GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis

Sun, Yuqiang; Wu, Daoyuan; Xue, Yue; Liu, Han; Wang, Haijun; Xu, Zhengzi; Xie, Xiaofei; Liu, Yang

doi:10.1145/3597503.3639117

articleApr 12, 2024GOLD OA

GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis

YSYuqiang Sun DWDaoyuan Wu YXYue Xue HLHan Liu HWHaijun Wang

Nanyang Technological University · Shanghai Key Laboratory of Trustworthy Computing · +3 more institutions

Indexed incrossref

Abstract

Smart contracts are prone to various vulnerabilities, leading to substantial financial losses over time. Current analysis tools mainly target vulnerabilities with fixed control- or data-flow patterns, such as re-entrancy and integer overflow. However, a recent study on Web3 security bugs revealed that about 80% of these bugs cannot be audited by existing tools due to the lack of domain-specific property description and checking. Given recent advances in Large Language Models (LLMs), it is worth exploring how Generative Pre-training Transformer (GPT) could aid in detecting logic vulnerabilities.

Citation impact

131

total citations

FWCI: 41.12
Percentile: 100%
References: 24

Citations per year

Authors

8

Topics & keywords

Topics

Keywords

Fuzz testing
Computer science
Secure coding
Computer security
Audit
Security bug
Domain (mathematical analysis)
Property (philosophy)

No related works found for this paper.