LLM-powered Smart Wallet dApp for Fraud Detection

Following the insightful post by @Ben on AI and Blockchain teaching at Princeton, we are excited to present our project for COS/ECE 473, taught by Professor Pramod Viswanath. This project, developed by Sekinat Aliu, Brandon Ambetsa, Edoardo Contente, and Jane Nguyen, introduces the LLM-powered Smart Wallet dApp for Fraud Detection.

Topics: Dapp, Web3 AI Tools, Web3 Prediction, Fraud Detection
Github: GitHub - bambetsa/my-dapp

Abstract: Within the blockchains landscape, fraud and security risks are an increasingly substantial concern. A few of these many risks include phishing attacks, token sale, fake ICO, honeypot, and airdrop scams. Our project seeks to alleviate such concerns through querying an LLM for information about security risks in a given contract. By building a dApp with a streamlined user interface for acquiring information about potential security risks of a given contract, our app seeks to provide actionable insight into blockchain contract data that promotes the security of users’ wallets.


Overview and Background

In recent years, the rise of blockchain technology has led to increased smart contract utilization. While smart contracts offer automation, transparency, and efficiency, they also introduce security challenges. Malicious actors exploit vulnerabilities, leading to token sale scams, phishing scams, fake ICOs, airdrop scams, and honeypot scams. These scams often result in significant financial losses for investors. For example, the SetApprovalForAll function, a critical component in smart contracts and NFT transactions is susceptible to exploitation by malicious actors. In one instance, scammers leverage vulnerabilities in the function to perpetrate theft from unsuspecting users. For example, suppose a user interacts with a marketplace connected to their crypto wallet. In the event of a marketplace compromise or the presence of malicious software, scammers can exploit the SetApprovalForAll function to gain unauthorized access to the user’s cryptocurrency holdings. This scenario highlights the importance of robust security measures and user vigilance to mitigate the risks associated with smart contract functions like SetApprovalForAll.

To combat these threats, our project, the Ethereum Smart Contract Security Analyzer, leverages AI technology to provide actionable insights into security risks associated with complex blockchain contract data. The platform offers a streamlined user interface, prioritizing clarity and ease of use. Through targeted information acquisition and prompt engineering, we refine AI prompts to focus on relevant smart contract and transaction aspects, enhancing risk assessment accuracy.

User Guide

In order to utilize our dApp, use the following instructions:

  1. Git clone our directory

  2. In the project directory, open a terminal

  3. Make sure you have an OpenAI key: https://platform.openai.com/api-keys

  4. Make sure you have an Etherscan API key: https://etherscan.io/myapikey

  5. Create a .env file in the project directory with the following:

    REACT_APP_ETHERSCAN_API_KEY=`YOUR_ETHERSCAN_API_KEY`
    REACT_APP_OPENAI_API_KEY=`YOUR_OPENAI_API_KEY`
    
  6. Pip install the following packages:

    1. npm
    2. openai
     npm install --save openai
    
  7. Run the app:

    1. Build App for Production:npm run build

      This command builds the app for production, bundling React in production mode and optimizing the build for performance. Learn more at this link.

    2. Development Mode: npm start

      This command will run the app in development mode. The page can be reloaded when you make any changes, and you may see any lint errors on the console.

    3. Interactive Watch Mode: npm test

      This command launches the test runner in interactive watch mode. See the section about running tests at this link for more information.

  8. Open http://localhost:3000 to view it in your browser.

  9. Additional Notes:

    1. npm run eject

      If you aren’t satisfied with the build tool and configuration choices you can eject at any time. This command will remove the single build dependency from your project.

      Instead, it will copy all the configuration files and the transitive dependencies (webpack, Babel, ESLint, etc) right into your project so you have full control over them. All of the commands except eject will still work, but they will point to the copied scripts so you can tweak them. At this point you’re on your own.

      You don’t have to ever use eject. The curated feature set is suitable for small and middle deployments, and you shouldn’t feel obligated to use this feature. However we understand that this tool wouldn’t be useful if you couldn’t customize it when you are ready for it.

Learn More:

You can learn more in the Create React App documentation.

To learn React, check out the React documentation.

The following is a list of resources users may find helpful in using our tool.

Code Splitting: Code Splitting | Create React App

Analyzing the Bundle Size: Analyzing the Bundle Size | Create React App

Making a Progressive Web App: Making a Progressive Web App | Create React App

Advanced Configuration: Advanced Configuration | Create React App

Deployment: Deployment | Create React App

npm run build fails to minify: Troubleshooting | Create React App

Implementation

In this section, we dive into the specifics of our implementation approach. We broke implementation down into 4 steps:

  1. Obtain Transaction details through User Interface

This foundational aspect of our dApp empowers users to input contract details seamlessly. As the entry point for users to interface with their MetaMask accounts, it facilitates the input of contract addresses and leverages the React framework alongside Node.js, JavaScript, and CSS.

  1. Developed a user-friendly interface where users can input the contract addresses they want to analyze.

  2. Implemented error handling to guide users if they input invalid or incomplete information.

  3. Etherscan API Integration for Accessing Smart Contracts

In this phase, we establish a direct conduit to the Ethereum blockchain via the Etherscan API. This integration enables the real-time retrieval of data based on the provided address, including the contract code. This code serves as a cornerstone for analysis, unveiling executed functions and potential vulnerabilities within the contract structure.

  1. Integrated the Etherscan API to fetch smart contract details, source code, and other relevant information based on the contract address provided by the user.

  2. Utilized Etherscan’s endpoints to retrieve contract source code, bytecode, and other transaction details necessary for analysis.

  3. Handled API responses and errors gracefully, providing feedback to users if any issues occurred during data retrieval.

  4. OpenAI API Integration for Querying ChatGPT

At the heart of our application lies the intricate analysis conducted through the ChatGPT API, specifically leveraging ChatGPT 3.5 and 4. Our prompts are meticulously crafted not only to solicit qualitative insights but also to quantify risk, yielding a numeric risk rating. We task ChatGPT with evaluating both the contract code and transactional context, culminating in a comprehensive risk score that encapsulates the transaction’s security integrity. Additionally, we fine-tune parameters to ensure consistent results, such as tempering ChatGPT’s creativity to enhance analysis precision and feedback coherence.

  1. Integrated the OpenAI API to query the ChatGPT model for smart contract security analysis.

  2. Handled API responses from OpenAI, parsing the results and extracting relevant information for the user.

  3. Implement rate limiting and error handling to manage API usage and ensure smooth interaction with the ChatGPT model.

  4. Information Delivery (UI/UX Experience)

In this final phase, we emphasize presenting analysis outcomes seamlessly to users through a visually engaging user interface. Our UI design prioritizes clarity, intuitiveness, and accessibility, enabling users to interpret and utilize the insights provided easily. Results are displayed within the UI, offering visual and quantitative risk representations. A slider bar visually indicates the degree of risk, while qualitative analysis is presented in detailed subsections, highlighting specific sources of risk for comprehensive understanding and action.

  1. Designed a clear and intuitive user interface to present the analysis results and other relevant information to the user.
  2. Displayed the analysis results in a readable format, highlighting any security vulnerabilities or phishing risks detected.
  3. Provided both qualitative and quantitative feedback for greater depth.

Results

  1. Insightful AI-Assisted Tool: This tool effectively translates intricate blockchain contract data into actionable insights regarding security risks, enhancing users’ ability to identify and address potential vulnerabilities.
  2. Streamlined User Interface: The UI emphasizes clarity and ease of use, ensuring concise information delivery and a straightforward input interface. Users benefit from a seamless experience that enhances accessibility and comprehension.
  3. Targeted Information Acquisition with Prompt Engineering: Through meticulous refinement of language and structure in our AI prompts, we optimize the AI’s attention towards pertinent aspects of smart contracts and transactions. This targeted approach enhances the accuracy and relevance of the generated insights, empowering users with focused and actionable information.

Demo and Presentation

Video: ECE473 Final Screen Recording.mp4 - Google Drive
Presentation Slides: ECE473 Final Presentation - Google Slides

Future Directions

  1. Multi-Platform Integration: Our aim is to expand compatibility beyond MetaMask and Ethereum, integrating with various wallets and blockchain networks. This broader integration will enhance accessibility and usability for a wider user base.
  2. Alternative LLMs: We plan to evaluate and compare the efficacy of alternative Language Model Models (LLMs) in identifying security risks. This comparative analysis will inform enhancements to our tool’s analytical capabilities, ensuring optimal performance and accuracy.
  3. Advanced Fraud Detection: To further bolster security measures, we will implement contract filtering techniques for advanced fraud detection. Additionally, we plan to establish an open database for storing information on fraudulent contracts, facilitating proactive risk mitigation and community-driven security efforts.
9 Likes

Thanks for this post.

2 Likes

It looks cool, It looks cool, thanks for the information :+1:

2 Likes

I’ve been slowly studying this topic for several days now, it seems like I’ll never get to the end :slightly_smiling_face:

2 Likes

Worked on something similar recently would be down to help push this forward if you need feel free to reach out

Great practical application of AI that can deliver utility to users today rather than at some undeclared future point, really cool.