msc-smart-contract-auditing
/

deepseek-coder-6.7b-vulnerability-detection

PEFT

Safetensors

English

llama

Model card Files Files and versions Community

kristian-a commited on Aug 28

Commit

556144a

•

1 Parent(s): ae0e8ca

Update README.md

Browse files

Files changed (1) hide show

README.md +98 -60

README.md CHANGED Viewed

@@ -1,51 +1,58 @@
 ---
 library_name: peft
 base_model: deepseek-ai/deepseek-coder-6.7b-instruct
 ---
 # Model Card for Model ID
-<!-- Provide a quick summary of what the model is/does. -->
 ## Model Details
 ### Model Description
-<!-- Provide a longer summary of what this model is. -->
-- **Developed by:** [More Information Needed]
-- **Funded by [optional]:** [More Information Needed]
-- **Shared by [optional]:** [More Information Needed]
-- **Model type:** [More Information Needed]
-- **Language(s) (NLP):** [More Information Needed]
-- **License:** [More Information Needed]
-- **Finetuned from model [optional]:** [More Information Needed]
-### Model Sources [optional]
-<!-- Provide the basic links for the model. -->
-- **Repository:** [More Information Needed]
-- **Paper [optional]:** [More Information Needed]
-- **Demo [optional]:** [More Information Needed]
-## Uses
-<!-- Address questions around how the model is intended to be used, including the foreseeable users of the model and those affected by the model. -->
-### Direct Use
-<!-- This section is for the model use without fine-tuning or plugging into a larger ecosystem/app. -->
-[More Information Needed]
-### Downstream Use [optional]
-<!-- This section is for the model use when fine-tuned for a task, or when plugged into a larger ecosystem/app -->
 [More Information Needed]
@@ -53,75 +60,112 @@ base_model: deepseek-ai/deepseek-coder-6.7b-instruct
 <!-- This section addresses misuse, malicious use, and uses that the model will not work well for. -->
-[More Information Needed]
 ## Bias, Risks, and Limitations
-<!-- This section is meant to convey both technical and sociotechnical limitations. -->
-[More Information Needed]
 ### Recommendations
-<!-- This section is meant to convey recommendations with respect to the bias, risk, and technical limitations. -->
-Users (both direct and downstream) should be made aware of the risks, biases and limitations of the model. More information needed for further recommendations.
 ## How to Get Started with the Model
 Use the code below to get started with the model.
-[More Information Needed]
-## Training Details
-### Training Data
-<!-- This should link to a Dataset Card, perhaps with a short stub of information on what the training data is all about as well as documentation related to data pre-processing or additional filtering. -->
-[More Information Needed]
-### Training Procedure
-<!-- This relates heavily to the Technical Specifications. Content here should link to that section when it is relevant to the training procedure. -->
-#### Preprocessing [optional]
-[More Information Needed]
-#### Training Hyperparameters
-- **Training regime:** [More Information Needed] <!--fp32, fp16 mixed precision, bf16 mixed precision, bf16 non-mixed precision, fp16 non-mixed precision, fp8 mixed precision -->
-#### Speeds, Sizes, Times [optional]
-<!-- This section provides information about throughput, start/end time, checkpoint size if relevant, etc. -->
-[More Information Needed]
-## Evaluation
-<!-- This section describes the evaluation protocols and provides the results. -->
 ### Testing Data, Factors & Metrics
 #### Testing Data
-<!-- This should link to a Dataset Card if possible. -->
-[More Information Needed]
 #### Factors
-<!-- These are the things the evaluation is disaggregating by, e.g., subpopulations or domains. -->
 [More Information Needed]
 #### Metrics
-<!-- These are the evaluation metrics being used, ideally with a description of why. -->
 [More Information Needed]
 ### Results
@@ -132,12 +176,6 @@ Use the code below to get started with the model.
-## Model Examination [optional]
-<!-- Relevant interpretability work for the model goes here -->
-[More Information Needed]
 ## Environmental Impact
 <!-- Total emissions (in grams of CO2eq) and additional considerations, such as electricity usage, go here. Edit the suggested text below accordingly -->

 ---
 library_name: peft
 base_model: deepseek-ai/deepseek-coder-6.7b-instruct
+license: mit
+language:
+- en
 ---
 # Model Card for Model ID
+Fine-tuned version of `deepseek-coder-6.7b-instruct` aiming to improve vulnerability detection in solidity smart contracts and provide informative explanations on what the vulnerabilities are, and how to solve them.
 ## Model Details
 ### Model Description
+Given the following prompt below:
+```
+Below are one or more Solidity codeblocks. The codeblocks might contain vulnerable code.
+If there is a vulnerability please provide a description of the vulnearblity in terms of the code that is responsible for it.
+Describe how an attacker would be able to take advantage of the vulnerability so the explanation is even more clear.
+Output only the description of the vulnerability and the attacking vector. No additional information is needed.
+If there is no vulnerability output "There is no vulnearbility".
+Codeblocks:
+{}
+```
+When 1 or more codeblocks are provided to the model using this prompt, the model will output:
+1. Wether there is a vulnerability or not.
+2. What the vulnerability is.
+3. How an attacker would take advantage of the detected vulnerability.
+Afterwards, the above output can be chained to produce a solution - the context has the code, the vulnerability and the attacking vector so deducing a solution becomes a more straight-forward task.
+Additionally, the same fine-tuned model can be used for the solution recommendation as the fine-tuning is low-rank (LoRA) and a lot of the model ability is preserved.
+- **Developed by:** [Kristian Apostolov]
+- **Shared by:** [Kristian Apostolov]
+- **Model type:** [Decoder]
+- **Language(s) (NLP):** [English]
+- **License:** [MIT]
+- **Finetuned from model:** [deepseek-ai/deepseek-coder-6.7b-instruct]
+### Model Sources [optional]
+- **Repository:** [https://huggingface.co/msc-smart-contract-auditing/deepseek-coder-6.7b-vulnerability-detection]
+## Uses
+Provide code from a smart contract for a preliminary audit.
+### Direct Use
 [More Information Needed]
 <!-- This section addresses misuse, malicious use, and uses that the model will not work well for. -->
+Malicious entity could detect 0-day vulnerability and take advantage of it.
 ## Bias, Risks, and Limitations
+The training data could be improved. Audits sometimes describe vulnerabilities which are not necessarily contained in the code itself, but are a part of a larger context.
 ### Recommendations
+Users (both direct and downstream) should be made aware of the risks, biases and limitations of the model.
 ## How to Get Started with the Model
 Use the code below to get started with the model.
+```python
+model_name = 'msc-smart-contract-auditing/deepseek-coder-6.7b-vulnerability'
+tokenizer = AutoTokenizer.from_pretrained( # For some reason the tokenizer didn't safe properly
+    "deepseek-ai/deepseek-coder-6.7b-instruct",
+    trust_remote_code=True,
+    force_download=True,
+)
+prompt = \
+"""
+Below are one or more Solidity codeblocks. The codeblocks might contain vulnerable code.
+If there is a vulnerability please provide a description of the vulnearblity in terms of the code that is responsible for it.
+Describe how an attacker would be able to take advantage of the vulnerability so the explanation is even more clear.
+Output only the description of the vulnerability and the attacking vector. No additional information is needed.
+If there is no vulnerability output "There is no vulnearbility".
+Codeblocks:
+{}
+"""
+codeblocks = "Your code here"
+messages = [
+    { 'role': 'user', 'content': prompt.format(codeblocks) }
+]
+inputs = tokenizer.apply_chat_template(messages, add_generation_prompt=True, return_tensors="pt").to(model.device)
+outputs = model.generate(inputs, max_new_tokens=512, do_sample=True, top_k=25, top_p=0.95, num_return_sequences=1, eos_token_id=tokenizer.eos_token_id)
+description = tokenizer.decode(outputs[0][len(inputs[0]):], skip_special_tokens=True)
+print(description)
+```
+## Training Details
+### Training Data
+https://huggingface.co/datasets/msc-smart-contract-auditing/audits-with-reasons
+### Training Procedure
+lora_config = LoraConfig(
+    r=16,  # rank
+    lora_alpha=32,  # scaling factor
+    target_modules = ["q_proj", "k_proj", "v_proj", "o_proj", "gate_proj", "up_proj", "down_proj",],
+    lora_dropout=0.05,  # dropout rate for LoRA layers
+)
+model = get_peft_model(model, lora_config)
+from transformers import Trainer, TrainingArguments
+trainer = Trainer(
+    model=model,
+    args=TrainingArguments(
+        per_device_train_batch_size = 2,
+        gradient_accumulation_steps = 4,
+        warmup_steps = 5,
+        num_train_epochs = 1,
+        learning_rate = 2e-4,
+        fp16 = True,
+        logging_steps = 1,
+        optim = "adamw_8bit",
+        weight_decay = 0.01,
+        lr_scheduler_type = "linear",
+        seed = 3407,
+        output_dir = "outputs",
+    ),
+    train_dataset=train_prompts,
+    eval_dataset=test_prompts,
+)
+#### Training Hyperparameters
+- **Training regime:** fp16 mixed precision
+## Evaluation
 ### Testing Data, Factors & Metrics
 #### Testing Data
+https://huggingface.co/datasets/msc-smart-contract-auditing/audits-with-reasons
 #### Factors
 [More Information Needed]
 #### Metrics
 [More Information Needed]
 ### Results
 ## Environmental Impact
 <!-- Total emissions (in grams of CO2eq) and additional considerations, such as electricity usage, go here. Edit the suggested text below accordingly -->