SCALM (Smart Contract Audit Language Model)

由两部分组成：

• 首先，它在大型数据集上执行静态分析，以识别并提取包含潜在不良做法的代码块。这些随后被向量化，并存储在一个向量数据库中，作为一个可搜索的知识库。
• 其次，SCALM 利用 RAG 和 Step-Back Prompting 从代码中抽象出高级概念和原则，从而能够检测到不良实践。该框架最终生成详细的审计报告安全问题，评估风险，并提供补救建议。

SWC

To address this issue, EIP-1470 (Wagner 2018) proposes the Smart Contract Weakness Classification (SWC), a tool designed to help developers identify and prevent smart contract weaknesses. SWC concerns weaknesses that can be identified within a smart contract’s Solidity code. It is designed to reference the structure and terminology of the Common Weakness Enumeration (CWE) but adds several weakness classifications specific to smart contracts. These classifications include but are not limited to, reentry attacks, arithmetic overflow, Assert Violation, etc. All work on SWC has been incorporated into the EEA EthTrust Security Level Specification, a specification proposed by the Enterprise Ethereum Alliance (EEA) to provide a reliable methodology for assessing the security of smart
contracts. This specification defines a series of security levels to measure the security and trustworthiness of smart contracts.