Breaking Barriers: GPTScan's Game-changing Role in Smart Contract Security

3 Minutes Read

MetaTrust Labs

MetaTrust Labs


With the combination of Generative Pre-training Transformer (GPT) and static analysis, GPTScan can detect logic vulnerabilities in smart contracts efficiently.

The Web3 security industry has a new tool in its arsenal to combat vulnerabilities in smart contracts, the GPTScan. Developed by researchers at MetaTrust Labs, GPTScan is a powerful engine integrated in the AI-driven security scanning tool MetaScan. With the combination of Generative Pre-training Transformer (GPT) and static analysis, GPTScan can detect logic vulnerabilities in smart contracts efficiently.

First went pubic in the early of August 2023, the paper <When GPT Meets Program Analysis: Towards Intelligent Detection of Smart Contract Logic Vulnerabilities in GPTScan> has now been submitted to top conferences in the field of software engineering, recognizing GPTScan's tremendous value to both theory and practice. For researchers, GPTScan opens up new frontiers in AI-driven security. The techniques underpinning GPTScan will inspire further work into hybrid AI approaches. On the shoulders of GPTScan, the software engineering community can make rapid progress in building robust, reliable and safe decentralized systems. Researchers of MetaTrust AI Labs addressed in an academic interview,

GPTScan is the first tool of its kind that utilizes GPT to match candidate vulnerable functions based on code-level scenarios and properties.

It then instructs GPT to intelligently recognize key variables and statements, which are validated by static confirmation. This approach enhances accuracy and reduces false positives, which can be a significant issue when relying solely on GPT to identify vulnerabilities. 001.png Try GPTScan for FREE:

In a recent study, GPTScan was evaluated on three diverse datasets with around 400 contract projects and 3K Solidity files. The results showed that GPTScan achieved high precision (over 90%) for token contracts especially for large projects like DefiHacks. It effectively detects ground-truth logic vulnerabilities with a recall of over 70%. 002.png

GPTScan embodies a significant revolution in the realm of Web3 security. Its prowess lies in uncovering previously imperceptible vulnerabilities while simultaneously mitigating false alarms, rendering it a valuable complement to the domain of smart contract security. With the proliferation of smart contracts and DeFi projects, exploits of vulnerable contracts have led to billions in losses, the demand for efficient security tools akin to GPTScan has grown markedly urgent. GPTScan offers unparalleled advantages for smart contract developers and auditors, enabling them to identify previously uncharted vulnerabilities and curtail financial and reputational risks.

In particular, GPTScan identified 9 new vulnerabilities that were not present in the audit reports of Code4rena. This highlights the value of GPTScan as a useful supplement to human auditors. 003.jpeg

As a potent tool, GPTScan has attracted the attention of top blockchain media Cointelegraph, and it's AI+Blockchain innovative features are considered to have potential changing blockchain ecosystem.

The inherent autonomy of AI aligns seamlessly with the decentralized and autonomous characteristics of blockchain and smart contracts, it holds the potential to shift the current centralized governance prevalent in the blockchain ecosystem to a truly decentralized and self-governing paradigm.

GPTScan's capabilities contribute to the enhancement of both smart contracts and the entire Web3 ecosystem's security. It not only has the ability to uncover previously undetected vulnerabilities, but also to mitigate false positives, thereby holding significant value in the domain of smart contract security. The Web3 security sector is in urgent need of tools like GPTScan, fully harnessing its boundless potential in identifying intricate smart contract vulnerabilities.

About Us

At MetaTrust, our primary focus is on creating a secure infrastructure that caters to the needs of developers in the WEB 3.0 space. We offer an array of AI-Driven automation tools and security services to assist Web3 developers and project stakeholders in achieving a secure development environment.

Website || Twitter || Telegram || Try GPTScan for FREE

Share this article