solidity-vulnerability-detector / design_document.md
jhsu12's picture
Add multi-expert training and evaluation scripts
7e93a29 verified
|
Raw
History Blame Contribute Delete
5.12 kB
# Multi-Expert Smart Contract Vulnerability Detection β€” Design Document
## Current Results Diagnosis
### Critical Failures
- **25% parse failures** (302/1206): Model output format is inconsistent
- **Access Control F1: 0.0235** β€” Model essentially never detects this (recall 0.012)
- **Reentrancy precision: 0.0663** β€” Model hallucinates Reentrancy everywhere (196 predictions vs 52 actual)
- **Only Integer Overflow performs well** (F1: 0.8207)
### Root Causes
1. **Severe class imbalance in training data**: Integer Overflow 3412 vs tx.origin 11
2. **Single model trying to learn 6 distinct vulnerability patterns simultaneously** β€” patterns are very different (state updates for Reentrancy, auth checks for Access Control, arithmetic for Integer Overflow)
3. **No reasoning chains** β€” model memorizes shortcuts rather than reasoning about code semantics
4. **Output format too rigid** β€” model doesn't consistently follow the structured template
## Research-Backed Solution: Multi-Expert Architecture
### Key Papers Referenced
- **VulnLLM-R** (2512.07533): Reasoning models with distillation, constitution-based correction
- **Smart-LLaMA-DPO** (2506.18245): Balanced detection + explanation loss, DPO for explanation quality
- **SmartLLM** (2502.13167): Multi-role pipeline (Detector β†’ Reasoner β†’ Verificator)
- **SmartVD** (2409.10574): Composite function F(C) = (binary, type, severity)
### Architecture: Router + Type-Specific Expert Adapters
```
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Input Code │────▢│ Stage 1: Router (Binary + Type Hint) β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
β”‚
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β–Ό β–Ό β–Ό
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚Expert 1: β”‚ β”‚Expert 2: β”‚ β”‚Expert 3: β”‚
β”‚Reentrancy β”‚ β”‚Access Ctrl β”‚ β”‚Integer Ov/ β”‚
β”‚LoRA (r=32) β”‚ β”‚LoRA (r=32) β”‚ β”‚Under LoRA β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚Expert 4: β”‚ β”‚Expert 5: β”‚
β”‚Timestamp β”‚ β”‚Unchecked β”‚
β”‚Dependence β”‚ β”‚Calls β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
β”‚ β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
β”‚
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β–Ό β–Ό β–Ό
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Aggregate │──│ Stage 3: │──│ Severity β”‚
β”‚ Results β”‚ β”‚ Finalize β”‚ β”‚ (if vuln) β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
```
### Why This Works
1. **Each expert only solves a binary problem**: "Is this Reentrancy?" vs "Is this NOT Reentrancy?"
2. **No inter-type confusion**: Reentrancy expert never confuses with Access Control
3. **Router provides type hints**: Reduces the search space
4. **Small adapters (r=32)**: Total trainable params ~6 Γ— 50M = 300M vs current single adapter ~616M
5. **Can be trained in parallel**: 6 independent training jobs
### Training Strategy Per Expert
Each expert trains on:
- **Positive**: All contracts with that specific vulnerability type
- **Negative**: Safe contracts + contracts with OTHER vulnerability types (hard negatives)
- This teaches the expert: "What makes THIS type different from ALL others?"
### Reasoning Chains (from VulnLLM-R)
Each expert outputs reasoning before classification:
```
<analysis>
1. Identify external calls: `msg.sender.call{value: bal}("")`
2. Check state update timing: `balances[msg.sender] = 0` is AFTER the call
3. Follows checks-effects-interactions? No β€” external call before state update
</analysis>
<answer>
Vulnerable: Yes
Type: Reentrancy
Severity: Critical
</answer>
```
### Output Format Fix
Use XML-style tags instead of markdown β€” easier for the model to learn and parse deterministically.