Saved in:
Bibliographic Details
Main Authors: Wang, Lingxiang, Zhang, Hainan, Zhang, Qinnan, Wang, Ziwei, Zheng, Hongwei, Dong, Jin, Zheng, Zhiming
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2504.21043
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916723275333632
author Wang, Lingxiang
Zhang, Hainan
Zhang, Qinnan
Wang, Ziwei
Zheng, Hongwei
Dong, Jin
Zheng, Zhiming
author_facet Wang, Lingxiang
Zhang, Hainan
Zhang, Qinnan
Wang, Ziwei
Zheng, Hongwei
Dong, Jin
Zheng, Zhiming
contents Large language models (LLMs) excel at generating code from natural language instructions, yet they often lack an understanding of security vulnerabilities. This limitation makes it difficult for LLMs to avoid security risks in generated code, particularly in high-security programming tasks such as smart contract development for blockchain. Researchers have attempted to enhance the vulnerability awareness of these models by training them to differentiate between vulnerable and fixed code snippets. However, this approach relies heavily on manually labeled vulnerability data, which is only available for popular languages like Python and C++. For low-resource languages like Solidity, used in smart contracts, large-scale annotated datasets are scarce and difficult to obtain. To address this challenge, we introduce CodeBC, a code generation model specifically designed for generating secure smart contracts in blockchain. CodeBC employs a three-stage fine-tuning approach based on CodeLlama, distinguishing itself from previous methods by not relying on pairwise vulnerability location annotations. Instead, it leverages vulnerability and security tags to teach the model the differences between vulnerable and secure code. During the inference phase, the model leverages security tags to generate secure and robust code. Experimental results demonstrate that CodeBC outperforms baseline models in terms of BLEU, CodeBLEU, and compilation pass rates, while significantly reducing vulnerability rates. These findings validate the effectiveness and cost-efficiency of our three-stage fine-tuning strategy, making CodeBC a promising solution for generating secure smart contract code.
format Preprint
id arxiv_https___arxiv_org_abs_2504_21043
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle CodeBC: A More Secure Large Language Model for Smart Contract Code Generation in Blockchain
Wang, Lingxiang
Zhang, Hainan
Zhang, Qinnan
Wang, Ziwei
Zheng, Hongwei
Dong, Jin
Zheng, Zhiming
Cryptography and Security
Artificial Intelligence
Large language models (LLMs) excel at generating code from natural language instructions, yet they often lack an understanding of security vulnerabilities. This limitation makes it difficult for LLMs to avoid security risks in generated code, particularly in high-security programming tasks such as smart contract development for blockchain. Researchers have attempted to enhance the vulnerability awareness of these models by training them to differentiate between vulnerable and fixed code snippets. However, this approach relies heavily on manually labeled vulnerability data, which is only available for popular languages like Python and C++. For low-resource languages like Solidity, used in smart contracts, large-scale annotated datasets are scarce and difficult to obtain. To address this challenge, we introduce CodeBC, a code generation model specifically designed for generating secure smart contracts in blockchain. CodeBC employs a three-stage fine-tuning approach based on CodeLlama, distinguishing itself from previous methods by not relying on pairwise vulnerability location annotations. Instead, it leverages vulnerability and security tags to teach the model the differences between vulnerable and secure code. During the inference phase, the model leverages security tags to generate secure and robust code. Experimental results demonstrate that CodeBC outperforms baseline models in terms of BLEU, CodeBLEU, and compilation pass rates, while significantly reducing vulnerability rates. These findings validate the effectiveness and cost-efficiency of our three-stage fine-tuning strategy, making CodeBC a promising solution for generating secure smart contract code.
title CodeBC: A More Secure Large Language Model for Smart Contract Code Generation in Blockchain
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2504.21043