{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T01:29:13Z","timestamp":1775179753451,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":66,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,4,12]],"date-time":"2024-04-12T00:00:00Z","timestamp":1712880000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"AI Singapore Programme the National Research Foundation, Singapore","award":["AISG2-RP-2020-019"],"award-info":[{"award-number":["AISG2-RP-2020-019"]}]},{"name":"National Cybersecurity R&D Programme","award":["NCRP25-P04-TAICeN"],"award-info":[{"award-number":["NCRP25-P04-TAICeN"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,4,12]]},"DOI":"10.1145\/3597503.3639117","type":"proceedings-article","created":{"date-parts":[[2024,4,12]],"date-time":"2024-04-12T16:43:26Z","timestamp":1712940206000},"page":"1-13","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":130,"title":["GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4340-3371","authenticated-orcid":false,"given":"Yuqiang","family":"Sun","sequence":"first","affiliation":[{"name":"School of Computer Science and Engineering, Nanyang Technological University, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3752-0718","authenticated-orcid":false,"given":"Daoyuan","family":"Wu","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Nanyang Technological University, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-2141-2044","authenticated-orcid":false,"given":"Yue","family":"Xue","sequence":"additional","affiliation":[{"name":"MetaTrust Labs, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-8384-7933","authenticated-orcid":false,"given":"Han","family":"Liu","sequence":"additional","affiliation":[{"name":"Shanghai Key Laboratory of Trustworthy Computing, East China Normal University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-3509-3919","authenticated-orcid":false,"given":"Haijun","family":"Wang","sequence":"additional","affiliation":[{"name":"Xi'an Jiaotong University, Xi'an, Shanxi, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8390-7518","authenticated-orcid":false,"given":"Zhengzi","family":"Xu","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Nanyang Technological University, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1288-6502","authenticated-orcid":false,"given":"Xiaofei","family":"Xie","sequence":"additional","affiliation":[{"name":"Singapore Management University, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7300-9215","authenticated-orcid":false,"given":"Yang","family":"Liu","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Nanyang Technological University, Singapore, Singapore"}]}],"member":"320","published-online":{"date-parts":[[2024,4,12]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2016. https:\/\/www.coindesk.com\/learn\/understanding-the-dao-attack\/"},{"key":"e_1_3_2_1_2_1","unstructured":"2021. https:\/\/github.com\/code-423n4\/2021-11-yaxis"},{"key":"e_1_3_2_1_3_1","unstructured":"2022. https:\/\/www.freecodecamp.org\/news\/what-is-yaml-the-yml-file-format\/"},{"key":"e_1_3_2_1_4_1","unstructured":"2023. https:\/\/blog.openzeppelin.com\/on-the-parity-wallet-multisig-hack-405a8c12e8f7"},{"key":"e_1_3_2_1_5_1","unstructured":"2023. https:\/\/openai.com\/chatgpt"},{"key":"e_1_3_2_1_6_1","unstructured":"2023. https:\/\/openai.com\/pricing"},{"key":"e_1_3_2_1_7_1","unstructured":"2023. https:\/\/github.com\/crytic\/crytic-compile"},{"key":"e_1_3_2_1_8_1","unstructured":"2023. https:\/\/github.com\/ZhangZhuoSJTU\/Web3Bugs"},{"key":"e_1_3_2_1_9_1","unstructured":"2023. https:\/\/wooded-meter-1d8.notion.site\/0e85e02c5ed34df3855ea9f3ca40f53b?v=22e5e2c506ef4caeb40b4f78e23517ee"},{"key":"e_1_3_2_1_10_1","unstructured":"2023. https:\/\/code4rena.com\/"},{"key":"e_1_3_2_1_11_1","unstructured":"2023. https:\/\/soliditylang.org\/"},{"key":"e_1_3_2_1_12_1","unstructured":"2023. https:\/\/docs.soliditylang.org\/en\/latest\/smtchecker.html"},{"key":"e_1_3_2_1_13_1","unstructured":"2023. https:\/\/github.com\/Consensys\/mythril"},{"key":"e_1_3_2_1_14_1","unstructured":"2023. https:\/\/blog.trailofbits.com\/2023\/03\/22\/codex-and-gpt4-cant-beat-humans-on-smart-contract-audits\/"},{"key":"e_1_3_2_1_15_1","unstructured":"2023. https:\/\/github.com\/code-423n4\/2022-04-jpegd-findings\/issues\/12"},{"key":"e_1_3_2_1_16_1","unstructured":"2023. https:\/\/github.com\/code-423n4\/2022-04-backd"},{"key":"e_1_3_2_1_17_1","unstructured":"2023. https:\/\/github.com\/code-423n4\/2022-04-backd-findings\/issues\/36"},{"key":"e_1_3_2_1_18_1","unstructured":"2023. https:\/\/github.com\/code-423n4\/2022-05-backd\/blob\/2a5664d35cde5b036074edef3c1369b984d10010\/protocol\/contracts\/StakerVault.sol"},{"key":"e_1_3_2_1_19_1","unstructured":"2023. https:\/\/app.metatrust.io\/"},{"key":"e_1_3_2_1_20_1","unstructured":"2023. https:\/\/github.com\/openai\/tiktoken"},{"key":"e_1_3_2_1_21_1","unstructured":"2023. ANTLR. https:\/\/www.antlr.org\/"},{"key":"e_1_3_2_1_22_1","unstructured":"2023. Breaking Barriers: GPTScan's Game-changing Role in Smart Contract Security. https:\/\/metatrust.io\/company\/newsroom\/post\/breaking-barriers-gptscans-gamechanging-role-in-smart-contract-security"},{"key":"e_1_3_2_1_23_1","unstructured":"2023. falcon-metatrust: MetaTrust fork of Slither Analyzer. https:\/\/github.com\/MetaTrustLabs\/falcon-metatrust"},{"key":"e_1_3_2_1_24_1","unstructured":"2023. GreyDGL\/PentestGPT. https:\/\/github.com\/GreyDGL\/PentestGPT"},{"key":"e_1_3_2_1_25_1","unstructured":"2023. MetaScan v1.6: Unparalleled Visibility and AI Security for Smart Contracts. https:\/\/metatrust.io\/company\/newsroom\/post\/metascan-v16-unparalleled-visibility-and-ai-security-for-smart-contracts"},{"key":"e_1_3_2_1_26_1","unstructured":"2023. OpenZeppelin. https:\/\/www.openzeppelin.com"},{"key":"e_1_3_2_1_27_1","unstructured":"2023. Overview - OpenAI API. https:\/\/platform.openai.com"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833721"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3385412.3385990"},{"key":"e_1_3_2_1_30_1","volume-title":"Vandal: A scalable security analysis framework for smart contracts. arXiv preprint arXiv:1809.03981","author":"Brent Lexi","year":"2018","unstructured":"Lexi Brent, Anton Jurisevic, Michael Kong, Eric Liu, Francois Gauthier, Vincent Gramoli, Ralph Holz, and Bernhard Scholz. 2018. Vandal: A scalable security analysis framework for smart contracts. arXiv preprint arXiv:1809.03981 (2018)."},{"key":"e_1_3_2_1_31_1","unstructured":"Tom Brown Benjamin Mann Nick Ryder Melanie Subbiah Jared D Kaplan Prafulla Dhariwal Arvind Neelakantan Pranav Shyam Girish Sastry Amanda Askell et al. 2020. Language models are few-shot learners. Advances in neural information processing systems 33 (2020) 1877--1901."},{"key":"e_1_3_2_1_32_1","volume-title":"DiverseVul: A New Vulnerable Source Code Dataset for Deep Learning Based Vulnerability Detection. arXiv preprint arXiv:2304.00409","author":"Chen Yizheng","year":"2023","unstructured":"Yizheng Chen, Zhoujie Ding, Xinyun Chen, and David Wagner. 2023. DiverseVul: A New Vulnerable Source Code Dataset for Deep Learning Based Vulnerability Detection. arXiv preprint arXiv:2304.00409 (2023)."},{"key":"e_1_3_2_1_33_1","volume-title":"Evaluation of ChatGPT Model for Vulnerability Detection. arXiv preprint arXiv:2304.07232","author":"Cheshkov Anton","year":"2023","unstructured":"Anton Cheshkov, Pavel Zadorozhny, and Rodion Levichev. 2023. Evaluation of ChatGPT Model for Vulnerability Detection. arXiv preprint arXiv:2304.07232 (2023)."},{"key":"e_1_3_2_1_34_1","volume-title":"Do you still need a manual smart contract audit? arXiv:2306.12338 (Jun","author":"David Isaac","year":"2023","unstructured":"Isaac David, Liyi Zhou, Kaihua Qin, Dawn Song, Lorenzo Cavallaro, and Arthur Gervais. 2023. Do you still need a manual smart contract audit? arXiv:2306.12338 (Jun 2023). http:\/\/arxiv.org\/abs\/2306.12338 arXiv:2306.12338 [cs]."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598067"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598125"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/WETSEB.2019.00008"},{"key":"e_1_3_2_1_38_1","volume-title":"Prompting Is All Your Need: Automated Android Bug Replay with Large Language Models. arXiv preprint arXiv:2306.01987","author":"Feng Sidong","year":"2023","unstructured":"Sidong Feng and Chunyang Chen. 2023. Prompting Is All Your Need: Automated Android Bug Replay with Large Language Models. arXiv preprint arXiv:2306.01987 (2023)."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00087"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3404366"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238177"},{"key":"e_1_3_2_1_42_1","volume-title":"Impact of code language models on automated program repair. arXiv preprint arXiv:2302.05020","author":"Jiang Nan","year":"2023","unstructured":"Nan Jiang, Kevin Liu, Thibaud Lutellier, and Lin Tan. 2023. Impact of code language models on automated program repair. arXiv preprint arXiv:2302.05020 (2023)."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23082"},{"key":"e_1_3_2_1_44_1","volume-title":"Machel Reid, Yutaka Matsuo, and Yusuke Iwasawa.","author":"Kojima Takeshi","year":"2022","unstructured":"Takeshi Kojima, Shixiang Shane Gu, Machel Reid, Yutaka Matsuo, and Yusuke Iwasawa. 2022. Large language models are zero-shot reasoners. Advances in neural information processing systems 35 (2022), 22199--22213."},{"key":"e_1_3_2_1_45_1","unstructured":"Emi Lacapra. 2023. What are liquidity provider (LP) tokens and how do they work? https:\/\/cointelegraph.com\/explained\/what-are-liquidity-provider-lp-tokens-and-how-do-they-work"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534372"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00133"},{"key":"e_1_3_2_1_48_1","volume-title":"Detecting software vulnerabilities using Language Models. arXiv preprint arXiv:2302.11773","author":"Omar Marwan","year":"2023","unstructured":"Marwan Omar. 2023. Detecting software vulnerabilities using Language Models. arXiv preprint arXiv:2302.11773 (2023)."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","unstructured":"Long Ouyang Jeff Wu Xu Jiang Diogo Almeida Carroll L. Wainwright Pamela Mishkin Chong Zhang Sandhini Agarwal Katarina Slama Alex Ray John Schulman Jacob Hilton Fraser Kelton Luke Miller Maddie Simens Amanda Askell Peter Welinder Paul Christiano Jan Leike and Ryan Lowe. 2022. Training language models to follow instructions with human feedback. arXiv:2203.02155 [cs]. 10.48550\/arXiv.2203.02155","DOI":"10.48550\/arXiv.2203.02155"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","unstructured":"Long Ouyang Jeff Wu Xu Jiang Diogo Almeida Carroll L. Wainwright Pamela Mishkin Chong Zhang Sandhini Agarwal Katarina Slama Alex Ray John Schulman Jacob Hilton Fraser Kelton Luke Miller Maddie Simens Amanda Askell Peter Welinder Paul Christiano Jan Leike and Ryan Lowe. 2022. Training language models to follow instructions with human feedback. (2022). 10.48550\/ARXIV.2203.02155","DOI":"10.48550\/ARXIV.2203.02155"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00024"},{"key":"e_1_3_2_1_52_1","volume-title":"Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019","author":"Rodler Michael","year":"2019","unstructured":"Michael Rodler, Wenting Li, Ghassan O. Karame, and Lucas Davi. 2019. Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24--27, 2019. The Internet Society."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00032"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3498665"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3564625.3567985"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243780"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"crossref","unstructured":"Yizhong Wang Yeganeh Kordi Swaroop Mishra Alisa Liu Noah A. Smith Daniel Khashabi and Hannaneh Hajishirzi. 2022. Self-Instruct: Aligning Language Model with Self Generated Instructions.","DOI":"10.18653\/v1\/2023.acl-long.754"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE52982.2021.00047"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3417064"},{"key":"e_1_3_2_1_60_1","volume-title":"Keep the Conversation Going: Fixing 162 out of 337 bugs for $0.42 each using ChatGPT. arXiv preprint arXiv:2304.00385","author":"Xia Chunqiu Steven","year":"2023","unstructured":"Chunqiu Steven Xia and Lingming Zhang. 2023. Keep the Conversation Going: Fixing 162 out of 337 bugs for $0.42 each using ChatGPT. arXiv preprint arXiv:2304.00385 (2023)."},{"key":"e_1_3_2_1_61_1","volume-title":"Cross-Contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts. In 35th IEEE\/ACM International Conference on Automated Software Engineering, ASE 2020","author":"Xue Yinxing","year":"2020","unstructured":"Yinxing Xue, Mingliang Ma, Yun Lin, Yulei Sui, Jiaming Ye, and Tianyong Peng. 2020. Cross-Contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts. In 35th IEEE\/ACM International Conference on Automated Software Engineering, ASE 2020, Melbourne, Australia, September 21--25, 2020. IEEE, 1029--1040."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.24222"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2019.00052"},{"key":"e_1_3_2_1_64_1","volume-title":"Wei Bi, Freda Shi, and Shuming Shi.","author":"Zhang Yue","year":"2023","unstructured":"Yue Zhang, Yafu Li, Leyang Cui, Deng Cai, Lemao Liu, Tingchen Fu, Xinting Huang, Enbo Zhao, Yu Zhang, Yulong Chen, Longyue Wang, Anh Tuan Luu, Wei Bi, Freda Shi, and Shuming Shi. 2023. Siren's Song in the AI Ocean: A Survey on Hallucination in Large Language Models. arXiv:2309.01219 [cs.CL]"},{"key":"e_1_3_2_1_65_1","volume-title":"Demystifying Exploitable Bugs in Smart Contracts. In 2023 IEEE\/ACM 37th IEEE International Conference on Software Engineering.","author":"Zhang Zhuo","year":"2023","unstructured":"Zhuo Zhang, Brian Zhang, Wen Xu, and Zhiqiang Lin. 2023. Demystifying Exploitable Bugs in Smart Contracts. In 2023 IEEE\/ACM 37th IEEE International Conference on Software Engineering."},{"key":"e_1_3_2_1_66_1","volume-title":"SoK: Decentralized Finance (DeFi) Attacks. In IEEE Symposium on Security and Privacy (SP). IEEE.","author":"Zhou Liyi","year":"2023","unstructured":"Liyi Zhou, Xihan Xiong, Jens Ernstberger, Stefanos Chaliasos, Zhipeng Wang, Ye Wang, Kaihua Qin, Roger Wattenhofer, Dawn Song, and Arthur Gervais. 2023. SoK: Decentralized Finance (DeFi) Attacks. In IEEE Symposium on Security and Privacy (SP). IEEE."}],"event":{"name":"ICSE '24: IEEE\/ACM 46th International Conference on Software Engineering","location":"Lisbon Portugal","acronym":"ICSE '24","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS","Faculty of Engineering of University of Porto"]},"container-title":["Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3597503.3639117","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3597503.3639117","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:49:12Z","timestamp":1750286952000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3597503.3639117"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,12]]},"references-count":66,"alternative-id":["10.1145\/3597503.3639117","10.1145\/3597503"],"URL":"https:\/\/doi.org\/10.1145\/3597503.3639117","relation":{},"subject":[],"published":{"date-parts":[[2024,4,12]]},"assertion":[{"value":"2024-04-12","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}