Peng Qian,Zhenguang Liu,Qinming He,Butian Huang,Duanzheng Tian,Xun Wang

DOI: https://doi.org/10.13328/j.cnki.jos.006375

2022-01-01

Journal of Software

Abstract: Smart contract, one of the most successful applications of blockchain, is taking the world by storm, playing an essential role in the blockchain ecosystem. However, frequent smart contract security incidents not only result in tremendous economic losses but also destroy the blockchain-based credit system. The security and reliability of smart contracts thus gain extensive attention from researchers worldwide. In this survey, we first summarize the common types and typical cases of smart contract vulnerabilities from three levels, i.e., Solidity code layer, EVM execution layer, and Block dependency layer. Further, we review the research progress of smart contract vulnerability detection and classify existing counterparts into five categories, i.e., formal verification, symbolic execution, fuzzing detection, intermediate representation, and deep learning. Empirically, we take 300 real-world smart contracts deployed on Ethereum as the test samples and compare the representative methods in terms of accuracy, F1-Score, and average detection time. Finally, we discuss the challenges in the field of smart contract vulnerability detection and combine with the deep learning technology to look forward to future research directions.

Peng Qian,Zhenguang Liu,Yifang Yin,Qinming He

DOI: https://doi.org/10.1145/3543507.3583367

2023-01-01

Abstract:Over the past couple of years, smart contracts have been plagued by multifarious vulnerabilities, which have led to catastrophic financial losses. Their security issues, therefore, have drawn intense attention. As countermeasures, a family of tools has been developed to identify vulnerabilities in smart contracts at the source-code level. Unfortunately, only a small fraction of smart contracts is currently open-sourced. Another spectrum of work is presented to deal with pure bytecode, but most such efforts still suffer from relatively low performance due to the inherent difficulty in restoring abundant semantics in the source code from the bytecode. This paper proposes a novel cross-modality mutual learning framework for enhancing smart contract vulnerability detection on bytecode. Specifically, we engage in two networks, a student network as the primary network and a teacher network as the auxiliary network. takes two modalities, i.e., source code and its corresponding bytecode as inputs, while is fed with only bytecode. By learning from , is trained to infer the missed source code embeddings and combine both modalities to approach precise vulnerability detection. To further facilitate mutual learning between and , we present a cross-modality mutual learning loss and two transfer losses. As a side contribution, we construct and release a labeled smart contract dataset that concerns four types of common vulnerabilities. Experimental results show that our method significantly surpasses state-of-the-art approaches.

Mengliang Li,Xiaoxue Ren,Han Fu,Zhuo Li,Jianling Sun

DOI: https://doi.org/10.1109/issre59848.2023.00025

2023-01-01

Abstract:Smart contracts are essential for executing computing logic on blockchain networks. However, they are also susceptible to various vulnerabilities. In recent years, the detection of smart contract vulnerabilities has become a significant concern due to the substantial losses caused by hacker attacks. Traditional vulnerability detection approaches rely on expert rules, which often suffer from limitations in accuracy and completeness. Deep learning-based methods offer better coverage of vulnerabilities but may overlook certain vulnerability characteristics and suffer from overfitting during training. In this paper, we propose a novel approach called ConvMHSA-SCVD, which combines knowledge-driven and data-driven algorithms together to detect smart contract vulnerabilities. By incorporating feature selection, data balancing, and a combination of multi-channel convolution and multi-head self-attention neural networks, our ConvMHSA-SCVD achieves effective vulnerability detection in smart contracts. Extensive experiments demonstrate that our approach outperforms the state-of-the-art method in accuracy and F1 score, with improvements ranging from 0.4% to 3.84% and 1.28% to 1.90%, respectively.

Weichu Deng,Huanchun Wei,Teng Huang,Cong Cao,Yun Peng,Xuan Hu

DOI: https://doi.org/10.3390/s23167246

IF: 3.9

2023-08-19

Sensors

Abstract:With the rapid development and widespread application of blockchain technology in recent years, smart contracts running on blockchains often face security vulnerability problems, resulting in significant economic losses. Unlike traditional programs, smart contracts cannot be modified once deployed, and vulnerabilities cannot be remedied. Therefore, the vulnerability detection of smart contracts has become a research focus. Most existing vulnerability detection methods are based on rules defined by experts, which are inefficient and have poor scalability. Although there have been studies using machine learning methods to extract contract features for vulnerability detection, the features considered are singular, and it is impossible to fully utilize smart contract information. In order to overcome the limitations of existing methods, this paper proposes a smart contract vulnerability detection method based on deep learning and multimodal decision fusion. This method also considers the code semantics and control structure information of smart contracts. It integrates the source code, operation code, and control-flow modes through the multimodal decision fusion method. The deep learning method extracts five features used to represent contracts and achieves high accuracy and recall rates. The experimental results show that the detection accuracy of our method for arithmetic vulnerability, re-entrant vulnerability, transaction order dependence, and Ethernet locking vulnerability can reach 91.6%, 90.9%, 94.8%, and 89.5%, respectively, and the detected AUC values can reach 0.834, 0.852, 0.886, and 0.825, respectively. This shows that our method has a good vulnerability detection effect. Furthermore, ablation experiments show that the multimodal decision fusion method contributes significantly to the fusion of different modalities.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Lejun Zhang,Jinlong Wang,Weizheng Wang,Zilong Jin,Yansen Su,Huiling Chen

DOI: https://doi.org/10.1016/j.comnet.2022.109289

IF: 5.493

2022-01-01

Computer Networks

Abstract:Blockchains have been booming in recent years. As a decentralized system architecture, smart contracts give blockchains a user-defined logic. A smart contract is an executable program that can automatically carry out transactions on the Ethereum blockchain. However, some security issues in smart contracts are difficult to fix, and smart contracts also lack quality assessment standards. Therefore, this study proposes a Multiple-Objective Detection Neural Network (MODNN), a more scalable smart contract vulnerability detection tool. MODNN can validate 12 types of vulnerabilities, including 10 recognized threats, and identify more unknown types without the need for specialist or predefined knowledge through implicit features and Multi-Objective detection (MOD) algorithms. It supports the parallel detection of multiple vulnerabilities and has high scalability, eliminating the need to train separate models for each type of vulnerability and reducing significant time and labor costs. This paper also developed a data processing tool called Smart Contract-Crawler (SCC) to address the lack of smart contract vulnerability datasets. MODNN was evaluated using more than 18,000 smart contracts from Ethereum. Experiments showed that MODNN could achieve an average F1 Score of 94.8%, the current highest compared to several standard machine learning (ML) classification models.

Jie Yu,Xiao Yu,Jiale Li,Haoxin Sun,Mengdi Sun

DOI: https://doi.org/10.1007/978-981-97-5588-2_29

2024-01-01

Abstract:The wide application of smart contracts advances the growth of blockchain technology. Still, the corresponding security issues also posed serious challenges to the stability of the blockchain contract layer. Many smart contract vulnerability detection methods are limited to a single modal representation, failing to capture the contracts' semantic and structural information completely. To address this issue, this paper suggests a novel approach that combines multi-modal feature fusion and deep learning to detect smart contract vulnerability, usingWord2Vec and Gated Graph Neural Network (GGNN) to extract word vectors and semantic graph features, Multilayer Perceptron (MLP) to extract expert rule features from source code of smart contracts. A multiple-encoder network combining the self-attention mechanism and multi-channel convolution is used to fuse the extracted features, learn feature representation, and train the model for vulnerability detection. In the experiments, the proposed method is tested against a dataset of 40,932 smart contract codes. Results show that for reentrancy and timestamp dependency vulnerabilities, the accuracy is 92.01% and 93.31%, respectively, and the corresponding F1-scores are 88.66% and 92.28%.

Jinggang Li,Gehao Lu,Yulian Gao,Feng Gao

DOI: https://doi.org/10.3390/math11234823

IF: 2.4

2023-11-30

Mathematics

Abstract:With the proliferation of blockchain technology in decentralized applications like decentralized finance and supply chain and identity management, smart contracts operating on a blockchain frequently encounter security issues such as reentrancy vulnerabilities, timestamp dependency vulnerabilities, tx.origin vulnerabilities, and integer overflow vulnerabilities. These security concerns pose a significant risk of causing substantial losses to user accounts. Consequently, the detection of vulnerabilities in smart contracts has become a prominent area of research. Existing research exhibits limitations, including low detection accuracy in traditional smart contract vulnerability detection approaches and the tendency of deep learning-based solutions to focus on a single type of vulnerability. To address these constraints, this paper introduces a smart contract vulnerability detection method founded on multimodal feature fusion. This method adopts a multimodal perspective to extract three modal features from the lifecycle of smart contracts, leveraging both static and dynamic features comprehensively. Through deep learning models like Graph Convolutional Networks (GCNs) and bidirectional Long Short-Term Memory networks (bi-LSTMs), effective detection of vulnerabilities in smart contracts is achieved. Experimental results demonstrate that the proposed method attains detection accuracies of 85.73% for reentrancy vulnerabilities, 85.41% for timestamp dependency vulnerabilities, 83.58% for tx.origin vulnerabilities, and 90.96% for integer Overflow vulnerabilities. Furthermore, ablation experiments confirm the efficacy of the newly introduced modal features, highlighting the significance of fusing dynamic and static features in enhancing detection accuracy.

mathematics

fan jiang,yuanlong cao,jianmao xiao,hui yi,gang lei,min liu,hao wang,shuiguang deng

DOI: https://doi.org/10.1007/978-3-031-20096-0_6

2022-01-01

Abstract:With the widespread use of smart contracts in various fields, the research on smart contract vulnerability detection has increased yearly. Most of the previous research work is based on symbol detection and comparison with expert-defined error patterns to analyze the possible vulnerabilities of smart contracts. The accuracy and performance of such methods are generally low. In response to this problem, this paper proposes an efficient smart contract vulnerability detection model VDDL (Vulnerability Detection Based on Deep Learning). VDDL uses a multi-layer bidirectional Transformer architecture as the model architecture, involving a multi-head attention mechanism and a masking mechanism. A multi-head attention mechanism is applied in the encoder-decoder layer. The masking mechanism randomly masks the input tokens and combined with the context to predict the masked tokens, a deep bidirectional representation for training is realized. Furthermore, VDDL incorporates CodeBERT, a large bimodal pre-trained model for natural and programming languages, to improve training performance. We collected 47,038 smart contracts as datasets for model training and testing. In the end, the accuracy of VDDL reached 92.35%, the recall reached 81.43%, and the F1-score reached 86.38%, which can efficiently detect possible loopholes in smart contracts.

Biagio Boi,Christian Esposito,Sokjoon Lee

DOI: https://doi.org/10.1145/3687251.3687253

2024-06-01

ACM SIGAPP Applied Computing Review

Abstract:Smart contracts are susceptible to various vulnerabilities that can lead to significant financial losses. The usage of tools for vulnerabilities is reducing the threats but presents some limitations related to the approach used by the tool itself. This paper presents a novel approach to smart contract vulnerability detection utilizing Large Language Models (LLMs), as a tool to detect all the vulnerabilities at once. Our proposed tool leverages the advanced natural language processing capabilities of LLMs to analyze smart contract code and identify potential security flaws. By training the LLM on a diverse dataset of known smart contract vulnerabilities and secure coding practices, we enhance its ability to recognize subtle and complex vulnerabilities that traditional static analysis tools might miss. The evaluation of our tool demonstrates its effectiveness in detecting a wide range of vulnerabilities with satisfaction and accuracy, providing developers with a robust mechanism to improve the security of their smart contracts before deployment. This approach signifies a significant advancement in the application of artificial intelligence for blockchain security, highlighting the potential of LLMs to enhance the reliability and safety of decentralized applications.

Dongcheng Li,W. Eric Wong,Xiaodan Wang,Sean Pan,Liang-Seng Koh

2024-10-01

Abstract:This paper introduces a method for detecting vulnerabilities in smart contracts using static analysis and a multi-objective optimization algorithm. We focus on four types of vulnerabilities: reentrancy, call stack overflow, integer overflow, and timestamp dependencies. Initially, smart contracts are compiled into an abstract syntax tree to analyze relationships between contracts and functions, including calls, inheritance, and data flow. These analyses are transformed into static evaluations and intermediate representations that reveal internal relations. Based on these representations, we examine contract's functions, variables, and data dependencies to detect the specified vulnerabilities. To enhance detection accuracy and coverage, we apply a multi-objective optimization algorithm to the static analysis process. This involves assigning initial numeric values to input data and monitoring changes in statement coverage and detection accuracy. Using coverage and accuracy as fitness values, we calculate Pareto front and crowding distance values to select the best individuals for the new parent population, iterating until optimization criteria are met. We validate our approach using an open-source dataset collected from Etherscan, containing 6,693 smart contracts. Experimental results show that our method outperforms state-of-the-art tools in terms of coverage, accuracy, efficiency, and effectiveness in detecting the targeted vulnerabilities.

Software Engineering

Li Duan,Wei Wang,Chunhong Liu,Liu Yang,Wei Ni

DOI: https://doi.org/10.1109/TNSM.2023.3278311

2023-12-01

IEEE Transactions on Network and Service Management

Abstract:Digital assets involved in smart contracts are on the rise. Security vulnerabilities in smart contracts have resulted in significant losses for the blockchain community. Existing smart contract vulnerability detection techniques have been typically single-purposed and focused only on the source code or opcode of contracts. This paper presents a new smart contract vulnerability detection method, which extracts features from different levels of smart contracts to train machine learning models for effective detection of vulnerabilities. Specifically, we propose to extract 2-gram features from the opcodes of smart contracts and token features from the source code using a pre-trained CodeBERT model, thereby capturing the semantic information of smart contracts at different levels. The 2-gram and token features are separately aggregated and then fused and input into machine-learning models to mine the vulnerability features of contracts. Over 10,266 smart contracts are used to verify the proposed method. Widespread reentrancy, timestamp dependence, and transaction-ordering dependence vulnerabilities are considered. Experiments show the fused features can help significantly improve smart contract vulnerability detection compared to the single-level features. The detection accuracy is as high as 98%, 98% and 94% for the three vulnerabilities, respectively. The average detection time is 0.99 second per contract, indicating the proposed method is suitable for automatic batch detection of vulnerabilities in smart contracts.

Computer Science

Meiying Wang,Zheyu Xie,Xuefan Wen,Jianmin Li,Kuanjiu Zhou

DOI: https://doi.org/10.3390/electronics12102327

IF: 2.9

2023-05-22

Electronics

Abstract:The wide application of Ethereum smart contracts in the Internet of Things, finance, medical, and other fields is associated with security challenges. Traditional detection methods detect vulnerabilities by stacking hard rules, which are associated with the bottleneck of a high false-positive rate and low detection efficiency. To make up for the shortcomings of traditional methods, existing deep learning methods improve model performance by combining multiple models, resulting in complex structures. From the perspective of optimizing the model feature space, this study proposes a vulnerability detection scheme for Ethereum smart contracts based on metric learning and a bidirectional long short-term memory (BiLSTM) network. First, the source code of the Ethereum contract is preprocessed, and the word vector representation is used to extract features. Secondly, the representation is combined with metric learning and the BiLSTM model to optimize the feature space and realize the cohesion of similar contracts and the discreteness of heterogeneous contracts, improving the detection accuracy. In addition, an attention mechanism is introduced to screen key vulnerability features to enhance detection observability. The proposed method was evaluated on a large-scale dataset containing four types of vulnerabilities: arithmetic vulnerabilities, re-entrancy vulnerabilities, unchecked calls, and inconsistent access controls. The results show that the proposed scheme exhibits excellent detection performance. The accuracy rates reached 88.31%, 93.25%, 91.85%, and 90.59%, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied

Thi-Thu-Huong Le,Jaehyun Kim,Sangmyeong Lee,Howon Kim

DOI: https://doi.org/10.1109/access.2024.3482389

IF: 3.9

2024-10-29

IEEE Access

Abstract:The rapid expansion of blockchain technology, particularly Ethereum, has driven widespread adoption of smart contracts. However, the security of these contracts remains a critical concern due to the increasing frequency and complexity of vulnerabilities. This paper presents a comprehensive approach to detecting vulnerabilities in Ethereum smart contracts using pre-trained Large Language Models (LLMs). We apply transformer-based LLMs, leveraging their ability to understand and analyze Solidity code to identify potential security flaws. Our methodology involves fine-tuning eight distinct pre-trained LLM models on curated datasets varying in types and distributions of vulnerabilities, including multi-class vulnerabilities. The datasets-SB Curate, Benmark Solidity Smart Contract, and ScrawID-were selected to ensure a thorough evaluation of model performance across different vulnerability types. We employed over-sampling techniques to address class imbalances, resulting in more reliable training outcomes. We extensively evaluate these models using precision, recall, accuracy, F1 score, and Receiver Operating Characteristics (ROC) curve metrics. Our results demonstrate that the transformer encoder architecture, with its multi-head attention and feed-forward mechanisms, effectively captures the nuances of smart contract vulnerabilities. The models show promising potential in enhancing the security and reliability of Ethereum smart contracts, offering a robust solution to challenges posed by software vulnerabilities in the blockchain ecosystem.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wei Wang,Jingjing Song,Guangquan Xu,Yidong Li,Hao Wang,Chunhua Su

DOI: https://doi.org/10.1109/tnse.2020.2968505

IF: 6.6

2021-04-01

IEEE Transactions on Network Science and Engineering

Abstract:Smart contracts are decentralized applications running on Blockchain. A very large number of smart contracts has been deployed on Ethereum. Meanwhile, security flaws of contracts have led to huge pecuniary losses and destroyed the ecological stability of contract layer on Blockchain. It is thus an emerging yet crucial issue to effectively and efficiently detect vulnerabilities in contracts. Existing detection methods like Oyente and Securify are mainly based on symbolic execution or analysis. These methods are very time-consuming, as the symbolic execution requires the exploration of all executable paths or the analysis of dependency graphs in a contract. In this work, we propose ContractWard to detect vulnerabilities in smart contracts with machine learning techniques. First, we extract bigram features from simplified operation codes of smart contracts. Second, we employ five machine learning algorithms and two sampling algorithms to build the models. ContractWard is evaluated with 49502 real-world smart contracts running on Ethereum. The experimental results demonstrate the effectiveness and efficiency of ContractWard. The predictive Micro-F1 and Macro-F1 of ContractWard are over 96% and the average detection time is 4 seconds on each smart contract when we use XGBoost for training the models and SMOTETomek for balancing the training sets.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Dawei Yuan,Xiaohui Wang,Yao Li,Tao Zhang

DOI: https://doi.org/10.1016/j.jss.2023.111699

IF: 3.5

2023-04-08

Journal of Systems and Software

Abstract:Smart contracts have been widely used in the blockchain world these years, and simultaneously vulnerability detection has gained more and more attention due to the staggering economic losses caused by the attacker. Existing tools that analyze vulnerabilities for smart contracts heavily rely on rules predefined by experts, which are labour-intense and require domain knowledge. Moreover, predefined rules tend to be misconceptions and increase the risk of crafty potential back-doors in the future. Recently, researchers mainly used static and dynamic execution analysis to detect the vulnerabilities of smart contracts and have achieved acceptable results. However, the dynamic method cannot cover all the program inputs and execution paths, which leads to some vulnerabilities that are hard to detect. The static analysis method commonly includes symbolic execution and theorem proving, which requires using constraints to detect vulnerability. These shortcomings show that traditional methods are challenging to apply and expand on a large scale. This paper aims to detect vulnerabilities via the Bug Injection framework and transfer learning techniques. First, we train a Transformer encoder using multi-modality code, which contains source code, intermediate representation, and assembly code. The input code consists separately of Solidity source code, intermediate representation, and assembly code. Specifically, we translate source code into the intermediate representation and decompile the byte code into assembly code by the EVM compiler. Then, we propose a novel entropy embedding technique, which combines token embedding, segment embedding, and positional embedding of the Transformer encoder in our approach. After that, we utilize the Bug Injection framework to automatically generate specific types of buggy code for fine-tuning and evaluating the performance of vulnerability detection. The experimental results show that our proposed approach improves the performance in detecting reentrancy vulnerabilities and timestamp dependence. Moreover, our approach is more flexible and scalable than static and dynamic analysis approaches in detecting smart contract vulnerabilities. Our approach improves the baseline approaches by an average of 11.89% in term of F1 score.

computer science, theory & methods, software engineering

Cipai Xing,Zhuorong Chen,Lexin Chen,Xiaojie Guo,Zibin Zheng,Jin Li

DOI: https://doi.org/10.1007/s11276-020-02379-z

IF: 2.701

2020-01-01

Wireless Networks

Abstract:The smart contracts deployed in Ethereum carry huge amounts of virtual coins. However, there are vulnerabilities in some of these smart contracts, which makes them vulnerable to malicious attacks. Due to the characteristics of blockchain, such vulnerable contracts are difficult to be revoked. In order to prevent vulnerable contracts, it is very important to detect the loopholes in these contracts before their deployment. In this paper, we focus on three vulnerabilities of smart contract: has_short_address, has_flows and is_greedy. For the three kinds of vulnerabilities, we propose slicing matrix, a new method to extract vulnerability feature, and construct three vulnerability detection models for comparison. The experimental results show that the detection accuracy based on neural network and slice matrix is better than that based on neural network and opcode features. In other words, slice matrix can improve the accuracy of vulnerable contract detection. Among our three detection models, the model based on random forest and opcode features performs best.

Xueyan Tang,Yuying Du,Alan Lai,Ze Zhang,Lingzhi Shi

DOI: https://doi.org/10.1038/s41598-023-47219-0

2023-11-16

Abstract:This paper aims to explore the application of deep learning in smart contract vulnerabilities detection. Smart contracts are an essential part of blockchain technology and are crucial for developing decentralized applications. However, smart contract vulnerabilities can cause financial losses and system crashes. Static analysis tools are frequently used to detect vulnerabilities in smart contracts, but they often result in false positives and false negatives because of their high reliance on predefined rules and lack of semantic analysis capabilities. Furthermore, these predefined rules quickly become obsolete and fail to adapt or generalize to new data. In contrast, deep learning methods do not require predefined detection rules and can learn the features of vulnerabilities during the training process. In this paper, we introduce a solution called Lightning Cat which is based on deep learning techniques. We train three deep learning models for detecting vulnerabilities in smart contract: Optimized-CodeBERT, Optimized-LSTM, and Optimized-CNN. Experimental results show that, in the Lightning Cat we propose, Optimized-CodeBERT model surpasses other methods, achieving an f1-score of 93.53%. To precisely extract vulnerability features, we acquire segments of vulnerable code functions to retain critical vulnerability features. Using the CodeBERT pre-training model for data preprocessing, we could capture the syntax and semantics of the code more accurately. To demonstrate the feasibility of our proposed solution, we evaluate its performance using the SolidiFI-benchmark dataset, which consists of 9369 vulnerable contracts injected with vulnerabilities from seven different types.

Zhehao Liang,Baojiang Cui,Dongbin Wang,Jie Xu,Huipeng Liu

DOI: https://doi.org/10.1007/978-3-031-64766-6_29

2024-01-01

Abstract:Smart contracts have experienced wide and rapid development across various fields due to their decentralization, immutability, and automation advantages. However, vulnerabilities in smart contract have also caused significant losses for contract users and developers. To enhance the accuracy of smart contract vulnerability detection, we combine machine learning pre-training model BERT with improved fuzz testing. We employ the AST tree algorithm to extract crucial information from contracts, converting them into data flow graphs. Then the pre-trained model BERT is utilized to filter contract vulnerabilities. After that fuzz testing is adopted to further classify contracts. Experimental results demonstrate the algorithm's outstanding performance in detecting reentrancy, tx.origin, and timestamp vulnerabilities, with a precision rate of 95.93%, a recall rate of 87.25%, and an F1 score of 91.01% in detecting reentrancy vulnerabilities specifically. Comparison with other vulnerability detection tools confirms the superiority of the proposed scheme.

Rohini G. Pise,Sonali Patil

DOI: https://doi.org/10.1007/s10207-024-00817-z

2024-02-29

International Journal of Information Security

Abstract:Smart contracts function like specialized computer programs on the blockchain. Many of these contracts are on Ethereum, but sometimes these contracts have problems with security. These problems caused big money losses and made the blockchain less stable. Smart contracts are self-executing with predefined rules and are at the core of many blockchain applications. However, they are susceptible to various vulnerabilities and security risks. Automated vulnerability detection helps identify and mitigate these issues efficiently. Smart Contracts (SC) have become really popular lately. People think they are the future for making deals on blockchains. Smart contracts are like automatic agreements. They work by themselves using special computer programs. They follow the rules of the deal and keep track of everything. The main idea with smart contracts is to get rid of the need for traditional trusted middlemen-like authorities or organizations. Instead, we use code that runs on a secure and unchangeable system. In this manuscript, pioneering automated vulnerability detection for smart contracts in blockchain using KEVM: Guardian ADRGAN (ADRGAN-SCB-KEVM) is proposed. Here, K framework's Ethereum virtual machine (KEVM) is a computation engine used in this research. From this KEVM, smart contracts data are provided to feature extraction phase. Feature extraction is done using Nested patch-based feature extraction. Then the extracted features are fed to attentive dual residual generative adversarial network (ADRGAN), identifying KEVM smart contracts vulnerabilities. Finally, by using ADRGAN, it is classified as Vulnerable and Non-Vulnerable in smart contracts. The proposed ADRGAN-SCB-KEVM method employed on Python and efficiency of proposed method evaluated with different metrics like Accuracy, Computation Time, Precision, Recall, F1 Score, Specificity, RoC are evaluated. The simulation outcomes prove that the proposed ADRGAN-SCB-KEVM technique attains 41.34%, 31.28%, and 36.38% higher Accuracy for Vulnerable; 32.44%, 38.45%, and 29.47% higher Accuracy for Non-Vulnerable while compared with the existing methods such as Utilizing fault injection to evaluate blockchain systems in the presence of faulty smart contracts (UFI-BS-ESVD), State-of-the-Art Blockchain-Enabled Smart Contract Applications in the University (SA-BESC-ESVD), enhancing Ethereum smart contracts static analysis by computing precise Control-Flow Graph of Ethereum bytecode (EESC-CPC-EBD), respectively.

computer science, information systems, theory & methods, software engineering

Xingrun Yan,Shuo Wang,Keke Gai

DOI: https://doi.org/10.1109/bigdatasecurityhpscids54978.2022.00015

2022-01-01

Abstract:Smart contracts are distributed, self-executing programs on blockchain network and they have the potential to impact many industries. A large number of developers are optimistic about the development prospects of smart contracts. However, due to different levels of familiarity of developers with technology, the existence of serious vulnerabilities in code can result in huge property losses. The serious consequences of reentrancy vulnerabilities have attracted widespread attention from researchers, and researchers have proposed many approaches to detect them. Many experiments show that these approaches can only effectively detect certain types of vulnerabilities. Similar vulnerabilities still exist in some smart contracts. In this paper, we propose a semantic analysis-based detection method for reentrancy vulnerabilities. The method utilizes machine learning techniques to efficiently detect the vulnerabilities of the given code. And then, our method provides semantic analysis-based effective correction feedback of the code. Compared with the existing vulnerability detection tools Slither and Mythril, our method improves the work efficiency. Moreover, compared with the current Mythril method with the best vulnerability detection accuracy, our method improves the accuracy by 1.01%.