针对 Solidity 智能合约错误检测的零样本推理方法基准测试
📄 中文摘要
智能合约在区块链系统中扮演着重要角色,承载着金融和操作逻辑。然而,它们对微妙安全缺陷的易感性带来了重大财务损失和信任侵蚀的风险。大型语言模型(LLMs)为自动化漏洞检测提供了新的机会,但在实际应用中,不同的提示策略和模型选择的有效性仍然不确定。研究评估了最先进的 LLMs 在 Solidity 智能合约分析中的表现,使用了一个平衡的数据集,包含 400 个合约,涉及两个任务:(i) 错误检测,模型进行二元分类以判断合约是否存在漏洞;(ii) 错误分类,模型需将预测问题分配给特定的漏洞类型。
📄 English Summary
Benchmarking Zero-Shot Reasoning Approaches for Error Detection in Solidity Smart Contracts
Smart contracts play a crucial role in blockchain systems by encoding financial and operational logic. However, their vulnerability to subtle security flaws poses significant risks of financial loss and erosion of trust. Large Language Models (LLMs) create new opportunities for automating vulnerability detection, yet the effectiveness of various prompting strategies and model choices in real-world contexts remains uncertain. This study evaluates state-of-the-art LLMs on Solidity smart contract analysis using a balanced dataset of 400 contracts across two tasks: (i) Error Detection, where the model performs binary classification to determine if a contract is vulnerable, and (ii) Error Classification, where the model must assign the predicted issue to a specific vulnerability type.
Powered by Cloudflare Workers + Payload CMS + Claude 3.5
数据源: OpenAI, Google AI, DeepMind, AWS ML Blog, HuggingFace 等