The complete source code is available at https://github.com/GPTScan/GPTScan.

A new version of LLM detector for smart contract bugs based on the LLM4Vuln paper can be found at https://app.metatrust.io/.

You can try GPTScan at https://app.metatrust.io/ for the moment, but we will replace it later with a new version (covering all kinds of logic bug rules).

This repository contains the prompts and rules (i.e., the GPT part) used in GPTScan, as well as the datasets.

The static part has been released at https://github.com/MetaTrustLabs/falcon-metatrust, from which GPTScan used partial code.

Interested users can write your own connectors to invoke relevant functions in the static part to reproduce GPTScan.

Yuqiang Sun, Daoyuan Wu, Yue Xue, Han Liu, Haijun Wang, Zhengzi Xu, Xiaofei Xie, Yang Liu, GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis. 2024 IEEE/ACM 45th International Conference on Software Engineering (ICSE). [arxiv]

Bibtex:

@INPROCEEDINGS{sunicse2023gpt,
  author={Yuqiang Sun and Daoyuan Wu and Yue Xue and Han Liu and Haijun Wang and Zhengzi Xu and Xiaofei Xie and Yang Liu},
  booktitle={2024 IEEE/ACM 45th International Conference on Software Engineering (ICSE)}, 
  title={GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis}, 
  year={2024}

Dataset used to evaluate GPTScan in the paper, are the following:

1. Web3Bugs: https://github.com/MetaTrustLabs/GPTScan-Web3Bugs
2. DefiHacks: https://github.com/MetaTrustLabs/GPTScan-DefiHacks
3. Top200: https://github.com/MetaTrustLabs/GPTScan-Top200