Peng Qian,Zhenguang Liu,Qinming He,Butian Huang,Duanzheng Tian,Xun Wang

DOI: https://doi.org/10.13328/j.cnki.jos.006375

2022-01-01

Journal of Software

Abstract: Smart contract, one of the most successful applications of blockchain, is taking the world by storm, playing an essential role in the blockchain ecosystem. However, frequent smart contract security incidents not only result in tremendous economic losses but also destroy the blockchain-based credit system. The security and reliability of smart contracts thus gain extensive attention from researchers worldwide. In this survey, we first summarize the common types and typical cases of smart contract vulnerabilities from three levels, i.e., Solidity code layer, EVM execution layer, and Block dependency layer. Further, we review the research progress of smart contract vulnerability detection and classify existing counterparts into five categories, i.e., formal verification, symbolic execution, fuzzing detection, intermediate representation, and deep learning. Empirically, we take 300 real-world smart contracts deployed on Ethereum as the test samples and compare the representative methods in terms of accuracy, F1-Score, and average detection time. Finally, we discuss the challenges in the field of smart contract vulnerability detection and combine with the deep learning technology to look forward to future research directions.

Dabao Wang,Hang Feng,Siwei Wu,Yajin Zhou,Lei Wu,Xingliang Yuan

DOI: https://doi.org/10.1145/3545948.3545963

2022-01-01

Abstract:The prosperity of decentralized finance motivates many investors to profit via trading their crypto assets on decentralized applications (DApps for short) of the Ethereum ecosystem. Apart from Ether (the native cryptocurrency of Ethereum), many ERC20 (a widely used token standard on Ethereum) tokens obtain vast market value in the ecosystem. Specifically, the approval mechanism is used to delegate the privilege of spending users’ tokens to DApps. By doing so, the DApps can transfer these tokens to arbitrary receivers on behalf of the users. To increase the usability, unlimited approval is commonly adopted by DApps to reduce the required interaction between them and their users. However, as shown in existing security incidents, this mechanism can be abused to steal users’ tokens. In this paper, we present the first systematic study to quantify the risk of unlimited approval of ERC20 tokens on Ethereum. Specifically, by evaluating existing transactions up to 31st July 2021, we find that unlimited approval is prevalent (60%, 15.2M/25.4M) in the ecosystem, and 22% of users have a high risk of their approved tokens for stealing. After that, we investigate the security issues that are involved in interacting with the UIs of 22 representative DApps and 9 famous wallets to prepare the approval transactions. The result reveals the worrisome fact that all DApps request unlimited approval from the front-end users and only 10% (3/31) of UIs provide explanatory information for the approval mechanism. Meanwhile, only 16% (5/31) of UIs allow users to modify their approval amounts. Finally, we take a further step to characterize the user behavior into five modes and formalize the good practice, i.e., on-demand approval and timely spending, towards securely spending approved tokens. However, the evaluation result suggests that only 0.2% of users follow the good practice to mitigate the risk. Our study sheds light on the risk of unlimited approval and provides suggestions to secure the approval mechanism of the ERC20 tokens on Ethereum.

Peng Qian,Zhenguang Liu,Qinming He,Roger Zimmermann,Xun Wang

DOI: https://doi.org/10.1109/access.2020.2969429

IF: 3.9

2020-01-01

IEEE Access

Abstract:In the last decade, smart contract security issues lead to tremendous losses, which has attracted increasing public attention both in industry and in academia. Researchers have embarked on efforts with logic rules, symbolic analysis, and formal analysis to achieve encouraging results in smart contract vulnerability detection tasks. However, the existing detection tools are far from satisfactory. In this paper, we attempt to utilize the deep learning-based approach, namely bidirectional long-short term memory with attention mechanism (BLSTM-ATT), aiming to precisely detect reentrancy bugs. Furthermore, we propose contract snippet representations for smart contracts, which contributes to capturing essential semantic information and control flow dependencies. Our extensive experimental studies on over 42,000 real-world smart contracts show that our proposed model and contract snippet representations significantly outperform state-of-the-art methods. In addition, this work proves that it is practical to apply deep learning-based technology on smart contract vulnerability detection, which is able to promote future research towards this area.

Renjie Ji,Wansen Wang,Yan Xiong,Wenchao Huang

DOI: https://doi.org/10.1109/bigcom61073.2023.00020

2023-01-01

Abstract:The popularity of smart contracts on Ethereum blockchain has completely changed the way people perceive decentralized applications. With the expansion of smart contracts in areas such as DeFi and NFTs, more and more fraudulent contracts are emerging, causing users to suffer huge losses. In most cases, malicious users create their own fraudulent projects and lure other users to participate. One significant security threat in maliciously developed smart contracts is permission backdoor, which enable bad actors to manipulate other users’ funds as super administrators.In this paper, we propose and implement SolScope, an automated analyzer for effectively hunting potential permission backdoor threats in smart contracts. SolScope adopts an iterative algorithm that integrates symbolic execution and value summary. We evaluate SolScope on a vulnerability dataset of 524 manually verified smart contracts. SolScope is capable of not only accurately and effienctly detecting backdoor threats, but also generating reports that describe state variables affected by the backdoor and a function sequence that triggers the backdoor.

Zeqin Liao,Sicheng Hao,Yuhong Nan,Zibin Zheng

DOI: https://doi.org/10.1145/3597926.3598111

2024-06-23

Abstract:Smart contracts written in Solidity are widely used in different blockchain platforms such as Ethereum, TRON and BNB Chain. One of the unique designs in Solidity smart contracts is its state-reverting mechanism for error handling and access control. Unfortunately, a number of recent security incidents showed that adversaries also utilize this mechanism to manipulate critical states of smart contracts, and hence, bring security consequences such as illegal profit-gain and Deny-of-Service (DoS). In this paper, we call such vulnerabilities as the State-reverting Vulnerability (SRV). Automatically identifying SRVs poses unique challenges, as it requires an in-depth analysis and understanding of the state-dependency relations in smart contracts. This paper presents SmartState, a new framework for detecting state-reverting vulnerability in Solidity smart contracts via fine-grained state-dependency analysis. SmartState integrates a set of novel mechanisms to ensure its effectiveness. Particularly, Smart-State extracts state dependencies from both contract bytecode and historical transactions. Both of them are critical for inferring dependencies related to SRVs. Further, SmartState models the generic patterns of SRVs (i.e., profit-gain and DoS) as SRV indicators, and hence effectively identify SRVs based on the constructed state-dependency graph. To evaluate SmartState, we manually annotated a ground-truth dataset which contains 91 SRVs in the real world. Evaluation results showed that SmartState achieves a precision of 87.23% and a recall of 89.13%. In addition, SmartState successfully identifies 406 new SRVs from 47,351 real-world smart contracts. 11 of these SRVs are from popular smart contracts with high transaction amounts (i.e., top 2000). In total, our reported SRVs affect a total amount of digital assets worth 428,600 USD.

Software Engineering

Yihao Qin,Bo Lin,Shangwen Wang,Zhuo Zhang,Xiaoguang Mao,Yan Lei,Haoyu Zhang,Hongjun Wu

DOI: https://doi.org/10.1109/ISSRE52982.2021.00047

2021-10-01

Abstract:Smart contracts with natural economic attributes have been widely and rapidly developed in various fields. However, the bugs and vulnerabilities in smart contracts have brought huge economic losses, which has strengthened people's attention to the security issues of smart contracts. The immutability of smart contracts makes people more willing to conduct security checks before deploying smart contracts. Nonetheless, existing smart contract vulnerability detection techniques are far away from enough: static analysis approaches rely heavily on manually crafted heuristics which is difficult to reuse across different types of vulnerabilities while deep learning based approaches also have unique limitations. In this study, we propose a novel approach, Peculiar, which uses Pre-training technique for detection of smart contract vulnerabilities based on crucial data flow graph. Compared against the traditional data flow graph which is already utilized in existing approach, crucial data flow graph is less complex and does not bring an unnecessarily deep hierarchy, which makes the model easy to focus on the critical features. Moreover, we also involve pre-training technique in our model due to the dramatic improvements it has achieved on a variety of NLP tasks. Our empirical results show that Peculiar can achieve 91.80 % precision and 92.40 % recall in detecting reentrancy vulnerability, one of the most severe and common smart contract vulnerabilities, on 40,932 smart contract files, which is significantly better than the state-of-the-art methods (e.g., Smartcheck achieves 79.37% precision and 70.50% recall). Meanwhile, another experiment shows that Peculiar is more discerning to reentrancy vulnerability than existing approaches. The ablation experiment reveals that both crucial data flow graph and pre-trained model contribute significantly to the performances of Peculiar.

Computer Science

Mingtao Ji,GuangJun Liang,Meng Li,Haoyan Zhang,Jiacheng He

DOI: https://doi.org/10.1007/978-3-030-78621-2_41

2021-01-01

Abstract:As the blockchain enters the 2.0 era, the smart contract which is based on the blockchain platform has gradually entered people’s field of vision. By its transparency, non-tampering, independence from third-party arbitration, and trustlessness, it is widely applied in equity crowdfunding, games, insurance, particularly the Internet of Things. However, the attack on the TheDAO smart contract alert public awareness of the security of a smart contract. The essence of the smart contract is an electronic contract written in code. Due to reasons like lacking standard libraries for its programming language, several loopholes will inevitably appear in the code. Once they are found by attackers, the interests of the main body using smart contracts will be damaged. There are many types of vulnerabilities in smart contracts, such as reentrancy, short address attacks, and timestamp dependence. This article mainly focuses on re-entry vulnerabilities as the research object and analyzes the principle of re-entry vulnerabilities. Featuring immutable after being chained, the smart contract must be checked before it is chained to make up for the vulnerability. This paper provides a detection method based on symbolic execution to detect reentrancy vulnerabilities. We hope to strengthen people’s security awareness of smart contracts and boost the research of smart contracts in terms of security by our study of the smart contract reentrancy vulnerability in this article. Promote the research and development of smart contracts.

Zexu Wang,Jiachi Chen,Yanlin Wang,Yu Zhang,Weizhe Zhang,Zibin Zheng

2024-03-18

Abstract:Reentrancy vulnerability as one of the most notorious vulnerabilities, has been a prominent topic in smart contract security research. Research shows that existing vulnerability detection presents a range of challenges, especially as smart contracts continue to increase in complexity. Existing tools perform poorly in terms of efficiency and successful detection rates for vulnerabilities in complex contracts. To effectively detect reentrancy vulnerabilities in contracts with complex logic, we propose a tool named SliSE. SliSE's detection process consists of two stages: Warning Search and Symbolic Execution Verification. In Stage I, SliSE utilizes program slicing to analyze the Inter-contract Program Dependency Graph (I-PDG) of the contract, and collects suspicious vulnerability information as warnings. In Stage II, symbolic execution is employed to verify the reachability of these warnings, thereby enhancing vulnerability detection accuracy. SliSE obtained the best performance compared with eight state-of-the-art detection tools. It achieved an F1 score of 78.65%, surpassing the highest score recorded by an existing tool of 9.26%. Additionally, it attained a recall rate exceeding 90% for detection of contracts on Ethereum. Overall, SliSE provides a robust and efficient method for detection of Reentrancy vulnerabilities for complex contracts.

Software Engineering

Tianle Sun,Ningyu He,Jiang Xiao,Yinliang Yue,Xiapu Luo,Haoyu Wang

2024-05-31

Abstract:In Ethereum, the practice of verifying the validity of the passed addresses is a common practice, which is a crucial step to ensure the secure execution of smart contracts. Vulnerabilities in the process of address verification can lead to great security issues, and anecdotal evidence has been reported by our community. However, this type of vulnerability has not been well studied. To fill the void, in this paper, we aim to characterize and detect this kind of emerging vulnerability. We design and implement AVVERIFIER, a lightweight taint analyzer based on static EVM opcode simulation. Its three-phase detector can progressively rule out false positives and false negatives based on the intrinsic characteristics. Upon a well-established and unbiased benchmark, AVVERIFIER can improve efficiency 2 to 5 times than the SOTA while maintaining a 94.3% precision and 100% recall. After a large-scale evaluation of over 5 million Ethereum smart contracts, we have identified 812 vulnerable smart contracts that were undisclosed by our community before this work, and 348 open source smart contracts were further verified, whose largest total value locked is over $11.2 billion. We further deploy AVVERIFIER as a real-time detector on Ethereum and Binance Smart Chain, and the results suggest that AVVERIFIER can raise timely warnings once contracts are deployed.

Cryptography and Security,Software Engineering

NI Yuandong,ZHANG Chao,YIN Tingting

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2020.05.07

2020-01-01

Journal of Cyber Security

Abstract:Smart contract is a decentralized application that operates on a blockchain platform, providing secure and reliable capabilities to contract participants. Smart contracts play an important role in decentralized application scenarios. They are widely used in many fields, such as equity crowdfunding, games, insurance, and the Internet of Things, making them attractive to attackers. Compared to traditional programs, the security of smart contracts affects not only the fairness of contracts but also the safety of high volume digital assets on the blockchain managed by contracts. Therefore, analyzing the security of smart contracts and associated vulnerabilities is crucial. In this paper, we analyzed the characteristics of smart contracts and new security risks they bring. We propose a three-layer threat model, i.e., threats from high-level languages, virtual machines, and the blockchain, for characterizing smart contract security. We use the world′s largest smart contract platform Ethereum as an example to illustrate 15 types of common vulnerabilities in smart contracts. We then summarize the main challenges and progress of smart contract security research on vulnerability, including automated vulnerability detection, automated exploit generation and mitigations for smart contracts. At the end of this paper, we highlight the future of smart contract security research, and proposed two potential research directions.

Shuo Yang,Jiachi Chen,Mingyuan Huang,Zibin Zheng,Yuan Huang

2024-03-28

Abstract:Reentrancy, a notorious vulnerability in smart contracts, has led to millions of dollars in financial loss. However, current smart contract vulnerability detection tools suffer from a high false positive rate in identifying contracts with reentrancy vulnerabilities. Moreover, only a small portion of the detected reentrant contracts can actually be exploited by hackers, making these tools less effective in securing the Ethereum ecosystem in practice.

Cryptography and Security,Software Engineering

Fuchen Ma,Meng Ren,Lerong Ouyang,Yuanliang Chen,Juan Zhu,Ting Chen,Yingli Zheng,Xiao Dai,Yu Jiang,Jiaguang Sun

DOI: https://doi.org/10.1145/3560264

IF: 3.685

2023-01-01

ACM Transactions on Software Engineering and Methodology

Abstract:With the development of decentralized networks, smart contracts, especially those for ERC tokens, are attracting more and more Dapp users to implement their applications. There are some functions in ERC token contracts that only a specific group of accounts could invoke. Among those functions, some even can influence other accounts or the whole system without prior notice or permission. These functions are referred to as contract backdoors. Once exploited by an attacker, they can cause property losses and harm users' privacy. In this work, we propose Pied-Piper, a hybrid analysis method that integrates datalog analysis and directed fuzzing to detect backdoor threats in Ethereum ERC token contracts. First, datalog analysis is applied to abstract the data structures and identification rules related to the threats for preliminary static detection. Then, directed fuzzing is applied to eliminate false positives caused by the static analysis. We first evaluated PiedPiper on 200 smart contracts, which are injected with different types of backdoors. It reported all problems without false positives, and none of the injected problems was missed. Then, we applied Pied-Piper on 13,484 real token contracts deployed on Ethereum. Pied-Piper reported 189 confirmed problems, four of which have been assigned unique CVE ids while others are still in the review process. Each contract takes 8.03 seconds for datalog analysis on average, and the fuzzing engine can eliminate the false positives within one minute.

Tengyun Jiao,Zhiyu Xu,Minfeng Qi,Sheng Wen,Yang Xiang,Gary Nan

DOI: https://doi.org/10.1145/3643895

2024-02-12

Abstract:A smart contract is a computerised transaction agreement that carries out predefined terms without human involvement or third-party intermediaries. It serves as a trust intermediary in several industries, including finance, insurance, and supply chain management, in the blockchain 2.0 era. With the increasing interest in smart contracts, security has become a serious problem. Examining typical vulnerability types and vulnerability detection methodologies is of special importance. In this research, a comprehensive evaluation of common smart contract security vulnerabilities is conducted, and a three-tier threat model is then provided to classify the vulnerabilities. In addition, we examine fourteen existing smart contract analysis tools for finding vulnerabilities and classify them according to the main technique they apply. This paper is designed to serve as a reference for people who wish to analyse deployed code and enhance existing detection techniques. At the conclusion, open issues and future research paths regarding smart contract vulnerability detection are presented.

Abhinav Jain,Ehan Masud,Michelle Han,Rohan Dhillon,Sumukh Rao,Arya Joshi,Salar Cheema,Saurav Kumar

DOI: https://doi.org/10.48550/arXiv.2309.07841

2023-09-15

Abstract:Due to the modern relevance of blockchain technology, smart contracts present both substantial risks and benefits. Vulnerabilities within them can trigger a cascade of consequences, resulting in significant losses. Many current papers primarily focus on classifying smart contracts for malicious intent, often relying on limited contract characteristics, such as bytecode or opcode. This paper proposes a novel, two-layered framework: 1) classifying and 2) directly repairing malicious contracts. Slither's vulnerability report is combined with source code and passed through a pre-trained RandomForestClassifier (RFC) and Large Language Models (LLMs), classifying and repairing each suggested vulnerability. Experiments demonstrate the effectiveness of fine-tuned and prompt-engineered LLMs. The smart contract repair models, built from pre-trained GPT-3.5-Turbo and fine-tuned Llama-2-7B models, reduced the overall vulnerability count by 97.5% and 96.7% respectively. A manual inspection of repaired contracts shows that all retain functionality, indicating that the proposed method is appropriate for automatic batch classification and repair of vulnerabilities in smart contracts.

Cryptography and Security,Artificial Intelligence

Lee Song Haw Colin,Purnima Murali Mohan,Jonathan Pan,Peter Loh Kok Keong

DOI: https://doi.org/10.1109/access.2024.3364351

IF: 3.9

2024-02-20

IEEE Access

Abstract:perceptron (MLP). We use feature vectors from the Opcodes and CFG for the machine learning (ML) model training. The existing ML-based approaches for analyzing the smart contract code are constrained by the vulnerability detection space, significantly varying Solidity versions, and no unified approach to verify against the ground truth. The primary contributions in this paper are 1) a standardized pre-processing method for smart contract training data, 2) introducing bugs to create a balanced dataset of flawed files across Solidity versions using AST, and 3) standardizing vulnerability identification using the Smart Contract Weakness Classification (SWC) registry. The ML models employed for benchmarking the proposed MLP, and a multi-input model combining MLP and Long short-term memory (LSTM) in our study are Random forest (RF), XGBoost (XGB), Support vector machine (SVM). The performance evaluation on real-time smart contracts deployed on the Ethereum Blockchain show an accuracy of up to 91% using MLP with the lowest average False Positive Rate (FPR) among all tools and models, measuring at 0.0125.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yuyao Zhang,Siqi Ma,Juanru Li,Kailai Li,Surya Nepal,Dawu Gu

DOI: https://doi.org/10.1109/saner48275.2020.9054825

2020-01-01

Abstract:The immutable feature of blockchain determines that traditional security response mechanisms (e.g., code patching) must change to remedy insecure smart contracts. The only proper way to protect a smart contract is to fix potential risks in its code before it is deployed to the blockchain. However, existing tools for smart contract security analysis focus on the detection of bugs but seldom consider the code fix issues. Meanwhile, it is often time-consuming and error-prone for a developer to understand and fix flawed code manually. In this paper we propose SMARTSHIELD, a bytecode rectification system, to fix three typical security-related bugs (i.e., state changes after external calls, missing checks for out-of-bound arithmetic operations, and missing checks for failing external calls) in smart contracts automatically and help developers release secure contracts. Moreover, SMARTSHIELD guarantees that the rectified contract is not only immune to certain attacks but also gas-friendly (i.e., a slightly increase of gas cost). To evaluate the effectiveness and efficiency of SMARTSHIELD, we applied it to 28,621 real-world buggy contracts on Ethereum blockchain (as of January 2nd2019). Experiment results demonstrated that among 95,502 insecure cases in those contracts, 87,346 (91.5%) of them were automatically fixed by SMARTSHIELD. A following test with both program analysis and real-world exploits further testified that the rectified contracts were secure against common attacks. Moreover, the rectification only introduced a 0.2 % gas increment for each contract on average.

Xiaoli Zhang,Wenxiang Sun,Zhicheng Xu,Hongbing Cheng,Chengjun Cai,Helei Cui,Qi Li

DOI: https://doi.org/10.1109/tifs.2024.3349852

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:Recently, smart contracts have been widely applied in security-sensitive fields yet are fragile to various vulnerabilities and attacks. Regarding this, existing research efforts either statically scrutinize smart contracts' code or detect suspicious transaction execution flows. However, they either fail to timely protect contracts or only handle a small subset of well-known vulnerabilities. In the paper, we propose - that secures vulnerable smart contracts in real-time via fine-grained access control over sensitive states. The behind rationale is most of attacks aim to manipulate money-related states (e.g., tokens) for profits. Specifically, transaction-level state access control policies are first defined by developers and then translated into EVM-level policies with contract-aware function-level state access permissions. In policy enforcement, - introduces a hybrid storage analyzer to accurately identify (dynamic-allocated) storage locations for policy-involved states and a multi-stage cache based filter to fast revert bad transactions with unexpected state access behaviors. Finally, we conduct thorough experiments using 12 types of real-world contract vulnerabilities and all open-source smart contracts on the first blocks of Ethereum. The results demonstrate that - outperforms two state-of-the-art runtime analysis tools in terms of attack detection. Extensive performance evaluations with real-world transactions show that - can block 100% unexpected state accesses at the cost of 8% throughput degradation (compared with the native EVM).

computer science, theory & methods,engineering, electrical & electronic

Hanting Chu,Pengcheng Zhang,Hai Dong,Yan Xiao,Shunhui Ji,Wenrui Li

DOI: https://doi.org/10.1016/j.infsof.2023.107221

IF: 3.9

2023-07-01

Information and Software Technology

Abstract:Smart contracts contain many built-in security features, such as non-immutability once being deployed and non-involvement of third parties for contract execution. These features reduce security risks and enhance users’ trust towards smart contracts. However, smart contract security issues still persist, resulting in huge financial losses. Contract publishers cannot fully cover contract vulnerabilities through contract version updating. These security issues affect further development of blockchain technologies. So far, there are many related studies focusing on smart contract security issues and tend to discuss from a particular perspective (e.g., development cycle, vulnerability attack methods, security detection tools, etc.). However, smart contract security is a complicated issue that needs to be explored from a multi-dimensional perspective. In this paper, we explore smart contract security from the perspectives of vulnerability data sources, vulnerability detection, and vulnerability defense. We first analyze the existing security issues and challenges of smart contracts, investigate the existing vulnerability classification frameworks and common security vulnerabilities, followed by reviewing the existing contract vulnerability injection, detection, and repair methods. We then analyze the performance of existing security methods. Next, we summarize the current status of smart contract security-related research. Finally, we summarize the state of the art and future trends of smart contract security-related research. This paper aims to provide systematic knowledge and references to this research field.

computer science, information systems, software engineering

Pengxiang Ma,Ningyu He,Yuhua Huang,Haoyu Wang,Xiapu Luo

2023-07-02

Abstract:Smart contracts play a vital role in the Ethereum ecosystem. Due to the prevalence of kinds of security issues in smart contracts, the smart contract verification is urgently needed, which is the process of matching a smart contract's source code to its on-chain bytecode for gaining mutual trust between smart contract developers and users. Although smart contract verification services are embedded in both popular Ethereum browsers (e.g., Etherscan and Blockscout) and official platforms (i.e., Sourcify), and gain great popularity in the ecosystem, their security and trustworthiness remain unclear. To fill the void, we present the first comprehensive security analysis of smart contract verification services in the wild. By diving into the detailed workflow of existing verifiers, we have summarized the key security properties that should be met, and observed eight types of vulnerabilities that can break the verification. Further, we propose a series of detection and exploitation methods to reveal the presence of vulnerabilities in the most popular services, and uncover 19 exploitable vulnerabilities in total. All the studied smart contract verification services can be abused to help spread malicious smart contracts, and we have already observed the presence of using this kind of tricks for scamming by attackers. It is hence urgent for our community to take actions to detect and mitigate security issues related to smart contract verification, a key component of the Ethereum smart contract ecosystem.

Cryptography and Security

Dongcheng Li,W. Eric Wong,Xiaodan Wang,Sean Pan,Liang-Seng Koh

2024-10-01

Abstract:This paper introduces a method for detecting vulnerabilities in smart contracts using static analysis and a multi-objective optimization algorithm. We focus on four types of vulnerabilities: reentrancy, call stack overflow, integer overflow, and timestamp dependencies. Initially, smart contracts are compiled into an abstract syntax tree to analyze relationships between contracts and functions, including calls, inheritance, and data flow. These analyses are transformed into static evaluations and intermediate representations that reveal internal relations. Based on these representations, we examine contract's functions, variables, and data dependencies to detect the specified vulnerabilities. To enhance detection accuracy and coverage, we apply a multi-objective optimization algorithm to the static analysis process. This involves assigning initial numeric values to input data and monitoring changes in statement coverage and detection accuracy. Using coverage and accuracy as fitness values, we calculate Pareto front and crowding distance values to select the best individuals for the new parent population, iterating until optimization criteria are met. We validate our approach using an open-source dataset collected from Etherscan, containing 6,693 smart contracts. Experimental results show that our method outperforms state-of-the-art tools in terms of coverage, accuracy, efficiency, and effectiveness in detecting the targeted vulnerabilities.

Software Engineering