Instructions to use jhsu12/solidity-vulnerability-detector with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- PEFT
How to use jhsu12/solidity-vulnerability-detector with PEFT:
from peft import PeftModel from transformers import AutoModelForCausalLM base_model = AutoModelForCausalLM.from_pretrained("Qwen/Qwen2.5-Coder-7B-Instruct") model = PeftModel.from_pretrained(base_model, "jhsu12/solidity-vulnerability-detector") - Transformers
How to use jhsu12/solidity-vulnerability-detector with Transformers:
# Use a pipeline as a high-level helper from transformers import pipeline pipe = pipeline("text-generation", model="jhsu12/solidity-vulnerability-detector") messages = [ {"role": "user", "content": "Who are you?"}, ] pipe(messages)# Load model directly from transformers import AutoModel model = AutoModel.from_pretrained("jhsu12/solidity-vulnerability-detector", dtype="auto") - Notebooks
- Google Colab
- Kaggle
- Local Apps Settings
- vLLM
How to use jhsu12/solidity-vulnerability-detector with vLLM:
Install from pip and serve model
# Install vLLM from pip: pip install vllm # Start the vLLM server: vllm serve "jhsu12/solidity-vulnerability-detector" # Call the server using curl (OpenAI-compatible API): curl -X POST "http://localhost:8000/v1/chat/completions" \ -H "Content-Type: application/json" \ --data '{ "model": "jhsu12/solidity-vulnerability-detector", "messages": [ { "role": "user", "content": "What is the capital of France?" } ] }'Use Docker
docker model run hf.co/jhsu12/solidity-vulnerability-detector
- SGLang
How to use jhsu12/solidity-vulnerability-detector with SGLang:
Install from pip and serve model
# Install SGLang from pip: pip install sglang # Start the SGLang server: python3 -m sglang.launch_server \ --model-path "jhsu12/solidity-vulnerability-detector" \ --host 0.0.0.0 \ --port 30000 # Call the server using curl (OpenAI-compatible API): curl -X POST "http://localhost:30000/v1/chat/completions" \ -H "Content-Type: application/json" \ --data '{ "model": "jhsu12/solidity-vulnerability-detector", "messages": [ { "role": "user", "content": "What is the capital of France?" } ] }'Use Docker images
docker run --gpus all \ --shm-size 32g \ -p 30000:30000 \ -v ~/.cache/huggingface:/root/.cache/huggingface \ --env "HF_TOKEN=<secret>" \ --ipc=host \ lmsysorg/sglang:latest \ python3 -m sglang.launch_server \ --model-path "jhsu12/solidity-vulnerability-detector" \ --host 0.0.0.0 \ --port 30000 # Call the server using curl (OpenAI-compatible API): curl -X POST "http://localhost:30000/v1/chat/completions" \ -H "Content-Type: application/json" \ --data '{ "model": "jhsu12/solidity-vulnerability-detector", "messages": [ { "role": "user", "content": "What is the capital of France?" } ] }' - Docker Model Runner
How to use jhsu12/solidity-vulnerability-detector with Docker Model Runner:
docker model run hf.co/jhsu12/solidity-vulnerability-detector
Multi-Expert Smart Contract Vulnerability Detection β Design Document
Current Results Diagnosis
Critical Failures
- 25% parse failures (302/1206): Model output format is inconsistent
- Access Control F1: 0.0235 β Model essentially never detects this (recall 0.012)
- Reentrancy precision: 0.0663 β Model hallucinates Reentrancy everywhere (196 predictions vs 52 actual)
- Only Integer Overflow performs well (F1: 0.8207)
Root Causes
- Severe class imbalance in training data: Integer Overflow 3412 vs tx.origin 11
- Single model trying to learn 6 distinct vulnerability patterns simultaneously β patterns are very different (state updates for Reentrancy, auth checks for Access Control, arithmetic for Integer Overflow)
- No reasoning chains β model memorizes shortcuts rather than reasoning about code semantics
- Output format too rigid β model doesn't consistently follow the structured template
Research-Backed Solution: Multi-Expert Architecture
Key Papers Referenced
- VulnLLM-R (2512.07533): Reasoning models with distillation, constitution-based correction
- Smart-LLaMA-DPO (2506.18245): Balanced detection + explanation loss, DPO for explanation quality
- SmartLLM (2502.13167): Multi-role pipeline (Detector β Reasoner β Verificator)
- SmartVD (2409.10574): Composite function F(C) = (binary, type, severity)
Architecture: Router + Type-Specific Expert Adapters
βββββββββββββββββββ βββββββββββββββββββββββββββββββββββββββββββ
β Input Code ββββββΆβ Stage 1: Router (Binary + Type Hint) β
βββββββββββββββββββ βββββββββββββββββββββββββββββββββββββββββββ
β
ββββββββββββββββββΌβββββββββββββββββ
βΌ βΌ βΌ
βββββββββββββββ βββββββββββββββ βββββββββββββββ
βExpert 1: β βExpert 2: β βExpert 3: β
βReentrancy β βAccess Ctrl β βInteger Ov/ β
βLoRA (r=32) β βLoRA (r=32) β βUnder LoRA β
βββββββββββββββ βββββββββββββββ βββββββββββββββ
βββββββββββββββ βββββββββββββββ
βExpert 4: β βExpert 5: β
βTimestamp β βUnchecked β
βDependence β βCalls β
βββββββββββββββ βββββββββββββββ
β β
ββββββββββββββββββ
β
ββββββββββββββββββΌβββββββββββββββββ
βΌ βΌ βΌ
βββββββββββββββ βββββββββββββββ βββββββββββββββ
β Aggregate ββββ Stage 3: ββββ Severity β
β Results β β Finalize β β (if vuln) β
βββββββββββββββ βββββββββββββββ βββββββββββββββ
Why This Works
- Each expert only solves a binary problem: "Is this Reentrancy?" vs "Is this NOT Reentrancy?"
- No inter-type confusion: Reentrancy expert never confuses with Access Control
- Router provides type hints: Reduces the search space
- Small adapters (r=32): Total trainable params ~6 Γ 50M = 300M vs current single adapter ~616M
- Can be trained in parallel: 6 independent training jobs
Training Strategy Per Expert
Each expert trains on:
- Positive: All contracts with that specific vulnerability type
- Negative: Safe contracts + contracts with OTHER vulnerability types (hard negatives)
- This teaches the expert: "What makes THIS type different from ALL others?"
Reasoning Chains (from VulnLLM-R)
Each expert outputs reasoning before classification:
<analysis>
1. Identify external calls: `msg.sender.call{value: bal}("")`
2. Check state update timing: `balances[msg.sender] = 0` is AFTER the call
3. Follows checks-effects-interactions? No β external call before state update
</analysis>
<answer>
Vulnerable: Yes
Type: Reentrancy
Severity: Critical
</answer>
Output Format Fix
Use XML-style tags instead of markdown β easier for the model to learn and parse deterministically.