Hugging Face's logo

Spaces:
mistral-hackaton-2026
/
Mistral_SmartContract_Security
Runtime error

App Files Community
Mistral_SmartContract_Security / README.md
sammy786's picture
sammy786
Update Space config
40d2ea9 verified
preview code
|
raw
history blame contribute delete
3.14 kB

A newer version of the Gradio SDK is available: 6.12.0

Upgrade
metadata 
title: Smart Contract Security Analyzer
emoji: πŸ”
colorFrom: purple
colorTo: pink
sdk: gradio
sdk_version: 4.36.0
app_file: app.py
pinned: true
license: apache-2.0
python_version: 3.11
hf_oauth: true
tags:
  - mistral
  - security
  - smart-contract
  - solidity
  - vulnerability-detection
  - fine-tuned
  - hackathon

πŸ” Smart Contract Security Analyzer

Fine-tuned Mistral-7B for detecting security vulnerabilities in Solidity smart contracts with custom security tokens and structured output generation.

πŸ† Hackathon Submission Highlights

This model demonstrates new capabilities not possible without fine-tuning:

  1. 38 Custom Security Tokens - Novel vocabulary for precise vulnerability identification
  2. Structured XML-Style Reports - Machine-parseable security analysis
  3. 99.6% Accuracy - 28.6% improvement over base Mistral-7B
  4. Zero False Positives - 100% precision on balanced test set

πŸ“Š Performance Comparison

Metric Base Mistral-7B Fine-Tuned (Ours) Improvement
Accuracy 71.0% 99.6% +28.6%
Precision 64.2% 100.0% +35.8%
Recall 100.0% 99.3% -0.7%
F1 Score 0.782 0.996 +0.214
Custom Tokens 0/38 25/38 (66%) ✨ NEW
Structured Output ❌ βœ… ✨ NEW

🎯 Detected Vulnerabilities

  • Reentrancy Attacks - External calls before state updates
  • Integer Overflow/Underflow - Arithmetic without checks
  • Access Control Issues - Missing authorization modifiers
  • Unchecked External Calls - Ignored return values
  • Denial of Service - Unbounded loops and gas limit issues
  • Timestamp Dependence - Manipulable randomness

πŸš€ How to Use

  1. Paste your Solidity contract in the code editor
  2. Click "Analyze Contract" to detect vulnerabilities
  3. Review the structured report with severity, location, and fix recommendations
  4. Toggle "Show custom tokens" to see the model's internal representation

Try the sample contracts to see how the model identifies different vulnerability types!

πŸŽ“ Training Details

  • Dataset: 30,000 balanced smart contracts (50% vulnerable, 50% safe)
  • Method: QLoRA (4-bit quantization) fine-tuning
  • Base Model: Mistral-7B-Instruct-v0.3
  • Trainable Parameters: 41.9M (1.1% of total)
  • Training Time: ~5.5 hours on Google Colab G4 GPU

⚠️ Limitations

  • Trained on synthetic contracts - may not generalize to all real-world patterns
  • Static analysis only - cannot detect runtime or logic vulnerabilities
  • Limited to 6 common vulnerability types
  • Best used as a first-pass screening tool, not a replacement for professional audits

πŸ“œ License

Apache 2.0 - Free for commercial and research use

Built with ❀️ for the Mistral Hackathon 2026

Demonstrating that fine-tuning unlocks new capabilities: custom tokens + structured outputs = production-ready security analysis