Detect Llama - Finding Vulnerabilities in Smart Contracts Using Large Language Models

Peter Ince, Xiapu Luo, Jiangshan Yu, Joseph K. Liu, Xiaoning Du

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

1 Citation (Scopus)

Abstract

In this paper, we test the hypothesis that although OpenAI’s GPT-4 performs well generally, we can fine-tune open-source models to outperform GPT-4 in smart contract vulnerability detection. We fine-tune two models from Meta’s Code Llama and a dataset of 17k prompts, Detect Llama - Foundation and Detect Llama - Instruct, and we also fine-tune OpenAI’s GPT-3.5 Turbo model (GPT-3.5FT). We then evaluate these models, plus a random baseline, on a testset we develop against GPT-4, and GPT-4 Turbo’s, detection of eight vulnerabilities from the dataset and the two top identified vulnerabilities - and their weighted F1 scores. We find that for binary classification (i.e., is this smart contract vulnerable?), our two best-performing models, GPT-3.5FT and Detect Llama - Foundation, achieve F1 scores of 0.776 and 0.68, outperforming both GPT-4 and GPT-4 Turbo, 0.66 and 0.675. For the evaluation against individual vulnerability identification, our top two models, GPT-3.5FT and Detect Llama - Foundation, both significantly outperformed GPT-4 and GPT-4 Turbo in both weighted F1 for all vulnerabilities (0.61 and 0.56 respectively against GPT-4’s 0.218 and GPT-4 Turbo’s 0.243) and weighted F1 for the top two identified vulnerabilities (0.719 for GPT-3.5FT, 0.674 for Detect Llama - Foundation against GPT-4’s 0.363 and GPT-4 Turbo’s 0.429).

Original languageEnglish
Title of host publicationInformation Security and Privacy - 29th Australasian Conference, ACISP 2024 Sydney, NSW, Australia, July 15–17, 2024 Proceedings, Part III
EditorsTianqing Zhu, Yannan Li
Place of PublicationSingapore Singapore
PublisherSpringer
Pages424-443
Number of pages20
ISBN (Electronic)9789819751013
ISBN (Print)9789819751006
DOIs
Publication statusPublished - 2024
EventAustralasian Conference on Information Security and Privacy 2024 - Sydney, Australia
Duration: 15 Jul 202417 Jul 2024
Conference number: 29th
https://link.springer.com/book/10.1007/978-981-97-5028-3 (Proceedings)
https://www.acisp24.com/ (Website)

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume14897
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceAustralasian Conference on Information Security and Privacy 2024
Abbreviated titleACISP 2024
Country/TerritoryAustralia
CitySydney
Period15/07/2417/07/24
Internet address

Keywords

  • Ethereum
  • Large Language Models
  • Smart Contract Security
  • Vulnerability detection

Cite this