Browsing by Author "SILVA, FRANCISCO JOSÉ DE SOUSA FERREIRA DA"
Now showing 1 - 1 of 1
Results Per Page
Sort Options
- Solidity code security analysis with generative AIPublication . SILVA, FRANCISCO JOSÉ DE SOUSA FERREIRA DA; Azevedo, Isabel de Fátima SilvaBlockchain technology has revolutionised how businesses are conducted, and smart contracts are at the forefront of this change. Smart contracts are digital programs that run on a blockchain when specific conditions are met, replicating the terms of real-world agreements with greater efficiency and lower costs. The Ethereum platform is the most popular for developing smart contracts, owing to its decentralised Turing-complete machine, known as the Ethereum Virtual Machine (EVM), which can execute scripts across a global network of public compute nodes. Despite this being a powerful tool, smart contracts can still be vulnerable to hacking. This study delves into the current state of security vulnerability detection for Solidity code, which is the main programming language for Ethereum smart contracts. This thesis aims to understand and evaluate whether the LLM can detect security vulnerabilities and if they are more effective than static analysis tools. The analysis is focused mainly on two of the vulnerabilities that generated the largest monetary losses in 2024: Access Control ($953.2M) and Reentrancy($35.7M). The comparative analysis was carried out on 150 smart contracts using Slither, a static analysis tool widely used, able to detect up to 100 vulnerabilities and optimisations, and an LLM modelcodellama, an open-source model pre-trained with Solidity, which is specialised in code generation and discussion. The analysis shows that Slither is currently more mature and reliable than Codellama, achieving an accuracy of 0.95%, which means that the tool was able to identify all vulnerabilities correctly. Furthermore, when comparing Slither to Codellama, it can be concluded that Slither is much faster at performing the analysis, with an average time of 2.17 seconds per Solidity file. Although Slither is rated as more effective than Codellama, the analysis also confirms the potential of large language model-based approaches in detecting security vulnerabilities in Solidity code.