Zhenguang Liu,Peng Qian,Xiaoyang Wang,Yuan Zhuang,Lin Qiu,Xun Wang

DOI: https://doi.org/10.1109/tkde.2021.3095196

IF: 9.235

2021-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Smart contract vulnerability detection draws extensive attention in recent years due to the substantial losses caused by hacker attacks. Existing efforts for contract security analysis heavily rely on rigid rules defined by experts, which are labor-intensive and non-scalable. More importantly, expert-defined rules tend to be error-prone and suffer the inherent risk of being cheated by crafty attackers. Recent researches focus on the symbolic execution and formal analysis of smart contracts for vulnerability detection, yet to achieve a precise and scalable solution. Although several methods have been proposed to detect vulnerabilities in smart contracts, there is still a lack of effort that considers combining expert-defined security patterns with deep neural networks. In this paper, we explore using graph neural networks and expert knowledge for smart contract vulnerability detection. Specifically, we cast the rich control- and data- flow semantics of the source code into a contract graph. To highlight the critical nodes in the graph, we further design a node elimination phase to normalize the graph. Then, we propose a novel temporal message propagation network to extract the graph feature from the normalized graph, and combine the graph feature with designed expert patterns to yield a final detection system. Extensive experiments are conducted on all the smart contracts that have source code in Ethereum and VNT Chain platforms. Empirical results show significant accuracy improvements over the state-of-the-art methods on three types of vulnerabilities, where the detection accuracy of our method reaches 89.15, 89.02, and 83.21 percent for reentrancy, timestamp dependence, and infinite loop vulnerabilities, respectively.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Yuan Zhuang,Zhenguang Liu,Peng Qian,Qi Liu,Xiang Wang,Qinming He

DOI: https://doi.org/10.24963/ijcai.2020/454

2020-07-01

Abstract:The security problems of smart contracts have drawn extensive attention due to the enormous financial losses caused by vulnerabilities. Existing methods on smart contract vulnerability detection heavily rely on fixed expert rules, leading to low detection accuracy. In this paper, we explore using graph neural networks (GNNs) for smart contract vulnerability detection. Particularly, we construct a contract graph to represent both syntactic and semantic structures of a smart contract function. To highlight the major nodes, we design an elimination phase to normalize the graph. Then, we propose a degree-free graph convolutional neural network (DR-GCN) and a novel temporal message propagation network (TMP) to learn from the normalized graphs for vulnerability detection. Extensive experiments show that our proposed approach significantly outperforms state-of-the-art methods in detecting three different types of vulnerabilities.

Ziyue Wei,Weining Zheng,Xiaohong Su,Wenxin Tao,Tiantian Wang

DOI: https://doi.org/10.1007/978-3-031-44216-2_20

2023-01-01

Abstract:As blockchain technology advances, the security of smart contracts has become increasingly crucial. However, most of smart contract vulnerability detection tools available on the market currently rely on artificial-predefined vulnerability rules, which result in suboptimal generalization ability and detection accuracy. Deep learning-based methods usually treat smart contracts as token sequences, which limit the utilization of structural information and the integration of artificial rules. To mitigate these issues, we propose a novel smart contract vulnerability detection method. First, we propose an approach for constructing contract graph to capture vital structural information, such as control- and data- flow. Then, we employ a Wide & Deep learning model to integrate the structural feature, sequencial feature, and artificial rules for smart contract vulnerability detection. Extensive experiments show that the proposed method performs exceptionally well in detecting four different types of vulnerabilities. The results demonstrate that integrating structural information and artificial rules can significantly improve the effectiveness of smart contract vulnerability detection.

Jiale Li,Xiao Yu,Jie Yu,Haoxin Sun,Mengdi Sun

DOI: https://doi.org/10.1007/978-981-97-5588-2_27

2024-01-01

Abstract:Smart contracts can contain vulnerable program code, making their security a significant concern in the past few years. Traditional detection techniques rely on expert defined features and source code analysis, but both have scalability issues and high false alarm rates. This paper presents a method for the detection of vulnerabilities in smart contracts, employing a multi graph convolutional neural network and self-attention mechanism. The method models the key function information, flow of control, and flow of data information of the smart contract source code as a semantic graph to emphasize the relationship between the flow of data and the flow of control in program operation. It predicts learning edges between nodes in the graph using an edge prediction network and constructs a multi graph of the smart contract semantics. Additionally, it utilizes a self-attention mechanism to gather and extract features from many layers to achieve precise detection of smart contract vulnerabilities. Outcomes of an experiment demonstrate that the proposed vulnerability detection method has significant advantages in identifying reentrant vulnerabilities and timestamp dependency vulnerabilities, with accuracy rates of 92.5% and 92.67%.

Zixian Zhen,Xiangfu Zhao,Jinkai Zhang,Yichen Wang,Haiyue Chen

DOI: https://doi.org/10.1016/j.comnet.2024.110238

IF: 5.493

2024-04-01

Computer Networks

Abstract:A smart contract is an automated computer program based on blockchain technology. In recent years, the security incidents of smart contracts have caused serious economic losses. However, existing smart contract vulnerability detection methods rely on fixed expert rules, resulting in reduced detection accuracy and scalability. Therefore, addressing the issues of low accuracy in traditional smart contract vulnerability detection methods and the insufficient feature extraction in neural network-based approaches for smart contracts, this paper introduces an intelligent contract vulnerability identification method, Dual Attention Graph Neural Network (DA-GNN). Firstly, DA-GNN transforms the operation code sequence of nodes in the smart contract Control Flow Graph (CFG) into a feature matrix of semantic features and relationships between nodes based on the five types of instructions we propose. Secondly, our proposed dual attention mechanism introduces node semantic features and relationship features between nodes into the GAT to achieve node embedding updates. The updated graph node information is fused through self-attention mechanism to obtain the graph features. Then, the classification and prediction of vulnerabilities are achieved through the classification module. Finally, we evaluated our method on 17,670 real smart contracts. The experimental results show that the precision in detecting integer overflow vulnerabilities, self-destruct vulnerabilities, and transaction sequence dependency vulnerabilities reaches 72.17%, 67.03%, and 73.66%, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Jinfu Chen,Yemin Yin,Saihua Cai,Weijia Wang,Shengran Wang,Jiming Chen

DOI: https://doi.org/10.1016/j.scico.2024.103156

IF: 1.039

2024-01-01

Science of Computer Programming

Abstract:Software vulnerability detection is a challenging task in the security field, the boom of deep learning technology promotes the development of automatic vulnerability detection. Compared with sequence-based deep learning models, graph neural network (GNN) can learn the structural features of code, it performs well in the field of vulnerability detection for source code. However, different GNNs have different detection results for the same code, and using a single kind of GNN may lead to high false positive rate and false negative rate. In addition, the complex structure of source code causes single GNN model cannot effectively learn their depth feature, thereby leading to low detection accuracy. To solve these limitations, we propose a software vulnerability detection model called iGnnVD based on the integrated graph neural networks. In the proposed iGnnVD model, the base detectors including GCN, GAT and APPNP are first constructed to capture the bidirectional information in the code graph structure with bidirectional structure; And then, the residual connection is used to aggregate the features while retaining the features each time; Finally, the convolutional layer is used to perform the aggregated classification. In addition, an integration module that analyses the detection results of three detectors for final classification is designed using a voting strategy to solve the problem of high false positive rate and false negative rate caused by using a single kind of base detector. We perform extensive experiments on three datasets and experimental results show that the proposed iGnnVD model can improve the detection accuracy of vulnerabilities in source code as well as reduce the false positive rate and false negative rate compared with existing deep learning-based vulnerability detection models, it also has good stability.

Ruidong Chen,Yangyang Liu,Shiping Huang,Yuyan Sun,Guozheng Li,Qiwen Jiang

DOI: https://doi.org/10.1109/ICCBD-AI62252.2023.00022

2023-12-15

Abstract:The increasement of blockchain applications has brought about many security issues, with smart contract vulnerabilities causing significant financial losses. The majority of current smart contract vulnerability detection methods predominantly rely on static analysis of the source code and predefined expert rules. However, these approaches exhibit certain limitations, characterized by their restricted scalability and lower detection accuracy. Therefore in this paper, we use graph neural networks to perform smart contract vulnerability detection at the bytecode level, aiming to address the aforementioned issues. In particular, we propose a novel detection model. In order to acquire a comprehensive understanding of the dependencies among individual functions within a smart contract, we first construct a Program Dependency Graph(PDG) of functions, extract function-level features using graph neural networks, then augment function-level features using a self-attentive mechanism to learn the dependencies between functions, and finally aggregate function-level features for detecting the vulnerabilities. Our model possesses the capability to identify the subtle nuances in the interactions and interdependencies among different functions, consequently enhancing the precision of vulnerability detection. Experimental results show the performance of the method compared to existing smart contract vulnerability detection methods across multiple evaluation metrics.

Computer Science

Zhenguang Liu,Peng Qian,Xiang Wang,Lei Zhu,Qinming He,Shouling Ji

DOI: https://doi.org/10.48550/arXiv.2106.09282

2021-06-17

Abstract:Smart contracts hold digital coins worth billions of dollars, their security issues have drawn extensive attention in the past years. Towards smart contract vulnerability detection, conventional methods heavily rely on fixed expert rules, leading to low accuracy and poor scalability. Recent deep learning approaches alleviate this issue but fail to encode useful expert knowledge. In this paper, we explore combining deep learning with expert patterns in an explainable fashion. Specifically, we develop automatic tools to extract expert patterns from the source code. We then cast the code into a semantic graph to extract deep graph features. Thereafter, the global graph feature and local expert patterns are fused to cooperate and approach the final prediction, while yielding their interpretable weights. Experiments are conducted on all available smart contracts with source code in two platforms, Ethereum and VNT Chain. Empirically, our system significantly outperforms state-of-the-art methods. Our code is released.

Machine Learning,Programming Languages

Peng Qian,Zhenguang Liu,Yifang Yin,Qinming He

DOI: https://doi.org/10.1145/3543507.3583367

2023-01-01

Abstract:Over the past couple of years, smart contracts have been plagued by multifarious vulnerabilities, which have led to catastrophic financial losses. Their security issues, therefore, have drawn intense attention. As countermeasures, a family of tools has been developed to identify vulnerabilities in smart contracts at the source-code level. Unfortunately, only a small fraction of smart contracts is currently open-sourced. Another spectrum of work is presented to deal with pure bytecode, but most such efforts still suffer from relatively low performance due to the inherent difficulty in restoring abundant semantics in the source code from the bytecode. This paper proposes a novel cross-modality mutual learning framework for enhancing smart contract vulnerability detection on bytecode. Specifically, we engage in two networks, a student network as the primary network and a teacher network as the auxiliary network. takes two modalities, i.e., source code and its corresponding bytecode as inputs, while is fed with only bytecode. By learning from , is trained to infer the missed source code embeddings and combine both modalities to approach precise vulnerability detection. To further facilitate mutual learning between and , we present a cross-modality mutual learning loss and two transfer losses. As a side contribution, we construct and release a labeled smart contract dataset that concerns four types of common vulnerabilities. Experimental results show that our method significantly surpasses state-of-the-art approaches.

Zhifeng Wang,Wanxuan Wu,Chunyan Zeng,Jialong Yao,Yang Yang,Hongmin Xu

2023-03-08

Abstract:With the development of blockchain technology, more and more attention has been paid to the intersection of blockchain and education, and various educational evaluation systems and E-learning systems are developed based on blockchain technology. Among them, Ethereum smart contract is favored by developers for its ``event-triggered" mechanism for building education intelligent trading systems and intelligent learning platforms. However, due to the immutability of blockchain, published smart contracts cannot be modified, so problematic contracts cannot be fixed by modifying the code in the educational blockchain. In recent years, security incidents due to smart contract vulnerabilities have caused huge property losses, so the detection of smart contract vulnerabilities in educational blockchain has become a great challenge. To solve this problem, this paper proposes a graph neural network (GNN) based vulnerability detection for smart contracts in educational blockchains. Firstly, the bytecodes are decompiled to get the opcode. Secondly, the basic blocks are divided, and the edges between the basic blocks according to the opcode execution logic are added. Then, the control flow graphs (CFG) are built. Finally, we designed a GNN-based model for vulnerability detection. The experimental results show that the proposed method is effective for the vulnerability detection of smart contracts. Compared with the traditional approaches, it can get good results with fewer layers of the GCN model, which shows that the contract bytecode and GCN model are efficient in vulnerability detection.

Cryptography and Security,Machine Learning

Yujian Zhang,Daifu Liu

DOI: https://doi.org/10.3390/fi14110326

2022-11-12

Future Internet

Abstract:With the blooming of blockchain-based smart contracts in decentralized applications, the security problem of smart contracts has become a critical issue, as vulnerable contracts have resulted in severe financial losses. Existing research works have explored vulnerability detection methods based on fuzzing, symbolic execution, formal verification, and static analysis. In this paper, we propose two static analysis approaches called ASGVulDetector and BASGVulDetector for detecting vulnerabilities in Ethereum smart contacts from source-code and bytecode perspectives, respectively. First, we design a novel intermediate representation called abstract semantic graph (ASG) to capture both syntactic and semantic features from the program. ASG is based on syntax information but enriched by code structures, such as control flow and data flow. Then, we apply two different training models, i.e., graph neural network (GNN) and graph matching network (GMN), to learn the embedding of ASG and measure the similarity of the contract pairs. In this way, vulnerable smart contracts can be identified by calculating the similarity to labeled ones. We conduct extensive experiments to evaluate the superiority of our approaches to state-of-the-art competitors. Specifically, ASGVulDetector improves the best of three source-code-only static analysis tools (i.e., SmartCheck, Slither, and DR-GCN) regarding the F1 score by 12.6% on average, while BASGVulDetector improves that of the three detection tools supporting bytecode (i.e., ContractFuzzer, Oyente, and Securify) regarding the F1 score by 25.6% on average. We also investigate the effectiveness and advantages of the GMN model for detecting vulnerabilities in smart contracts.

Cipai Xing,Zhuorong Chen,Lexin Chen,Xiaojie Guo,Zibin Zheng,Jin Li

DOI: https://doi.org/10.1007/s11276-020-02379-z

IF: 2.701

2020-01-01

Wireless Networks

Abstract:The smart contracts deployed in Ethereum carry huge amounts of virtual coins. However, there are vulnerabilities in some of these smart contracts, which makes them vulnerable to malicious attacks. Due to the characteristics of blockchain, such vulnerable contracts are difficult to be revoked. In order to prevent vulnerable contracts, it is very important to detect the loopholes in these contracts before their deployment. In this paper, we focus on three vulnerabilities of smart contract: has_short_address, has_flows and is_greedy. For the three kinds of vulnerabilities, we propose slicing matrix, a new method to extract vulnerability feature, and construct three vulnerability detection models for comparison. The experimental results show that the detection accuracy based on neural network and slice matrix is better than that based on neural network and opcode features. In other words, slice matrix can improve the accuracy of vulnerable contract detection. Among our three detection models, the model based on random forest and opcode features performs best.

Jie Yu,Xiao Yu,Jiale Li,Haoxin Sun,Mengdi Sun

DOI: https://doi.org/10.1007/978-981-97-5588-2_29

2024-01-01

Abstract:The wide application of smart contracts advances the growth of blockchain technology. Still, the corresponding security issues also posed serious challenges to the stability of the blockchain contract layer. Many smart contract vulnerability detection methods are limited to a single modal representation, failing to capture the contracts' semantic and structural information completely. To address this issue, this paper suggests a novel approach that combines multi-modal feature fusion and deep learning to detect smart contract vulnerability, usingWord2Vec and Gated Graph Neural Network (GGNN) to extract word vectors and semantic graph features, Multilayer Perceptron (MLP) to extract expert rule features from source code of smart contracts. A multiple-encoder network combining the self-attention mechanism and multi-channel convolution is used to fuse the extracted features, learn feature representation, and train the model for vulnerability detection. In the experiments, the proposed method is tested against a dataset of 40,932 smart contract codes. Results show that for reentrancy and timestamp dependency vulnerabilities, the accuracy is 92.01% and 93.31%, respectively, and the corresponding F1-scores are 88.66% and 92.28%.

Chi Jiang,Yupeng Chen,Manhua Shi,Yin Zhang

DOI: https://doi.org/10.1007/978-3-031-47637-2_5

2023-01-01

Abstract:Due to the significant losses caused by vulnerabilities, the security of smart contracts has attracted widespread attention and research. Existing methods for detecting smart contract vulnerabilities can be classified into traditional detection methods and machine learning-based detection methods. Traditional detection methods rely on fixed expert rules, which result in low robustness and inability to identify complex vulnerability patterns. Machine learning-based detection methods have shown better performance than traditional detection methods. However, some mainstream methods have not fully explored the relationship between contract types and vulnerabilities. In this paper, we attempt to construct typical contract graphs using clustering methods to further extract the type features of smart contracts. We concatenate the type features with the overall semantic syntax features of smart contracts, achieving data enhancement of smart contract features. We evaluate our method on an Ethereum smart contract dataset, and our method achieves an accuracy of 89.28% and a recall rate of 89.08% for detecting reentrancy and timestamp vulnerabilities.

Jingjie Xu,Ting Wang,Mingqi Lv,Tieming Chen,Tiantian Zhu,Baiyang Ji

DOI: https://doi.org/10.1186/s42400-024-00245-5

2024-10-13

Abstract:Smart contracts have significant losses due to various types of vulnerabilities. However, traditional vulnerability detection methods rely extensively on expert rules, resulting in low detection accuracy and poor adaptability to novel attacks. To address these problems, in this paper, deep learning methods are combined with smart contract vulnerability code detection approaches. syntax trees (ASTs), which are special isomorphic graph structures, are an important bridge between source code and graph neural networks. By learning the AST, the model can understand the semantics of the source code. Moreover, graph neural networks have an increasing ability to address complex heterogeneous graphs. Therefore, control flow graphs are fused with data flow graphs on the basis of the ASTs to build heterogeneous graphs with richer code semantics. Furthermore, multigranularity analysis of the vulnerability detection results is performed, including coarse-grained contract-level vulnerability detection and fine-grained line-level vulnerability detection. Through this multigranularity detection approach, vulnerabilities in contracts can be identified and analysed more comprehensively, providing a richer perspective and more solutions for vulnerability detection. The experimental results show that the proposed multigranularity vulnerability detection method based on heterogeneous graphs (MVD-HG) improves both the accuracy and range of the detected vulnerability types in contract-level vulnerability detection tasks; moreover, in the line-level vulnerability detection task, the MVD-HG model achieves significant results and addresses the shortcomings of existing methods. In addition, based on code generation methods used in related fields, a data enhancement method based on the source code is developed, which effectively expands the experimental dataset to address the reduced credibility of the results due to insufficient amounts of data.

Yizhou Chen

2024-07-07

Abstract:Smart Contract Vulnerability Detection (SCVD) is crucial to guarantee the quality of blockchain-based systems. Graph neural networks have been shown to be effective in learning semantic representations of smart contract code and are commonly adopted by existing deep learning-based SCVD. However, the current methods still have limitations in their utilization of graph sampling or subgraph pooling based on predefined rules for extracting crucial components from structure graphs of smart contract code. These predefined rule-based strategies, typically designed using static rules or heuristics, demonstrate limited adaptability to dynamically adjust extraction strategies according to the structure and content of the graph in heterogeneous topologies of smart contract code. Consequently, these strategies may not possess universal applicability to all smart contracts, potentially leading to false positives or omissions. To address these problems, we propose AFPNet, a novel vulnerability detection model equipped with a feature perception module that has dynamic weights for comprehensive scanning of the entire smart contract code and automatic extraction of crucial code snippets (the $P$ snippets with the largest weights). Subsequently, the relationship perception attention module employs an attention mechanism to learn dependencies among these code snippets and detect smart contract vulnerabilities. The efforts made by AFPNet consistently enable the capture of crucial code snippets and enhance the performance of SCVD optimization. We conduct an evaluation of AFPNet in the several large-scale datasets with vulnerability labels. The experimental results show that our AFPNet significantly outperforms the state-of-the-art approach by 6.38\%-14.02\% in term of F1-score. The results demonstrate the effectiveness of AFPNet in dynamically extracting valuable information and vulnerability detection.

Cryptography and Security,Software Engineering

Feng Luo,Ruijie Luo,Ting Chen,Ao Qiao,Zheyuan He,Shuwei Song,Yu Jiang,Sixing Li

DOI: https://doi.org/10.1145/3597503.3639213

2023-01-01

Abstract:Due to the rapid development of blockchain, security issues caused by smart contract vulnerabilities are receiving increasingly widespread attention. Unfortunately, traditional smart contract vulnerability detection methods rely heavily on expert knowledge and elaborate rules, while neural network-based vulnerability detection methods have not yet achieved satisfactory accuracy either. In this paper, we propose a novel vulnerability detection method for smart contracts called VULDET. We first construct a contract graph based on the structure of the smart contract source code and combine security domain knowledge to attach additional features to nodes in the graph that are closely associated with vulnerabilities to highlight key nodes, and finally use graph attention networks for contract vulnerability detection. We apply VULDET to reentrancy vulnerability as well as timestamp dependency vulnerability detection and conduct extensive experiments, and the results show that our approach has significant advantages over existing methods.

Jianxin Cheng,Yizhou Chen,Yongzhi Cao,Hanpin Wang

DOI: https://doi.org/10.1016/j.jss.2024.112118

IF: 3.5

2024-06-03

Journal of Systems and Software

Abstract:Vulnerability detection in smart contracts is critical to secure blockchain systems. Existing methods represent the bytecode as a graph structure and leverage graph neural networks to learn graph features for vulnerability detection. However, these methods are limited to handling the long-range dependencies between nodes. This means that they might focus on learning local node feature while ignoring global node information. In this paper, we propose a novel vulnerability detection framework with E nhanced G raph F eature L earning (EGFL), which aims to extract the global node information and utilize it to improve vulnerability detection in smart contracts. Specifically, we first represent the bytecode as a Control Flow Graph (CFG). To extract global node information, EGFL constructs a linear node feature matrix from CFG, and uses the feature-aware and relationship-aware modules to handle long-range dependencies between nodes. Meanwhile, a graph neural network is adopted to extract the local node feature from CFG. Subsequently, we fuse the global node information and local node feature to generate an enhanced graph feature for capturing more vulnerability features. We evaluate EGFL on the benchmark dataset with six types of smart contract vulnerabilities. Results show that EGFL outperforms fourteen state-of-the-art vulnerability detection methods by 10.83%–60.28% in F1 score.

computer science, theory & methods, software engineering

Daojun Han,Qiuyue Li,Lei Zhang,Tao Xu

DOI: https://doi.org/10.1155/2023/9212269

2023-02-05

Wireless Communications and Mobile Computing

Abstract:As a trusted decentralized application, smart contracts manage a large number of digital assets on the blockchain. Vulnerability detection of smart contracts is an important part of ensuring the security of digital assets. At present, many researchers extract features of smart contract source code for vulnerability detection based on deep learning methods. However, the current research mainly focuses on the single representation form of the source code, which cannot fully obtain the rich semantic and structural information contained in the source code, so it is not conducive to the detection of various and complex smart contract vulnerabilities. Aiming at this problem, this paper proposes a vulnerability detection model based on the fusion of syntax and semantic features. The syntactic and semantic representation of the source code is obtained from the abstract syntax tree and control flow graph of the smart contract through TextCNN and Graph Neural Network. The syntactic and semantic features are fused, and the fused features are used to detect vulnerabilities. Experiments show that the detection accuracy and recall rate of this model have been improved on the detection tasks of five types of vulnerabilities, with an average precision of 96% and a recall rate of 90%, which can effectively identify smart contract vulnerabilities.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jianjun Huang,Songming Han,Wei You,Wenchang Shi,Bin Liang,Jingzheng Wu,Yanjun Wu

DOI: https://doi.org/10.1109/TIFS.2021.3050051

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Smart contract vulnerabilities have attracted lots of concerns due to the resultant financial losses. Matching-based detection methods extrapolating known vulnerabilities to unknown have proven to be effective in other platforms. However, directly adopting the technique to smart contracts is obstructed by two issues, i.e., diversity of bytecode generation resulting from the rapid evolution of compilers and interference of noise code easily caused by the homogeneous business logics. To address the problems, we propose contract bytecode-oriented normalization and slicing techniques to augment bytecode matching. Specifically, we conduct data- and instruction-level normalizations to uniform the bytecode generated by different compilers, and enforce contract-specific slicing by tracking data- and control-flows with simulated bytecode executions to prune the noise code as far as possible. Based on the above techniques, we design an unsupervised graph embedding algorithm to encode the code graphs into quantitatively comparable vectors. The potentially vulnerable smart contracts can be identified by measuring the similarities between their vectors and known vulnerable ones. Our evaluations have shown the efficiency (0.47 seconds per contract on average), effectiveness (160 verified true positives) and high precision (91.95% for top-ranked). It is worth noting that, we also identify dozens of honeypot contracts, further demonstrating the capability of our method.