Nothing Special   »   [go: up one dir, main page]

skip to main content
10.1145/3691620.3695055acmconferencesArticle/Chapter ViewAbstractPublication PagesaseConference Proceedingsconference-collections
research-article

Semantic Sleuth: Identifying Ponzi Contracts via Large Language Models

Published: 27 October 2024 Publication History

Abstract

Smart contracts, self-executing agreements directly encoded in code, are fundamental to blockchain technology, especially in decentralized finance (DeFi) and Web3. However, the rise of Ponzi schemes in smart contracts poses significant risks, leading to substantial financial losses and eroding trust in blockchain systems. Existing detection methods, such as PonziGuard, depend on large amounts of labeled data and struggle to identify unseen Ponzi schemes, limiting their reliability and generalizability. In contrast, we introduce PonziSleuth, the first LLM-driven approach for detecting Ponzi smart contracts, which requires no labeled training data. PonziSleuth utilizes advanced language understanding capabilities of LLMs to analyze smart contract source code through a novel two-step zero-shot chain-of-thought prompting technique. Our extensive evaluation on benchmark datasets and real-world contracts demonstrates that PonziSleuth delivers comparable, and often superior, performance without the extensive data requirements, achieving a balanced detection accuracy of 96.06% with GPT-3.5-turbo, 93.91% with LLAMA3, and 94.27% with Mistral. In real-world detection, PonziSleuth successfully identified 15 new Ponzi schemes from 4,597 contracts verified by Etherscan in March 2024, with a false negative rate of 0% and a false positive rate of 0.29%. These results highlight PonziSleuth's capability to detect diverse and novel Ponzi schemes, marking a significant advancement in leveraging LLMs for enhancing blockchain security and mitigating financial scams.

References

[1]
Contract 0x2a53f42ad8bba138c21b50a4e5711f18381a61e9. https://etherscan.io/address/0x2a53f42ad8bba138c21b50a4e5711f18381a61e9, 2024.
[2]
Contract 0x96da8b9cfec99a1ccff16ab16f3948da82396f27. https://etherscan.io/address/0x96Da8b9cfEC99A1CcFF16AB16F3948dA82396f27#code, 2024.
[3]
Contract 0xa8b9e7718c73329afd7b99f089c853a80b8127be. https://etherscan.io/address/0xa8b9e7718c73329AFd7B99F089C853a80B8127Be#code, 2024.
[4]
Contract 0xe713ccf85c89ddc4205747ed20af7c916094b4fb. https://etherscan.io/address/0xe713cCf85c89dDc4205747Ed20af7c916094b4Fb#code, 2024.
[5]
https://platform.openai.com/docs/models/gpt-3-5-turbo. https://platform.openai.com/docs/models/gpt-3-5-turbo, 2024.
[6]
Llama 2. https://github.com/meta-llama/llama, 2024.
[7]
Llama 3. https://github.com/meta-llama/llama3, 2024.
[8]
Mistral 7b. https://github.com/mistralai/mistral-inference, 2024.
[9]
Ponzi contract dataset. https://xblock.pro/#/dataset/25, 2024.
[10]
Ponzidataset. https://github.com/smartcontract-detect-yzu/PonziDataset, 2024.
[11]
Slither, the smart contract static analyzer. https://github.com/crytic/slither, 2024.
[12]
solc-bin. https://github.com/ethereum/solc-bin, 2024.
[13]
M. Bartoletti, S. Carta, T. Cimoli, and R. Saia. Dissecting ponzi schemes on ethereum: identification, analysis, and impact. Future Generation Computer Systems, 2020.
[14]
S. Bubeck, V. Chandrasekaran, R. Eldan, J. Gehrke, E. Horvitz, E. Kamar, P. Lee, Y. T. Lee, Y. Li, S. Lundberg, et al. Sparks of artificial general intelligence: Early experiments with gpt-4. arXiv:2303.12712, 2023.
[15]
J. Cai, B. Li, J. Zhang, and X. Sun. Ponzi scheme detection in smart contract via transaction semantic representation learning. IEEE Transactions on Reliability, 2023.
[16]
M. Chen, J. Tworek, H. Jun, Q. Yuan, H. P. d. O. Pinto, J. Kaplan, H. Edwards, Y. Burda, N. Joseph, G. Brockman, et al. Evaluating large language models trained on code. arXiv:2107.03374, 2021.
[17]
W. Chen, X. Li, Y. Sui, N. He, H. Wang, L. Wu, and X. Luo. Sadponzi: Detecting and characterizing ponzi schemes in ethereum smart contracts. ACM on Measurement and Analysis of Computing Systems, 2021.
[18]
W. Chen, Z. Zheng, J. Cui, E. Ngai, P. Zheng, and Y. Zhou. Detecting ponzi schemes on ethereum: Towards healthier blockchain technology. In The World Wide Web Conference (WWW), 2018.
[19]
Y. Chen, B. Li, Y. Xiao, and X. Du. Ponzifinder: Attention-based edge-enhanced ponzi contract detection. IEEE Transactions on Reliability, 2024.
[20]
C.-H. Chiang and H.-y. Lee. Can large language models be an alternative to human evaluations? arXiv:2305.01937, 2023.
[21]
T. Durieux, J. F. Ferreira, R. Abreu, and P. Cruz. Empirical review of automated analysis tools on 47,587 ethereum smart contracts. In ACM/IEEE International Conference on Software Engineering (ICSE), 2020.
[22]
S. Fan, S. Fu, H. Xu, and X. Cheng. Al-spsd: Anti-leakage smart ponzi schemes detection in blockchain. Information Processing and Management, 2021.
[23]
J. Feist, G. Grieco, and A. Groce. Slither: a static analysis framework for smart contracts. In International Workshop on Emerging Trends in Software Engineering for Blockchain, pages 8--15. IEEE, 2019.
[24]
L. Galletta and F. Pinelli. Explainable ponzi schemes detection on ethereum. In ACM/SIGAPP Symposium on Applied Computing, 2024.
[25]
B. Jiang, Y. Liu, and W. K. Chan. Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In ACM/IEEE International Conference on Automated Software Engineering (ASE), pages 259--269, 2018.
[26]
R. Liang, J. Chen, K. He, Y. Wu, G. Deng, R. Du, and C. Wu. Ponziguard: Detecting ponzi schemes on ethereum with contract runtime behavior graph (crbg). In ACM/IEEE International Conference on Software Engineering (ICSE), 2024.
[27]
R. Liang, J. Chen, C. Wu, K. He, Y. Wu, R. Cao, R. Du, Y. Liu, and Z. Zhao. Vulseye: Detect smart contract vulnerabilities via stateful directed graybox fuzzing. arXiv preprint arXiv:2408.10116, 2024.
[28]
R. Liang, J. Chen, C. Wu, K. He, Y. Wu, W. Sun, R. Du, Q. Zhao, and Y. Liu. Towards effective detection of ponzi schemes on ethereum with contract runtime behavior graph. arXiv preprint arXiv:2406.00921, 2024.
[29]
C. Liu, H. Liu, Z. Cao, Z. Chen, B. Chen, and B. Roscoe. Reguard: finding reentrancy bugs in smart contracts. In ACM/IEEE International Conference on Software Engineering (ICSE), 2018.
[30]
Y. Lou, Y. Zhang, and S. Chen. Ponzi contracts detection based on improved convolutional neural network. In IEEE International Conference on Services Computing (SCC), 2020.
[31]
P. Lu, L. Cai, and K. Yin. Sourcep: Detecting ponzi schemes on ethereum with source code. In IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2024.
[32]
L. Luu, D.-H. Chu, H. Olickel, P. Saxena, and A. Hobor. Making smart contracts smarter. In ACM SIGSAC Conference on Computer and Communications Security (CCS), 2016.
[33]
M. Mossberg, F. Manzano, E. Hennenfent, A. Groce, G. Grieco, J. Feist, T. Brunson, and A. Dinaburg. Manticore: A user-friendly symbolic execution framework for binaries and smart contracts. In IEEE/ACM International Conference on Automated Software Engineering (ASE), 2019.
[34]
B. Mueller. Smashing ethereum smart contracts for fun and real profit. HITB SECCONF Amsterdam, 9:54, 2018.
[35]
I. Nikolić, A. Kolluri, I. Sergey, P. Saxena, and A. Hobor. Finding the greedy, prodigal, and suicidal contracts at scale. In Annual Computer Security Applications Conference (ACSAC), pages 653--663, 2018.
[36]
A. Pinna, S. Ibba, G. Baralla, R. Tonelli, and M. Marchesi. A massive analysis of ethereum smart contracts empirical study and code metrics. Ieee Access, 2019.
[37]
M. Rodler, W. Li, G. O. Karame, and L. Davi. Sereum: Protecting existing smart contracts against re-entrancy attacks. In NDSS, 2018.
[38]
W. Sun, G. Xu, Z. Yang, and Z. Chen. Early detection of smart ponzi scheme contracts based on behavior forest similarity. In International Conference on Software Quality, Reliability and Security (QRS), 2020.
[39]
Y. Sun, D. Wu, Y. Xue, H. Liu, H. Wang, Z. Xu, X. Xie, and Y. Liu. Gptscan: Detecting logic vulnerabilities in smart contracts by combining gpt with program analysis. In ACM/IEEE International Conference on Software Engineering (ICSE), pages 1--13, 2024.
[40]
Z. Sun, X. Luo, and Y. Zhang. Panda: Security analysis of algorand smart contracts. In USENIX Security Symposium, 2023.
[41]
S. Tikhomirov, E. Voskresenskaya, I. Ivanitskiy, R. Takhaviev, E. Marchenko, and Y. Alexandrov. Smartcheck: Static analysis of ethereum smart contracts. In International Workshop on Emerging Trends in Software Engineering for Blockchain, pages 9--16, 2018.
[42]
C. F. Torres, J. Schütte, and R. State. Osiris: Hunting for integer bugs in ethereum smart contracts. In Proceedings of the 34th annual computer security applications conference, pages 664--676, 2018.
[43]
X. Xu, Z. Zhang, S. Feng, Y. Ye, Z. Su, N. Jiang, S. Cheng, L. Tan, and X. Zhang. Lmpa: Improving decompilation by synergy of large language model and program analysis. arXiv:2306.02546, 2023.
[44]
S. Yu, J. Jin, Y. Xie, J. Shen, and Q. Xuan. Ponzi scheme detection in ethereum transaction network. In Blockchain and Trustworthy Systems (BlockSys), 2021.
[45]
Q. Zhang, Y. Wang, J. Li, and S. Ma. Ethploit: From fuzzing to efficient exploit generation against smart contracts. In IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2020.
[46]
Z. Zheng, W. Chen, Z. Zhong, Z. Chen, and Y. Lu. Securing the ethereum from smart ponzi schemes: Identification using static features. ACM Transactions on Software Engineering and Methodology, 2023.

Index Terms

  1. Semantic Sleuth: Identifying Ponzi Contracts via Large Language Models

      Recommendations

      Comments

      Please enable JavaScript to view thecomments powered by Disqus.

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      ASE '24: Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering
      October 2024
      2587 pages
      ISBN:9798400712487
      DOI:10.1145/3691620
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 27 October 2024

      Check for updates

      Badges

      Author Tags

      1. smart contracts
      2. large language model
      3. ponzi contracts

      Qualifiers

      • Research-article

      Funding Sources

      Conference

      ASE '24
      Sponsor:

      Acceptance Rates

      Overall Acceptance Rate 82 of 337 submissions, 24%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • 0
        Total Citations
      • 60
        Total Downloads
      • Downloads (Last 12 months)60
      • Downloads (Last 6 weeks)60
      Reflects downloads up to 23 Nov 2024

      Other Metrics

      Citations

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media