Semantic Sleuth: Identifying Ponzi Contracts via Large Language Models
Abstract
Smart contracts, self-executing agreements directly encoded in code, are fundamental to blockchain technology, especially in decentralized finance (DeFi) and Web3. However, the rise of Ponzi schemes in smart contracts poses significant risks, leading to substantial financial losses and eroding trust in blockchain systems. Existing detection methods, such as PonziGuard, depend on large amounts of labeled data and struggle to identify unseen Ponzi schemes, limiting their reliability and generalizability. In contrast, we introduce PonziSleuth, the first LLM-driven approach for detecting Ponzi smart contracts, which requires no labeled training data. PonziSleuth utilizes advanced language understanding capabilities of LLMs to analyze smart contract source code through a novel two-step zero-shot chain-of-thought prompting technique. Our extensive evaluation on benchmark datasets and real-world contracts demonstrates that PonziSleuth delivers comparable, and often superior, performance without the extensive data requirements, achieving a balanced detection accuracy of 96.06% with GPT-3.5-turbo, 93.91% with LLAMA3, and 94.27% with Mistral. In real-world detection, PonziSleuth successfully identified 15 new Ponzi schemes from 4,597 contracts verified by Etherscan in March 2024, with a false negative rate of 0% and a false positive rate of 0.29%. These results highlight PonziSleuth's capability to detect diverse and novel Ponzi schemes, marking a significant advancement in leveraging LLMs for enhancing blockchain security and mitigating financial scams.
References
[1]
Contract 0x2a53f42ad8bba138c21b50a4e5711f18381a61e9. https://etherscan.io/address/0x2a53f42ad8bba138c21b50a4e5711f18381a61e9, 2024.
[2]
Contract 0x96da8b9cfec99a1ccff16ab16f3948da82396f27. https://etherscan.io/address/0x96Da8b9cfEC99A1CcFF16AB16F3948dA82396f27#code, 2024.
[3]
Contract 0xa8b9e7718c73329afd7b99f089c853a80b8127be. https://etherscan.io/address/0xa8b9e7718c73329AFd7B99F089C853a80B8127Be#code, 2024.
[4]
Contract 0xe713ccf85c89ddc4205747ed20af7c916094b4fb. https://etherscan.io/address/0xe713cCf85c89dDc4205747Ed20af7c916094b4Fb#code, 2024.
[5]
https://platform.openai.com/docs/models/gpt-3-5-turbo. https://platform.openai.com/docs/models/gpt-3-5-turbo, 2024.
[6]
Llama 2. https://github.com/meta-llama/llama, 2024.
[7]
Llama 3. https://github.com/meta-llama/llama3, 2024.
[8]
Mistral 7b. https://github.com/mistralai/mistral-inference, 2024.
[9]
Ponzi contract dataset. https://xblock.pro/#/dataset/25, 2024.
[10]
Ponzidataset. https://github.com/smartcontract-detect-yzu/PonziDataset, 2024.
[11]
Slither, the smart contract static analyzer. https://github.com/crytic/slither, 2024.
[12]
solc-bin. https://github.com/ethereum/solc-bin, 2024.
[13]
M. Bartoletti, S. Carta, T. Cimoli, and R. Saia. Dissecting ponzi schemes on ethereum: identification, analysis, and impact. Future Generation Computer Systems, 2020.
[14]
S. Bubeck, V. Chandrasekaran, R. Eldan, J. Gehrke, E. Horvitz, E. Kamar, P. Lee, Y. T. Lee, Y. Li, S. Lundberg, et al. Sparks of artificial general intelligence: Early experiments with gpt-4. arXiv:2303.12712, 2023.
[15]
J. Cai, B. Li, J. Zhang, and X. Sun. Ponzi scheme detection in smart contract via transaction semantic representation learning. IEEE Transactions on Reliability, 2023.
[16]
M. Chen, J. Tworek, H. Jun, Q. Yuan, H. P. d. O. Pinto, J. Kaplan, H. Edwards, Y. Burda, N. Joseph, G. Brockman, et al. Evaluating large language models trained on code. arXiv:2107.03374, 2021.
[17]
W. Chen, X. Li, Y. Sui, N. He, H. Wang, L. Wu, and X. Luo. Sadponzi: Detecting and characterizing ponzi schemes in ethereum smart contracts. ACM on Measurement and Analysis of Computing Systems, 2021.
[18]
W. Chen, Z. Zheng, J. Cui, E. Ngai, P. Zheng, and Y. Zhou. Detecting ponzi schemes on ethereum: Towards healthier blockchain technology. In The World Wide Web Conference (WWW), 2018.
[19]
Y. Chen, B. Li, Y. Xiao, and X. Du. Ponzifinder: Attention-based edge-enhanced ponzi contract detection. IEEE Transactions on Reliability, 2024.
[20]
C.-H. Chiang and H.-y. Lee. Can large language models be an alternative to human evaluations? arXiv:2305.01937, 2023.
[21]
T. Durieux, J. F. Ferreira, R. Abreu, and P. Cruz. Empirical review of automated analysis tools on 47,587 ethereum smart contracts. In ACM/IEEE International Conference on Software Engineering (ICSE), 2020.
[22]
S. Fan, S. Fu, H. Xu, and X. Cheng. Al-spsd: Anti-leakage smart ponzi schemes detection in blockchain. Information Processing and Management, 2021.
[23]
J. Feist, G. Grieco, and A. Groce. Slither: a static analysis framework for smart contracts. In International Workshop on Emerging Trends in Software Engineering for Blockchain, pages 8--15. IEEE, 2019.
[24]
L. Galletta and F. Pinelli. Explainable ponzi schemes detection on ethereum. In ACM/SIGAPP Symposium on Applied Computing, 2024.
[25]
B. Jiang, Y. Liu, and W. K. Chan. Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In ACM/IEEE International Conference on Automated Software Engineering (ASE), pages 259--269, 2018.
[26]
R. Liang, J. Chen, K. He, Y. Wu, G. Deng, R. Du, and C. Wu. Ponziguard: Detecting ponzi schemes on ethereum with contract runtime behavior graph (crbg). In ACM/IEEE International Conference on Software Engineering (ICSE), 2024.
[27]
R. Liang, J. Chen, C. Wu, K. He, Y. Wu, R. Cao, R. Du, Y. Liu, and Z. Zhao. Vulseye: Detect smart contract vulnerabilities via stateful directed graybox fuzzing. arXiv preprint arXiv:2408.10116, 2024.
[28]
R. Liang, J. Chen, C. Wu, K. He, Y. Wu, W. Sun, R. Du, Q. Zhao, and Y. Liu. Towards effective detection of ponzi schemes on ethereum with contract runtime behavior graph. arXiv preprint arXiv:2406.00921, 2024.
[29]
C. Liu, H. Liu, Z. Cao, Z. Chen, B. Chen, and B. Roscoe. Reguard: finding reentrancy bugs in smart contracts. In ACM/IEEE International Conference on Software Engineering (ICSE), 2018.
[30]
Y. Lou, Y. Zhang, and S. Chen. Ponzi contracts detection based on improved convolutional neural network. In IEEE International Conference on Services Computing (SCC), 2020.
[31]
P. Lu, L. Cai, and K. Yin. Sourcep: Detecting ponzi schemes on ethereum with source code. In IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2024.
[32]
L. Luu, D.-H. Chu, H. Olickel, P. Saxena, and A. Hobor. Making smart contracts smarter. In ACM SIGSAC Conference on Computer and Communications Security (CCS), 2016.
[33]
M. Mossberg, F. Manzano, E. Hennenfent, A. Groce, G. Grieco, J. Feist, T. Brunson, and A. Dinaburg. Manticore: A user-friendly symbolic execution framework for binaries and smart contracts. In IEEE/ACM International Conference on Automated Software Engineering (ASE), 2019.
[34]
B. Mueller. Smashing ethereum smart contracts for fun and real profit. HITB SECCONF Amsterdam, 9:54, 2018.
[35]
I. Nikolić, A. Kolluri, I. Sergey, P. Saxena, and A. Hobor. Finding the greedy, prodigal, and suicidal contracts at scale. In Annual Computer Security Applications Conference (ACSAC), pages 653--663, 2018.
[36]
A. Pinna, S. Ibba, G. Baralla, R. Tonelli, and M. Marchesi. A massive analysis of ethereum smart contracts empirical study and code metrics. Ieee Access, 2019.
[37]
M. Rodler, W. Li, G. O. Karame, and L. Davi. Sereum: Protecting existing smart contracts against re-entrancy attacks. In NDSS, 2018.
[38]
W. Sun, G. Xu, Z. Yang, and Z. Chen. Early detection of smart ponzi scheme contracts based on behavior forest similarity. In International Conference on Software Quality, Reliability and Security (QRS), 2020.
[39]
Y. Sun, D. Wu, Y. Xue, H. Liu, H. Wang, Z. Xu, X. Xie, and Y. Liu. Gptscan: Detecting logic vulnerabilities in smart contracts by combining gpt with program analysis. In ACM/IEEE International Conference on Software Engineering (ICSE), pages 1--13, 2024.
[40]
Z. Sun, X. Luo, and Y. Zhang. Panda: Security analysis of algorand smart contracts. In USENIX Security Symposium, 2023.
[41]
S. Tikhomirov, E. Voskresenskaya, I. Ivanitskiy, R. Takhaviev, E. Marchenko, and Y. Alexandrov. Smartcheck: Static analysis of ethereum smart contracts. In International Workshop on Emerging Trends in Software Engineering for Blockchain, pages 9--16, 2018.
[42]
C. F. Torres, J. Schütte, and R. State. Osiris: Hunting for integer bugs in ethereum smart contracts. In Proceedings of the 34th annual computer security applications conference, pages 664--676, 2018.
[43]
X. Xu, Z. Zhang, S. Feng, Y. Ye, Z. Su, N. Jiang, S. Cheng, L. Tan, and X. Zhang. Lmpa: Improving decompilation by synergy of large language model and program analysis. arXiv:2306.02546, 2023.
[44]
S. Yu, J. Jin, Y. Xie, J. Shen, and Q. Xuan. Ponzi scheme detection in ethereum transaction network. In Blockchain and Trustworthy Systems (BlockSys), 2021.
[45]
Q. Zhang, Y. Wang, J. Li, and S. Ma. Ethploit: From fuzzing to efficient exploit generation against smart contracts. In IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2020.
[46]
Z. Zheng, W. Chen, Z. Zhong, Z. Chen, and Y. Lu. Securing the ethereum from smart ponzi schemes: Identification using static features. ACM Transactions on Software Engineering and Methodology, 2023.
Index Terms
- Semantic Sleuth: Identifying Ponzi Contracts via Large Language Models
Recommendations
Formal Modeling and Verification of Smart Contracts
ICSCA '18: Proceedings of the 2018 7th International Conference on Software and Computer ApplicationsSmart contracts can automatically perform the contract terms according to the received information, and it is one of the most important research fields in digital society. The core of smart contracts is algorithm contract, that is, the parties reach an ...
Ponzi scheme detection via oversampling-based Long Short-Term Memory for smart contracts
AbstractThe application of blockchain technology is growing rapidly, which has aroused great attention in the academic and industrial fields. Based on blockchain 2.0, Ethereum is a mainstream smart contract development and operation platform. ...
Security Vulnerabilities in Ethereum Smart Contracts
iiWAS2018: Proceedings of the 20th International Conference on Information Integration and Web-based Applications & ServicesSmart contracts (SC) are one of the most appealing features of blockchain technologies facilitating, executing, and enforcing predefined terms of coded contracts without intermediaries. The steady adoption of smart contracts on the Ethereum blockchain ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
October 2024
2587 pages
ISBN:9798400712487
DOI:10.1145/3691620
- General Chair:
- Vladimir Filkov,
- Program Co-chairs:
- Baishakhi Ray,
- Minghui Zhou
Copyright © 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 27 October 2024
Check for updates
Badges
Author Tags
Qualifiers
- Research-article
Funding Sources
- National Key Research and Development Program of China
- National Natural Science Foundation of China
- Key Research and Development Program of Hubei Province
- Key Research and Development Program of Shandong Province
Conference
ASE '24: 39th IEEE/ACM International Conference on Automated Software Engineering
October 27 - November 1, 2024
CA, Sacramento, USA
Acceptance Rates
Overall Acceptance Rate 82 of 337 submissions, 24%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 55Total Downloads
- Downloads (Last 12 months)55
- Downloads (Last 6 weeks)55
Reflects downloads up to 20 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in