The problem SSS: Secure Semantic Snap solves

Problem

Consider a malicious dApp which claims to do what its not doing in the smart contract. An unsuspecting user might just accept the signing request and get scammed. For example, the frontend of the dApp might say that by clicking this button and signing the request, you will get 5 tokens transferred to you, but instead, it might just do something unexpected in the contract code.

Observation

Whatever be the transaction, it needs to pass through wallet to get the transaction signed. Can we tweak the wallet in such a way that it can tell what the transaction is trying to do semantically?

Solution

We introduce SSS, a wallet extension that semantically analyzes the transaction byte data and gives a natural language prompt to the user about what the code is trying to do, not what the malicious dApp is claiming to do.

How we achieve it?

We decompile the contract code and detect which function the transaction is trying to run. Then we use GPT-3 to explain the code in natural language and provide that result before the user signs the transaction, so that they can make an informed choice.

Challenges we ran into

Decompiler was the hardest part to implement. There existed many decompilers already, but we had to do many changes to them. We finally used panoramix as it provided the most clean code. Since GPT-3's open-API was good enough for our use case, we had to write a selenium driver which used chat.openai.com to get the best results.