GPTScan

The complete source code is available at https://github.com/GPTScan/GPTScan.

A new version of LLM detector for smart contract bugs based on the LLM4Vuln paper can be found at https://app.metatrust.io/.

~~You can try GPTScan at https://app.metatrust.io/ for the moment, but we will replace it later with a new version (covering all kinds of logic bug rules).~~

~~This repository contains the prompts and rules (i.e., the GPT part) used in GPTScan, as well as the datasets.~~

~~The static part has been released at https://github.com/MetaTrustLabs/falcon-metatrust, from which GPTScan used partial code.~~

~~Interested users can write your own connectors to invoke relevant functions in the static part to reproduce GPTScan.~~

Preprint paper

Yuqiang Sun, Daoyuan Wu, Yue Xue, Han Liu, Haijun Wang, Zhengzi Xu, Xiaofei Xie, Yang Liu, GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis. 2024 IEEE/ACM 45th International Conference on Software Engineering (ICSE). [arxiv]

Bibtex:

@INPROCEEDINGS{sunicse2023gpt,
  author={Yuqiang Sun and Daoyuan Wu and Yue Xue and Han Liu and Haijun Wang and Zhengzi Xu and Xiaofei Xie and Yang Liu},
  booktitle={2024 IEEE/ACM 45th International Conference on Software Engineering (ICSE)}, 
  title={GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis}, 
  year={2024}

Dataset

Dataset used to evaluate GPTScan in the paper, are the following:

1. Web3Bugs: https://github.com/MetaTrustLabs/GPTScan-Web3Bugs
2. DefiHacks: https://github.com/MetaTrustLabs/GPTScan-DefiHacks
3. Top200: https://github.com/MetaTrustLabs/GPTScan-Top200