contracts.