SolRAG: Detecção de Vulnerabilidades em Contratos Inteligentes Solidity com Geração Aumentada via Recuperação
Resumo
A detecção de vulnerabilidades em contratos inteligentes é essencial para a segurança de aplicações baseadas em blockchain. Ferramentas tradicionais de análise estática frequentemente produzem grande quantidade de falsos positivos, aumentando o custo da auditoria manual. Neste trabalho, nós propomos SolRAG, uma abordagem baseada em Retrieval-Augmented Generation (RAG) para análise de vulnerabilidades em contratos inteligentes escritos em Solidity. O método realiza análise orientada por vulnerabilidade e utiliza exemplos recuperados por similaridade semântica para compor o contexto do modelo. Experimentos em um benchmark com 4270 consultas mostram que a abordagem reduz a taxa de falsos positivos de 38,1% para 2,8% e aumenta a proporção de verdadeiros negativos de 58,1% para 93,9%. Além disso, o sistema identificou corretamente 37 contratos vulneráveis, em comparação com 32 do método de referência.
Referências
Bani-Hani, R. M., Shatnawi, A. S., and Al-Yahya, L. (2024). Vulnerability detection and classification of ethereum smart contracts using deep learning. Future Internet, 16(9):321.
Boi, B., Esposito, C., and Lee, S. (2024). Smart contract vulnerability detection: The role of large language model (llm). ACM SIGAPP applied computing review, 24(2):19–29.
David, I., Zhou, L., Qin, K., Song, D., Cavallaro, L., and Gervais, A. (2023). Do you still need a manual smart contract audit? arXiv preprint arXiv:2306.12338.
Gemma (2025). Gemma 3 technical report. Technical report, Google DeepMind.
He, Z., Li, Z., Yang, S., Ye, H., Qiao, A., Zhang, X., Luo, X., and Chen, T. (2024). Large language models for blockchain security: A systematic literature review. arXiv preprint arXiv:2403.14280.
Hewa, T., Ylianttila, M., and Liyanage, M. (2021). Survey on blockchain based smart contracts: Applications, opportunities and challenges. Journal of network and computer applications, 177:102857.
Hu, S., Huang, T., İlhan, F., Tekin, S. F., and Liu, L. (2023). Large language model-powered smart contract vulnerability detection: New perspectives. In 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), pages 297–306. IEEE.
Iuliano, G. and Di Nucci, D. (2026). Smart contract vulnerabilities, tools, and benchmarks: An updated systematic literature review. Journal of Systems and Software, page 112788.
Khan, S. N., Loukil, F., Ghedira-Guegan, C., Benkhelifa, E., and Bani-Hani, A. (2021). Blockchain smart contracts: Applications, challenges, and future trends. Peer-to-peer Networking and Applications, 14(5):2901–2925.
Kushwaha, S. S., Joshi, S., Singh, D., Kaur, M., and Lee, H.-N. (2022). Ethereum smart contract analysis tools: A systematic review. Ieee Access, 10:57037–57062.
Lewis, P., Perez, E., Piktus, A., Petroni, F., Karpukhin, V., Goyal, N., Küttler, H., Lewis, M., Yih, W.-t., Rocktäschel, T., et al. (2020). Retrieval-augmented generation for knowledge-intensive nlp tasks. Advances in neural information processing systems, 33:9459–9474.
Nam, D., Macvean, A., Hellendoorn, V., Vasilescu, B., and Myers, B. (2024). Using an llm to help with code understanding. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering, pages 1–13.
Nhu, N. D. Q., Van, T. H., Trung, D. M., Duy, P. T., et al. (2025). Rag-smartvuln: Enhancing smart contract vulnerability detection via retrieval-augmented llms. In 2025 International Conference on Multimedia Analysis and Pattern Recognition (MAPR), pages 1–6. IEEE.
Oliva, G. A., Hassan, A. E., and Jiang, Z. M. (2020). An exploratory study of smart contracts in the ethereum blockchain platform. Empirical Software Engineering, 25(3):1864–1904.
Qian, P., Liu, Z., He, Q., Huang, B., Tian, D., and Wang, X. (2022). Smart contract vulnerability detection technique: A survey. arXiv preprint arXiv:2209.05872.
Xiao, Z., Wang, Q., Pearce, H., and Chen, S. (2025). Logic meets magic: Llms cracking smart contract vulnerabilities. In 2025 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), pages 1–3. IEEE.
Yu, J. (2024). Retrieval augmented generation integrated large language models in smart contract vulnerability detection. arXiv preprint arXiv:2407.14838.
Boi, B., Esposito, C., and Lee, S. (2024). Smart contract vulnerability detection: The role of large language model (llm). ACM SIGAPP applied computing review, 24(2):19–29.
David, I., Zhou, L., Qin, K., Song, D., Cavallaro, L., and Gervais, A. (2023). Do you still need a manual smart contract audit? arXiv preprint arXiv:2306.12338.
Gemma (2025). Gemma 3 technical report. Technical report, Google DeepMind.
He, Z., Li, Z., Yang, S., Ye, H., Qiao, A., Zhang, X., Luo, X., and Chen, T. (2024). Large language models for blockchain security: A systematic literature review. arXiv preprint arXiv:2403.14280.
Hewa, T., Ylianttila, M., and Liyanage, M. (2021). Survey on blockchain based smart contracts: Applications, opportunities and challenges. Journal of network and computer applications, 177:102857.
Hu, S., Huang, T., İlhan, F., Tekin, S. F., and Liu, L. (2023). Large language model-powered smart contract vulnerability detection: New perspectives. In 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), pages 297–306. IEEE.
Iuliano, G. and Di Nucci, D. (2026). Smart contract vulnerabilities, tools, and benchmarks: An updated systematic literature review. Journal of Systems and Software, page 112788.
Khan, S. N., Loukil, F., Ghedira-Guegan, C., Benkhelifa, E., and Bani-Hani, A. (2021). Blockchain smart contracts: Applications, challenges, and future trends. Peer-to-peer Networking and Applications, 14(5):2901–2925.
Kushwaha, S. S., Joshi, S., Singh, D., Kaur, M., and Lee, H.-N. (2022). Ethereum smart contract analysis tools: A systematic review. Ieee Access, 10:57037–57062.
Lewis, P., Perez, E., Piktus, A., Petroni, F., Karpukhin, V., Goyal, N., Küttler, H., Lewis, M., Yih, W.-t., Rocktäschel, T., et al. (2020). Retrieval-augmented generation for knowledge-intensive nlp tasks. Advances in neural information processing systems, 33:9459–9474.
Nam, D., Macvean, A., Hellendoorn, V., Vasilescu, B., and Myers, B. (2024). Using an llm to help with code understanding. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering, pages 1–13.
Nhu, N. D. Q., Van, T. H., Trung, D. M., Duy, P. T., et al. (2025). Rag-smartvuln: Enhancing smart contract vulnerability detection via retrieval-augmented llms. In 2025 International Conference on Multimedia Analysis and Pattern Recognition (MAPR), pages 1–6. IEEE.
Oliva, G. A., Hassan, A. E., and Jiang, Z. M. (2020). An exploratory study of smart contracts in the ethereum blockchain platform. Empirical Software Engineering, 25(3):1864–1904.
Qian, P., Liu, Z., He, Q., Huang, B., Tian, D., and Wang, X. (2022). Smart contract vulnerability detection technique: A survey. arXiv preprint arXiv:2209.05872.
Xiao, Z., Wang, Q., Pearce, H., and Chen, S. (2025). Logic meets magic: Llms cracking smart contract vulnerabilities. In 2025 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), pages 1–3. IEEE.
Yu, J. (2024). Retrieval augmented generation integrated large language models in smart contract vulnerability detection. arXiv preprint arXiv:2407.14838.
Publicado
25/05/2026
Como Citar
CARVALHO, Luís H. S. de; CAMPOS, Josué N.; ZIBAEIRAD, Arastoo; VIEIRA, Marco; NACIF, José A. M..
SolRAG: Detecção de Vulnerabilidades em Contratos Inteligentes Solidity com Geração Aumentada via Recuperação. In: WORKSHOP EM BLOCKCHAIN: TEORIA, TECNOLOGIAS E APLICAÇÕES (WBLOCKCHAIN), 9. , 2026, Praia do Forte/BA.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2026
.
p. 140-153.
DOI: https://doi.org/10.5753/wblockchain.2026.23193.
