{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,15]],"date-time":"2025-11-15T10:35:35Z","timestamp":1763202935740,"version":"build-2065373602"},"reference-count":50,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2024,8,5]],"date-time":"2024-08-05T00:00:00Z","timestamp":1722816000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Software"],"abstract":"<jats:p>The advent of blockchain technology has revolutionized various sectors by providing transparency, immutability, and automation. Central to this revolution are smart contracts, which facilitate trustless and automated transactions across diverse domains. However, the proliferation of smart contracts has exposed significant security vulnerabilities, necessitating advanced analysis techniques. Data dependency analysis is a critical program analysis method used to enhance the testing and security of smart contracts. This paper introduces Sligpt, an innovative methodology that integrates a large language model (LLM), specifically GPT-4o, with the static analysis tool Slither, to perform data dependency analyses on Solidity smart contracts. Our approach leverages both the advanced code comprehension capabilities of GPT-4o and the advantages of a traditional analysis tool. We empirically evaluate Sligpt using a curated dataset of Ethereum smart contracts. Sligpt achieves significant improvements in precision, recall, and overall analysis depth compared with Slither and GPT-4o, providing a robust solution for data dependency analysis. This paper also discusses the challenges encountered, such as the computational resource requirements and the inherent variability in LLM outputs, while proposing future research directions to further enhance the methodology. Sligpt represents a significant advancement in the field of static analysis on smart contracts, offering a practical framework for integrating LLMs with static analysis tools.<\/jats:p>","DOI":"10.3390\/software3030018","type":"journal-article","created":{"date-parts":[[2024,8,5]],"date-time":"2024-08-05T18:21:40Z","timestamp":1722882100000},"page":"345-367","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Sligpt: A Large Language Model-Based Approach for Data Dependency Analysis on Solidity Smart Contracts"],"prefix":"10.3390","volume":"3","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0425-8987","authenticated-orcid":false,"given":"Xiaolei","family":"Ren","sequence":"first","affiliation":[{"name":"School of Computer Science and Engineering, Macau University of Science and Technology, Avenida Wai Long, Taipa, Macau 999078, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-1369-7415","authenticated-orcid":false,"given":"Qiping","family":"Wei","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, The University of Texas at Arlington, 500 UTA Blvd., Arlington, TX 76010, USA"}]}],"member":"1968","published-online":{"date-parts":[[2024,8,5]]},"reference":[{"key":"ref_1","unstructured":"Nakamoto, S. (2024, June 16). Bitcoin: A Peer-to-Peer Electronic Cash System. Available online: https:\/\/bitcoin.org\/bitcoin.pdf."},{"key":"ref_2","unstructured":"Buterin, V. (2024, June 16). Ethereum: A Next-Generation Smart Contract and Decentralized Application Platform. Available online: https:\/\/ethereum.org\/en\/whitepaper\/."},{"key":"ref_3","unstructured":"Wood, G. (2024, June 16). Ethereum: A Secure Decentralised Generalised Transaction Ledger. Available online: https:\/\/ethereum.github.io\/yellowpaper\/paper.pdf."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Peters, G.W., and Panayi, E. (2016). Understanding Modern Banking Ledgers Through Blockchain Technologies: Future of Transaction Processing and Smart Contracts on the Internet of Money, Springer.","DOI":"10.2139\/ssrn.2692487"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/bs.adcom.2018.03.006","article-title":"Blockchain technology use cases in healthcare","volume":"Volume 111","author":"Zhang","year":"2018","journal-title":"Advances in Computers"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Xu, X., Weber, I., Staples, M., Zhu, L., Bosch, J., Bass, L., Pautasso, C., and Rimba, P. (2017, January 3\u20137). A Taxonomy of Blockchain-based Systems for Architecture Design. Proceedings of the 2017 IEEE International Conference on Software Architecture (ICSA), Gothenburg, Sweden.","DOI":"10.1109\/ICSA.2017.33"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"2292","DOI":"10.1109\/ACCESS.2016.2566339","article-title":"Blockchains and Smart Contracts for the Internet of Things","volume":"4","author":"Christidis","year":"2016","journal-title":"IEEE Access"},{"key":"ref_8","unstructured":"Antonopoulos, A.M., and Harding, D.A. (2024, June 16). Mastering Bitcoin. Available online: https:\/\/www.oreilly.com\/library\/view\/mastering-bitcoin-3rd\/9781098150082\/."},{"key":"ref_9","unstructured":"Siegel, D. (2024, June 16). Understanding The DAO Attack. Available online: https:\/\/www.coindesk.com\/understanding-dao-hack-journalists."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"19","DOI":"10.4018\/JCIT.2019010102","article-title":"Understanding a Revolutionary and Flawed Grand Experiment in Blockchain: The DAO Attack","volume":"21","author":"Mehar","year":"2019","journal-title":"J. Cases Inf. Technol. (JCIT)"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Luu, L., Chu, D.H., Olickel, H., Saxena, P., and Hobor, A. (2016, January 24\u201328). Making Smart Contracts Smarter. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria.","DOI":"10.1145\/2976749.2978309"},{"key":"ref_12","unstructured":"Atzei, N., Bartoletti, M., and Cimoli, T. (2017, January 22\u201329). A Survey of Attacks on Ethereum Smart Contracts (sok). Proceedings of the Principles of Security and Trust: 6th International Conference, POST 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden. Proceedings 6."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Varol, O., Ferrara, E., Davis, C., Menczer, F., and Flammini, A. (2017, January 15\u201318). Online Human-bot Interactions: Detection, Estimation, and Characterization. Proceedings of the International AAAI Conference on Web and Social Media, Montreal, QC, Canada.","DOI":"10.1609\/icwsm.v11i1.14871"},{"key":"ref_14","unstructured":"Chess, B., and West, J. (2007). Secure Programming with Static Analysis, Addison-Wesley Professional."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"He, J., Balunovi\u0107, M., Ambroladze, N., Tsankov, P., and Vechev, M. (2019, January 11\u201315). Learning to Fuzz from Symbolic Execution with Application to Smart Contracts. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK.","DOI":"10.1145\/3319535.3363230"},{"key":"ref_16","unstructured":"So, S., Hong, S., and Oh, H. (2021, January 11\u201313). {SmarTest}: Effectively Hunting Vulnerable Transaction Sequences in Smart Contracts through Language {Model-Guided} Symbolic Execution. Proceedings of the 30th USENIX Security Symposium (USENIX Security 21), Vancouver, BC, Canada."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Choi, J., Kim, D., Kim, S., Grieco, G., Groce, A., and Cha, S.K. (2021, January 15\u201319). Smartian: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses. Proceedings of the 2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia.","DOI":"10.1109\/ASE51524.2021.9678888"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Wei, Q., Sikder, F., Feng, H., Lei, Y., Kacker, R., and Kuhn, R. (2023, January 11\u201313). SmartExecutor: Coverage-Driven Symbolic Execution Guided by a Function Dependency Graph. Proceedings of the 2023 5th Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS), Paris, France.","DOI":"10.1109\/BRAINS59668.2023.10316942"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Bose, P., Das, D., Chen, Y., Feng, Y., Kruegel, C., and Vigna, G. (2022, January 23\u201326). SAILFISH: Vetting Smart Contract State-Inconsistency Bugs in Seconds. Proceedings of the 2022 IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA.","DOI":"10.1109\/SP46214.2022.9833721"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Feist, J., Grieco, G., and Groce, A. (2019, January 27). Slither: A Static Analysis Framework for Smart Contracts. Proceedings of the 2019 IEEE\/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), Montreal, QC, Canada.","DOI":"10.1109\/WETSEB.2019.00008"},{"key":"ref_21","first-page":"2312","article-title":"The Art, Science, and Engineering of Fuzzing: A Survey","volume":"47","author":"Han","year":"2019","journal-title":"IEEE Trans. Softw. Eng."},{"key":"ref_22","first-page":"1877","article-title":"Language Models are Few-Shot Learners","volume":"33","author":"Brown","year":"2020","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref_23","unstructured":"Chen, M., Tworek, J., Jun, H., Yuan, Q., Pinto, H.P.d.O., Kaplan, J., Edwards, H., Burda, Y., Joseph, N., and Brockman, G. (2021). Evaluating Large Language Models Trained on Code. arXiv."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Feng, Z., Guo, D., Tang, D., Duan, N., Feng, X., Gong, M., Shou, L., Qin, B., Liu, T., and Jiang, D. (2020). Codebert: A Pre-trained Model for Programming and Natural Languages. arXiv.","DOI":"10.18653\/v1\/2020.findings-emnlp.139"},{"key":"ref_25","unstructured":"Ma, W., Liu, S., Wang, W., Hu, Q., Zhang, C., and Liu, Y. (2023). ChatGPT: Understanding Code Syntax and Semantics. arXiv."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Huang, K., Meng, X., Zhang, J., Liu, Y., Wang, W., Li, S., and Zhang, Y. (2023, January 11\u201315). An Empirical Study on Fine-Tuning Large Language Models of Code for Automated Program Repair. Proceedings of the 2023 38th IEEE\/ACM International Conference on Automated Software Engineering (ASE), Luxembourg.","DOI":"10.1109\/ASE56229.2023.00181"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Sun, Y., Wu, D., Xue, Y., Liu, H., Wang, H., Xu, Z., Xie, X., and Liu, Y. (2024, January 14\u201320). GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis. Proceedings of the 2024 IEEE\/ACM 45th International Conference on Software Engineering (ICSE), Lisbon, Portugal.","DOI":"10.1145\/3597503.3639117"},{"key":"ref_28","unstructured":"Zhang, L., Li, K., Sun, K., Wu, D., Liu, Y., Tian, H., and Liu, Y. (2024). Acfix: Guiding LLMs with Mined Common RBAC Practices for Context-Aware Repair of Access Control Vulnerabilities in Smart Contracts. arXiv."},{"key":"ref_29","unstructured":"Szabo, N. (2024, June 16). The Idea of Smart Contracts. Available online: https:\/\/nakamotoinstitute.org\/the-idea-of-smart-contracts\/."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Croman, K., Decker, C., Eyal, I., Gencer, A.E., Juels, A., Kosba, A., Miller, A., Saxena, P., Shi, E., and G\u00fcn Sirer, E. (2016, January 22\u201326). On Scaling Decentralized Blockchains: (A Position Paper). Proceedings of the International Conference on Financial Cryptography and Data Security, Christ Church, Barbados.","DOI":"10.1007\/978-3-662-53357-4_8"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"104","DOI":"10.1145\/2701411","article-title":"Bitcoin: Under the hood","volume":"58","author":"Zohar","year":"2015","journal-title":"Commun. ACM"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Delmolino, K., Arnett, M., Kosba, A., Miller, A., and Shi, E. (2016, January 26). Step by Step towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab. Proceedings of the Financial Cryptography and Data Security: FC 2016 International Workshops, BITCOIN, VOTING, and WAHC, Christ Church, Barbados. Revised Selected Papers 20.","DOI":"10.1007\/978-3-662-53357-4_6"},{"key":"ref_33","unstructured":"Mueller, B. (2018, January 9\u201313). Smashing Ethereum Smart Contracts for Fun and Profit. Proceedings of the HITBSecConf, Amsterdam, The Netherlands."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Gollamudi, A., Gonthier, G., Kobeissi, N., Kulatova, N., Rastogi, A., Sibut-Pinote, T., and Swamy, N. (2016, January 24). Formal Verification of Smart Contracts: Short Paper. Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, Vienna, Austria.","DOI":"10.1145\/2993600.2993611"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Nikoli\u0107, I., Kolluri, A., Sergey, I., Saxena, P., and Hobor, A. (2018, January 3\u20137). Finding the Greedy, Prodigal, and Suicidal Contracts at Scale. Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, PR, USA.","DOI":"10.1145\/3274694.3274743"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., and Vechev, M. (2018, January 15\u201319). Securify: Practical Security Analysis of Smart Contracts. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada.","DOI":"10.1145\/3243734.3243780"},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3290353","article-title":"code2vec: Learning Distributed Representations of Code","volume":"3","author":"Alon","year":"2019","journal-title":"Proc. ACM Program. Lang."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Gupta, R., Pal, S., Kanade, A., and Shevade, S. (2017, January 4\u20139). Deepfix: Fixing Common C Language Errors by Deep Learning. Proceedings of the AAAI Conference on Artificial Intelligence, San Francisco, CA, USA.","DOI":"10.1609\/aaai.v31i1.10742"},{"key":"ref_39","unstructured":"Haldar, R., and Hockenmaier, J. (2024). Analyzing the Performance of Large Language Models on Code Summarization. arXiv."},{"key":"ref_40","first-page":"1","article-title":"Deep Double Descent: Where Bigger Models and More Data Hurt","volume":"124003","author":"Nakkiran","year":"2021","journal-title":"J. Stat. Mech. Theory Exp."},{"key":"ref_41","unstructured":"Finn, C., Abbeel, P., and Levine, S. (2017, January 6\u201311). Model-agnostic Meta-learning for Fast Adaptation of Deep Networks. Proceedings of the International Conference on Machine Learning, Sydney, Australia."},{"key":"ref_42","first-page":"4080","article-title":"Prototypical Networks for Few-Shot Learning","volume":"30","author":"Snell","year":"2017","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref_43","first-page":"3637","article-title":"Matching Networks for One Shot Learning","volume":"29","author":"Vinyals","year":"2016","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref_44","first-page":"1","article-title":"Generalizing from a Few Examples: A Survey on Few-Shot Learning","volume":"53","author":"Wang","year":"2020","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"ref_45","first-page":"24824","article-title":"Chain-of-Thought Prompting Elicits Reasoning in Large Language Models","volume":"35","author":"Wei","year":"2022","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref_46","unstructured":"Nye, M., Andreassen, A.J., Gur-Ari, G., Michalewski, H., Austin, J., Bieber, D., Dohan, D., Lewkowycz, A., Bosma, M., and Luan, D. (2021). Show Your Work: Scratchpads for Intermediate Computation with Language Models. arXiv."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"12","DOI":"10.21659\/rupkatha.v15n4.17","article-title":"Hallucinations in ChatGPT: An Unreliable Tool for Learning","volume":"15","author":"Ahmad","year":"2023","journal-title":"Rupkatha J. Interdiscip. Stud. Humanit."},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"e53164","DOI":"10.2196\/53164","article-title":"Hallucination Rates and Reference Accuracy of ChatGPT and Bard for Systematic Reviews: Comparative Analysis","volume":"26","author":"Chelli","year":"2024","journal-title":"J. Med. Internet Res."},{"key":"ref_49","first-page":"e37432","article-title":"Exploring the Boundaries of Reality: Investigating the Phenomenon of Artificial Intelligence Hallucination in Scientific Writing Through ChatGPT References","volume":"15","author":"Athaluri","year":"2023","journal-title":"Cureus"},{"key":"ref_50","unstructured":"Shung, K.P. (2024, June 16). Accuracy, Precision, Recall, or F1?. Available online: https:\/\/towardsdatascience.com\/accuracy-precision-recall-or-f1-331fb37c5cb9."}],"container-title":["Software"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2674-113X\/3\/3\/18\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T15:30:22Z","timestamp":1760110222000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2674-113X\/3\/3\/18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,8,5]]},"references-count":50,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2024,9]]}},"alternative-id":["software3030018"],"URL":"https:\/\/doi.org\/10.3390\/software3030018","relation":{},"ISSN":["2674-113X"],"issn-type":[{"type":"electronic","value":"2674-113X"}],"subject":[],"published":{"date-parts":[[2024,8,5]]}}}