Core Concepts
TrustLLM combines fine-tuning and LLM-based agents to enhance smart contract auditing, achieving high accuracy in vulnerability detection.
Abstract
The content discusses TrustLLM, a framework that integrates fine-tuning and large language models (LLMs) for intuitive smart contract auditing. It addresses the limitations of existing models by proposing a two-stage approach involving Detector and Reasoner models. TrustLLM employs LLM-based agents, Ranker and Critic, to select optimal causes of vulnerabilities. The model outperforms traditional fine-tuned models and zero-shot learning LLMs in detecting vulnerabilities. Additionally, it provides detailed insights into data collection methods, training processes, evaluation metrics, and experimental results.
Introduction to Smart Contracts:
Smart contracts on blockchains like Ethereum are crucial for decentralized finance.
Vulnerabilities in smart contracts can lead to significant financial losses.
Role of Large Language Models (LLMs):
Recent research shows potential of LLMs in auditing smart contracts.
Existing off-the-shelf LLMs lack domain-specific fine-tuning for Solidity smart contract auditing.
TrustLLM Framework:
Combines fine-tuning with LLM-based agents for intuitive auditing.
Two-stage approach involves Detector for decisions and Reasoner for causes of vulnerabilities.
Data Collection and Enhancement:
Balanced dataset collected with positive and negative samples.
Data enhancement using GPT-4 to improve explanations of vulnerabilities.
Evaluation:
Performance comparison with baseline models shows TrustLLM's superiority in detection accuracy.
Explanation alignment analysis demonstrates TrustLLM's consistency with real reasons.
Further Experiments:
Majority voting enhances performance stability.
Additional call graph information does not significantly impact model performance.
Stats
Recent research has shown that even GPT-4 achieves only 30% precision in auditing smart contracts when both decision and justification are correct.
On a dataset of 263 real smart contract vulnerabilities, TrustLLM achieves an F1 score of 91.21% and an accuracy of 91.11%.
Quotes
"One of the big skills in bug bounties that’s really difficult to teach is intuition." — Katie Paxton-Fear