ETrace:Event-Driven Vulnerability Detection in Smart Contracts via LLM-Based Trace Analysis

TL;DR

ETrace is a novel framework that uses large language models to analyze transaction logs and detect vulnerabilities in smart contracts without needing access to the source code.

Contribution

ETrace introduces an event-driven vulnerability detection approach leveraging LLMs for semantic analysis of transaction logs, addressing limitations of traditional static and dynamic methods.

Findings

Effective in identifying vulnerabilities through log analysis

Does not require access to smart contract source code

Preliminary experiments validate its potential

Abstract

With the advance application of blockchain technology in various fields, ensuring the security and stability of smart contracts has emerged as a critical challenge. Current security analysis methodologies in vulnerability detection can be categorized into static analysis and dynamic analysis methods.However, these existing traditional vulnerability detection methods predominantly rely on analyzing original contract code, not all smart contracts provide accessible code.We present ETrace, a novel event-driven vulnerability detection framework for smart contracts, which uniquely identifies potential vulnerabilities through LLM-powered trace analysis without requiring source code access. By extracting fine-grained event sequences from transaction logs, the framework leverages Large Language Models (LLMs) as adaptive semantic interpreters to reconstruct event analysis through chain-of-thought reasoning. ETrace implements pattern-matching to establish causal links between transaction behavior patterns and known attack behaviors. Furthermore, we validate the effectiveness of ETrace through preliminary experimental results.