Skip to content

AIS2Lab/GPTScan

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
src
src
 
 
.gitignore
.gitignore
 
 
License
License
 
 
README-CN.md
README-CN.md
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

GPTScan

Description

Using ChatGPT for logic vulnerability detection.

How to Use

  1. Install dependencies,
  • Requires Python 3.10+
  • Install Python dependencies: pip install -r requirements.txt
  • Requires Java 17+
  1. Run GPTScan

Before start, please select the correct SOLC version, by running the commands:

solc-select install 0.8.19 # just an example of 0.8.19
solc-select use 0.8.19

For example, if the source code is stored in the /source directory, run the command:

python3.10 main.py -s /sourcecode -o /sourcecode/output.json -k OPEN_AI_API_KEY_xxxxxxxxxxxxx
  1. Check the output

The output results are located at the location specified by the -o parameter, in the example above, it is located at /sourcecode/output.json.

Supported Project Types

Currently supported project types include:

  • Single file in a folder, i.e., contract folder with a single example.sol file. Use the path of folder as source (NOT THE FILE, WHICH MAY CAUSE ERRORS.)
  • Multi-file, i.e., a directory with multiple .sol files, without any other external dependencies
  • Common framework projects, such as Truffle, Hardhat, Brownie, etc.

Tested frameworks include:

  • Hardhad
  • Truffle
  • Brownie

Note that this project does not include the compilation environment, such as Node.js, which needs to be installed separately.

NOTE: Please also make sure that you path do not contain keywords like external, openzeppelin, uniswap, pancakeswap, legacy, since we are using a naive way to match the path. Find more in src/antlr4helper/callgraph.py:__parse_all_files. It will not have explict error messages, but will cause empty output.

Dataset

Dataset used to evaluate GPTScan in the paper, are the following:

  1. Web3Bugs: https://github.com/MetaTrustLabs/GPTScan-Web3Bugs
  2. DefiHacks: https://github.com/MetaTrustLabs/GPTScan-DefiHacks
  3. Top200: https://github.com/MetaTrustLabs/GPTScan-Top200

How to Cite this project

@inproceedings{sun2024gptscan,
    author = {Sun, Yuqiang and Wu, Daoyuan and Xue, Yue and Liu, Han and Wang, Haijun and Xu, Zhengzi and Xie, Xiaofei and Liu, Yang},
    title = {{GPTScan}: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis},
    year = {2024},
    isbn = {9798400702174},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    url = {https://doi.org/10.1145/3597503.3639117},
    doi = {10.1145/3597503.3639117},
    booktitle = {Proceedings of the IEEE/ACM 46th International Conference on Software Engineering},
    articleno = {166},
    numpages = {13},
    series = {ICSE '24}
}

About

No description, website, or topics provided.

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 60.6%
  • Python 37.7%
  • ANTLR 1.7%