Smart contracts, self-executing agreements directly encoded in code, are fundamental to blockchain technology, especially in decentralized finance (DeFi) and Web3. However, the rise of Ponzi schemes in smart contracts poses significant risks, leading to substantial financial losses and eroding trust in blockchain systems. Existing detection methods, such as PonziGuard, depend on large amounts of labeled data and struggle to identify unseen Ponzi schemes, limiting their reliability and generalizability. In contrast, we introduce PonziSleuth, the first LLM-driven approach for detecting Ponzi smart contracts, which requires no labeled training data. PonziSleuth utilizes advanced language understanding capabilities of LLMs to analyze smart contract source code through a novel two-step zero-shot chain-of-thought prompting technique. Our extensive evaluation on benchmark datasets and real-world contracts demonstrates that PonziSleuth delivers comparable, and often superior, performance without the extensive data requirements, achieving a balanced detection accuracy of 96.06% with GPT-3.5-turbo, 93.91% with LLAMA3, and 94.27% with Mistral. In real-world detection, PonziSleuth successfully identified 15 new Ponzi schemes from 4,597 contracts verified by Etherscan in March 2024, with a false negative rate of 0% and a false positive rate of 0.29%. These results highlight PonziSleuth's capability to detect diverse and novel Ponzi schemes, marking a significant advancement in leveraging LLMs for enhancing blockchain security and mitigating financial scams.
翻译:智能合约,即直接编码于程序中的自执行协议,是区块链技术的基础,尤其在去中心化金融(DeFi)和Web3领域。然而,智能合约中庞氏骗局的兴起带来了重大风险,导致巨额财务损失并侵蚀了人们对区块链系统的信任。现有的检测方法(如PonziGuard)依赖于大量标注数据,且难以识别未见过的庞氏骗局,限制了其可靠性与泛化能力。相比之下,我们提出了PonziSleuth,这是首个基于大语言模型的庞氏智能合约检测方法,无需任何标注训练数据。PonziSleuth利用大语言模型先进的语言理解能力,通过一种新颖的两步零样本思维链提示技术来分析智能合约源代码。我们在基准数据集和真实世界合约上进行的大量评估表明,PonziSleuth无需海量数据即可提供相当甚至更优的性能:使用GPT-3.5-turbo时平衡检测准确率达到96.06%,使用LLAMA3时为93.91%,使用Mistral时为94.27%。在真实世界检测中,PonziSleuth成功从2024年3月Etherscan验证的4,597份合约中识别出15个新的庞氏骗局,其漏报率为0%,误报率为0.29%。这些结果凸显了PonziSleuth检测多样化和新型庞氏骗局的能力,标志着在利用大语言模型增强区块链安全性和减少金融诈骗方面取得了重要进展。