Securing Smart Contract Languages with a Unified Agentic Framework for Vulnerability Repair in Solidity and Move

TL;DR

Smartify is a multi-agent framework utilizing fine-tuned Large Language Models to automatically detect and repair vulnerabilities in Solidity and Move smart contracts, significantly improving security in blockchain applications.

Contribution

Introduces Smartify, a novel multi-agent LLM-based system that enhances vulnerability detection and repair in smart contracts without extensive language-specific pre-training.

Findings

Achieves state-of-the-art vulnerability repair performance.

Surpasses existing LLMs like Llama 3.1 in effectiveness.

Effectively incorporates language-specific security knowledge.

Abstract

The rapid growth of the blockchain ecosystem and the increasing value locked in smart contracts necessitate robust security measures. While languages like Solidity and Move aim to improve smart contract security, vulnerabilities persist. This paper presents Smartify, a novel multi-agent framework leveraging Large Language Models (LLMs) to automatically detect and repair vulnerabilities in Solidity and Move smart contracts. Unlike traditional methods that rely solely on vast pre-training datasets, Smartify employs a team of specialized agents working on different specially fine-tuned LLMs to analyze code based on underlying programming concepts and language-specific security principles. We evaluated Smartify on a dataset for Solidity and a curated dataset for Move, demonstrating its effectiveness in fixing a wide range of vulnerabilities. Our results show that Smartify (Gemma2+codegemma) achieves state-of-the-art performance, surpassing existing LLMs and enhancing general-purpose models' capabilities, such as Llama 3.1. Notably, Smartify can incorporate language-specific knowledge, such as the nuances of Move, without requiring massive language-specific pre-training datasets. This work offers a detailed analysis of various LLMs' performance on smart contract repair, highlighting the strengths of our multi-agent approach and providing a blueprint for developing more secure and reliable decentralized applications in the growing blockchain landscape. We also provide a detailed recipe for extending this to other similar use cases.