An AI-powered vulnerability detection tool for Solidity smart contracts. Built using Hugging Face Transformers and trained on the SmartBugs dataset, this system uses Microsoft’s Phi‑3‑Mini‑4K‑Instruct model to analyze and identify bugs and flaws in Solidity code. The interface is built with Streamlit, enabling developers to paste snippets and receive instant feedback with explanations and suggestions. The core experiments were developed and run in Google Colab.
-
🔍 SmartBugs Dataset
Trained using a curated dataset of Solidity smart contract snippets annotated with vulnerabilities categorized under the DASP taxonomy (e.g., reentrancy, access control, bad randomness) :contentReference[oaicite:1]{index=1}. -
🤖 Phi‑3‑Mini‑4K‑Instruct Model
A 3.8-billion-parameter instruction-tuned model optimized for reasoning, code analysis, and chat formats—available via Hugging Face and Azure :contentReference[oaicite:2]{index=2}. -
💻 Streamlit UI for Code Auditing
A lightweight, interactive interface that lets users paste Solidity code and receive structured feedback about vulnerabilities and mitigation suggestions. -
🧪 Colab-Based Development
Experiments, training, and inference all executed on Google Colab, making the project reproducible and easy to run.
smart-contract-audit-agent/
│
├── notebooks/ # Google Colab notebooks (training, inference, demos)
├── README.md
└── LICENSE
git clone https://github.com/ai-art-dev99/smart-contract-audit-agent.gitrun on google colab
A100 GPUstreamlit run streamlit_app.pyThis will open a local web interface where Solidity code can be pasted for analysis.
Open the included Google Colab notebook in notebooks/ to train the Phi‑3‑Mini‑4K‑Instruct model on the SmartBugs dataset, run inference, and generate sample reports.
| Component | Description |
|---|---|
| Dataset | SmartBugs curated contracts with tagged Solidity vulnerabilities (e.g. reentrancy, DASP taxonomy) (GitHub, smartbugs.github.io, GitHub) |
| Language Model | Microsoft Phi‑3‑Mini‑4K‑Instruct (3.8B params, tuned for code reasoning) (Hugging Face, Microsoft Azure) |
| Interface | Streamlit for interactive UI |
| Platform | Google Colab for development, training & inference |
| Libraries | transformers, torch, streamlit, other required dependencies |
- Add fine-tuning options for other Phi‑3 variants (e.g., 128K context window version)
- Extend dataset with real-world contracts or vulnerabilities beyond SmartBugs
- Add file upload / history / exportable report features in UI
- Incorporate ML-based explanation generation and severity scoring
Licensed under the MIT License. See the LICENSE file for details.
- SmartBugs project—providing a standard benchmark dataset for smart contract vulnerability detection (Microsoft Azure, GitHub, Windows Central)
- Microsoft Phi‑3 family of instruction‑tuned models, optimized for compact hardware and high reasoning accuracy (Hugging Face)
- Hugging Face and Streamlit for their versatile tooling
Built to empower smart contract developers with AI‑driven security insights.