In tests, the modified model showed a significant reduction in the susceptibility of the generated code to vulnerabilities, with a 30% reduction in vulnerabilities in Ethereum smart contracts. The researchers plan to refine their model further and explore its applicability across different technological domains. This research contributes a valuable methodology to the field and sets the stage for future studies aimed at enhancing security in code generation.
Key takeaways:
- Researchers from Norwegian University of Science and Technology, Nanjing, have developed a new approach to address vulnerabilities in auto-completed smart contract code, focusing primarily on Ethereum Blockchain smart contracts.
- Their methodology, called 'vulnerability-constrained decoding', uses a curated dataset of previously identified vulnerable code lines to fine-tune a large language model (LLM) to recognize and avoid these vulnerabilities during the auto-completion phase.
- The team's approach streamlined the model's fine-tuning process, completing it in just an hour without sacrificing efficacy, a significant improvement over traditional methods that could take a week.
- Tests involving Ethereum smart contracts showed a substantial reduction in vulnerabilities by 30% using the modified model, indicating the potential of this approach for enhancing security in code generation across different technological domains.