Smart contracts on the Ethereum blockchain continue to revolutionize decentralized applications (dApps) by allowing for self-executing agreements. However, bad actors have continuously found ways to exploit smart contracts for personal financial gain, which undermines the integrity of the Ethereum blockchain. This paper proposes a computer program called SADA (Static and Dynamic Analyzer), a novel approach to smart contract vulnerability detection using multiple Large Language Model (LLM) agents to analyze and flag suspicious Solidity code for Ethereum smart contracts. SADA not only improves upon existing vulnerability detection methods but also paves the way for more secure smart contract development practices in the rapidly evolving blockchain ecosystem.
References
[1]
IBM (2024) What Are Smart Contracts on Blockchain?
Luu, L., Chu, D., Olickel, H., Saxena, P. and Hobor, A. (2016) Making Smart Contracts Smarter. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, 24-28 October 2016, 254-269. https://doi.org/10.1145/2976749.2978309
[5]
Consensys Diligence (2019) What Is Mythril? Mythril v 0.23.9 Documentation.
[6]
Mossberg, M., Manzano, F., Hennenfent, E., Groce, A., Grieco, G., Feist, J., et al. (2019) Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts. 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), San Diego, 11-15 November 2019, 1186-1189. https://doi.org/10.1109/ase.2019.00133
[7]
Feist, J., Grieco, G. and Groce, A. (2019) Slither: A Static Analysis Framework for Smart Contracts. 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), Montreal, 27 May 2019, 8-15. https://doi.org/10.1109/wetseb.2019.00008
[8]
Boi, B., Esposito, C. and Lee, S. (2024) Smart Contract Vulnerability Detection: The Role of Large Language Model (LLM). ACMSIGAPPAppliedComputingReview, 24, 19-29. https://doi.org/10.1145/3687251.3687253
[9]
He, Z., Zhao, Z., Chen, K. and Liu, Y. (2024) Smart Contract Vulnerability Detection Method Based on Feature Graph and Multiple Attention Mechanisms. Computers, Materials&Continua, 79, 3023-3045. https://doi.org/10.32604/cmc.2024.050281
[10]
Ma, W., Wu, D., Sun, Y., Wang, T., Liu, S., Zhang, J., Xue, Y. and Liu, Y. (2024) Combining Finetuning and LLM-Based Agents for Intuitive Smart Contract Auditing with Justifications. https://arxiv.org/abs/2403.16073
[11]
BasuMallick, C. (2023) Smart Contracts: Types, Benefits, and Tools. Spiceworks.
[12]
OWASP Foundation (2024) OWASP Smart Contract Top 10.
[13]
Trust Wallet (2024) What Is a Mempool in Crypto?
[14]
Rossini, M. (2022) Slither Audited Smart Contracts Dataset. Hugging Face.
[15]
Datadog (2024) What Is Static Analysis?
[16]
Ethereum Foundation (2024) Web3.py: A Python Interface for Interacting with the Ethereum Blockchain and Ecosystem.
[17]
Alchemy (2022) What Is an ABI of a Smart Contract?
[18]
Wikipedia Contributors (2024) Precision and Recall.
[19]
Tigerschiold, T. (2022) What Is Accuracy, Precision, Recall and F1 Score? Labelf Blog.
[20]
Ibrahim, M. (2024) An Introduction to the F1 Score in Machine Learning. Weights & Biases.
[21]
Ottati, J., Ibba, G. and Rocha, H. (2023) Comparing Smart Contract Vulnerability Detection Tools. The 22nd Belgium-Netherlands Software Evolution Workshop, Nijmegen, 27-28 November 2023, 1-16.
[22]
Lashkari, B. and Musilek, P. (2023) Evaluation of Smart Contract Vulnerability Analysis Tools: A Domain-Specific Perspective. Information, 14, Article 533. https://doi.org/10.3390/info14100533
[23]
Sharath Kumar, D.R.V.A., Mishra, A., Muthupandi, G., Sivavara Prasad, J. and Upadhyay, T. (2024) An In-Depth Analysis and Performance of Existing Techniques for Ethereum Smart Contract Vulnerability Detection. JournalofElectricalSystems, 20, 8294-8301.
[24]
Dmitrikov, D. and Piqueras, E. (2020) The Landscape of Solidity Smart Contract Security Tools in 2020. Kleros.
[25]
Sun, Y., Wu, D., Xue, Y., Liu, H., Wang, H., Xu, Z., et al. (2024) GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis. ProceedingsoftheIEEE/ACM 46thInternationalConferenceonSoftwareEngineering, Lisbon, 14-20 April 2024, 1-13. https://doi.org/10.1145/3597503.3639117
[26]
Chen, C., Su, J., Chen, J., Wang, Y., Bi, T., Yu, J., et al. (2024) When ChatGPT Meets Smart Contract Vulnerability Detection: How Far Are We? ACM Transactions on Software Engineering and Methodology. https://doi.org/10.1145/3702973
