GPTScan is a tool that combines Generative Pre-training Transformer (GPT) with static analysis to detect logic vulnerabilities in smart contracts. It addresses the limitations of existing tools, which mainly focus on vulnerabilities with fixed control- or data-flow patterns and struggle to comprehend the underlying business logic of smart contracts.
GPTScan breaks down each logic vulnerability type into code-level scenarios and properties. Scenarios describe the code functionality under which a logic vulnerability could occur, while properties explain the vulnerable code attributes or operations. This approach enables GPTScan to directly match candidate vulnerable functions based on code-level semantics. However, since GPT-based matching is still coarse-grained, GPTScan further instructs GPT to intelligently recognize key variables and statements, which are then validated by dedicated static confirmation modules.
GPTScan employs a multi-dimensional filtering process to effectively narrow down the candidate functions for GPT matching, addressing the challenge of analyzing large smart contract projects. It also leverages static analysis techniques, such as data flow tracing, value comparison checks, order checks, and function call argument checks, to confirm the existence of potential vulnerabilities identified by GPT.
Evaluation on diverse datasets with around 400 contract projects and 3K Solidity files shows that GPTScan achieves high precision (over 90%) for token contracts and acceptable precision (57.14%) for large projects like Web3Bugs. It effectively detects ground-truth logic vulnerabilities with a recall of over 70%, including 9 new vulnerabilities missed by human auditors. GPTScan is fast and cost-effective, taking an average of 14.39 seconds and 0.01 USD to scan per thousand lines of Solidity code.
Til et andet sprog
fra kildeindhold
arxiv.org
Vigtigste indsigter udtrukket fra
by Yuqiang Sun,... kl. arxiv.org 05-07-2024
https://arxiv.org/pdf/2308.03314.pdfDybere Forespørgsler