Litcius/Paper detail

GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis

Yuqiang Sun, Daoyuan Wu, Yue Xue, Han Liu, Haijun Wang, Zhengzi Xu, Xiaofei Xie, Yang Liu

2024134 citationsDOIOpen Access PDF

Abstract

Smart contracts are prone to various vulnerabilities, leading to substantial financial losses over time. Current analysis tools mainly target vulnerabilities with fixed control- or data-flow patterns, such as re-entrancy and integer overflow. However, a recent study on Web3 security bugs revealed that about 80% of these bugs cannot be audited by existing tools due to the lack of domain-specific property description and checking. Given recent advances in Large Language Models (LLMs), it is worth exploring how Generative Pre-training Transformer (GPT) could aid in detecting logic vulnerabilities.

Topics & Concepts

Fuzz testingComputer scienceSecure codingComputer securityAuditSecurity bugDomain (mathematical analysis)Property (philosophy)Software security assuranceProgramming languageSoftwareInformation securityBusinessAccountingEpistemologyPhilosophySecurity serviceMathematical analysisMathematicsAdvanced Malware Detection TechniquesAdversarial Robustness in Machine LearningSecurity and Verification in Computing