PSCVFinder: A Prompt-Tuning Based Framework for Smart Contract Vulnerability Detection

Abstract

With the increasing security issues in the blockchain, smart contract vulnerability detection has gradually become the focus of research. Recently, many approaches have been proposed to detect smart contract vulnerabilities. Despite promising results, these approaches still have three drawbacks: 1) Symbolic execution and static analysis methods are constrained by predefined rules, which limits their adaptability to different vulnerabilities. 2) Most smart contract code contains abundant irrelevant information which is useless for vulnerability detection. 3) Pre-trained models fail to bridge the gap between pre-training and detecting smart contract vulnerabilities.To solve these problems, we propose an approach named PSCVFinder for detecting reentrancy vulnerability and times-tamp dependency vulnerability, which are two severe vulnerabilities in smart contract. To better detect these vulnerabilities, we propose CSCV which is a smart contract slicing method to reduce the irrelevant code. Unlike existing approaches, our model first learns the representation of programming language through the pre-training model, then fully exploits the capacity of large language model with prompt-tuning to precisely detect smart contract vulnerability. We conduct experiments on real-world dataset and the results reflect that PSCVFinder scores 93.83% and 93.49% on two kinds of vulnerabilities in F1-score, surpassing the state-of-the-art baseline by 1.14% and 4.02%, respectively.