Skip to main content
Springer Nature Link
Log in

CDRF: A Detection Method of Smart Contract Vulnerability Based on Random Forest

  • Conference paper
  • First Online:
Provable and Practical Security (ProvSec 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14217))

Included in the following conference series:

  • 575 Accesses

Abstract

With the widespread applications of smart contract, a large number of smart contracts with virtual coins have been deployed on Ethereum. However, smart contracts may have vulnerabilities that cause huge losses. Therefore, it is a critical issue to effectively and time-savingly detect potential vulnerabilities in contracts. Oyente and Mythril are both contract analysis tools based on symbolic execution, which rely on control flow graph to detect vulnerabilities and are time-consuming. In this work, we propose CDRF to detect vulnerabilities in smart contracts with machine learning. First, we summarize four kinds of opcode fragments containing key vulnerability instructions. The opcode fragments are processed by word2vec and PCA to obtain one-dimensional binary features. Second, we use five machine learning algorithms to build the model. This method uses the 53651 real-world smart contracts on Ethereum for evaluation. When we use CDRF as the training model, the highest predictive value of F1-socre is 98.03\(\%\), and the rest are above 93\(\%\); the highest predictive value of AUC is 99.56\(\%\), and the rest are above 94\(\%\). Meanwhile, the average detection time for each smart contract is 3 s. The experimental results show that the method is effective and time-saving.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Szabo, N.: Smart contracts: building blocks for digital markets, extropy. J. Transhumanist Thought 16(18), 2–20 (1996)

    Google Scholar 

  2. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system, p. 21260 (2008)

    Google Scholar 

  3. Buterin, v., et al.,: A next-generation smart contract and decentralized application platform. White Pap. 3(37), 2–1 (2014)

    Google Scholar 

  4. Yasin, A., Liu, L.: An online identity and smart contract management system. In: 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), vol. 2, pp. 192–198. IEEE (2016)

    Google Scholar 

  5. Nugent, T., Upton, D., Cimpoesu, M.: Improving data transparency in clinical trials using blockchain smart contracts. F1000Research 5 (2016)

    Google Scholar 

  6. Wall, E., Malm, G.: Using blockchain technology and smart contracts to create a distributed securities depository (2016)

    Google Scholar 

  7. Zhang, M., Huang, S., Shen, G., Wang, Y.: PPNNP: a privacy-preserving neural network prediction with separated data providers using multi-client inner-product encryption. Comput. Stan. Interfaces 84, 103678 (2023)

    Article  Google Scholar 

  8. Zhang, M., Chen, Y., Susilo, W.: Decision tree evaluation on sensitive datasets for secure e-healthcare systems. IEEE Trans. Dependable Secure Comput. (2022)

    Google Scholar 

  9. Zhang, M., Yang, M., Shen, G.: SSBAS-FA: a secure sealed-bid e-auction scheme with fair arbitration based on time-released blockchain. J. Syst. Archit. 129, 102619 (2022)

    Article  Google Scholar 

  10. Wan, Z., Guan, Z., Cheng, X.: PRIDE: a private and decentralized usage-based insurance using blockchain. In: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 1349–1354. IEEE (2018)

    Google Scholar 

  11. Christidis, K., Devetsikiotis, M.: Blockchains and smart contracts for the internet of things. IEEE Access 4, 2292–2303 (2016)

    Article  Google Scholar 

  12. Chang, S.E., Chen, Y.-C., Lu, M.-F.: Supply chain re-engineering using blockchain technology: a case of smart contract based tracking process. Technol. Forecast. Soc. Chang. 144, 1–11 (2019)

    Article  Google Scholar 

  13. Bader, L., Bürger, J. C., Matzutt, R., Wehrle, K.: Smart contract-based car insurance policies. In: 2018 IEEE Globecom workshops (GC wkshps), pp. 1–7. IEEE (2018)

    Google Scholar 

  14. Mavridou, A., Laszka, A.: Designing secure ethereum smart contracts: a finite state machine based approach. In: Meiklejohn, S., Sako, K. (eds.) FC 2018. LNCS, vol. 10957, pp. 523–540. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-662-58387-6_28

    Chapter  Google Scholar 

  15. Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8

    Chapter  Google Scholar 

  16. “The dao” (2016) https://blog.ethereum.org/2016/06/17/critical-update-re-dao-vulnerability

  17. “The parity multisig bug” (2017). https://blog.openzeppelin.com/on-the-parity-wallet-multisig-hack-405a8c12e8f7/

  18. “Vaas.automated formal verification platform for smart contract” (2019). https://www.lianantech.com/

  19. Bach, L.M., Mihaljevic, B., Zagar, M.: Comparative analysis of blockchain consensus algorithms. In: 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1545–1550. IEEE (2018)

    Google Scholar 

  20. Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781 (2013)

  21. Yang, J., Zhang, D., Frangi, A.F., Yang, J.-Y.: Two-dimensional PCA: a new approach to appearance-based face representation and recognition. IEEE Trans. Pattern Anal. Mach. Intell. 26(1), 131–137 (2004)

    Article  Google Scholar 

  22. Grossman, S., et al.: Online detection of effectively callback free objects with applications to smart contracts. Proc. ACM Program. Lang. 2(POPL), 1–28 (2018)

    Article  Google Scholar 

  23. Sam, H.: “Batch overflow bug on ethereum erc20 token contracts and safemath[eb/ol],” 2022–5-25, https://blog.matryx.ai/ batch-overflow-bug-on-ethereum-erc20-token-contracts-and-safemath-f9ebcc137434

  24. Breiman, L.: Random Forest. Mach. Learn. 45(1), 5–32 (2001). https://doi.org/10.1023/A:1010933404324

  25. Ke, G., et al.: Lightgbm: a highly efficient gradient boosting decision tree. Adv. neural inf. proc. syst. 30 (2017)

    Google Scholar 

  26. Chen T., Guestrin, C.: XGBoost: a scalable tree boosting system. In: Proceedings of the 22nd ACM Sigkdd International Conference on Knowledge Discovery and Data Mining, pp. 785–794 (2016)

    Google Scholar 

  27. Freund, Y., Schapire, R.E.: A decision-theoretic generalization of on-line learning and an application to boosting. J. Comput. Syst. Sci. 55(1), 119–139 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  28. Suykens, J.A.K., Vandewalle, J.: Least squares support vector machine classifiers. Neural Process. Lett. 9(3), 293–300 (1999). https://doi.org/10.1023/A:1018628609742

    Article  Google Scholar 

  29. “The official website of ethereum,” (2019). https://etherscan.io/

  30. Qian, P., Liu, Z., He, Q., Huang, B., Tian, D., Wang, X.: Smart contract vulnerability detection technique: a survey. arXiv preprint arXiv:2209.05872 (2022)

  31. Han, S.M., Liang, B., Huang, J.J., Shi, W.: Dc-hunter: detecting dangerous smart contracts via bytecode matching. J. Cyber Security 5(3), 100–112 (2020)

    Google Scholar 

  32. Zhang, P., Xiao, F., Luo, X.: Soliditycheck: Quickly detecting smart contract problems through regular expressions. arXiv preprint arXiv:1911.09425 (2019)

  33. Huang, J., et al.: Hunting vulnerable smart contracts via graph embedding based bytecode matching. IEEE Trans. Inf. Forensics Secur. 16, 2144–2156 (2021)

    Article  Google Scholar 

  34. Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151, 1–32 (2014)

    Google Scholar 

  35. Grishchenko, I., Maffei, M., Schneidewind, C.: A semantic framework for the security analysis of ethereum smart contracts. In: Bauer, L., Küsters, R. (eds.) Principles of Security and Trust, pp. 243–269. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_10

    Chapter  Google Scholar 

  36. Hildenbrandt, E., et al.: Kevm: A complete formal semantics of the ethereum virtual machine. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF). IEEE, 2018, pp. 204–217 (2018)

    Google Scholar 

  37. SAmani, S., Bégel, M., Bortin, M. and Staples, M.: Towards verifying ethereum smart contract bytecode in isabelle/hol. In: Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs, 2018, 66–77 (2018)

    Google Scholar 

  38. Kalra, S., Goel, S., Dhawan, M., Sharma, S.: Zeus: analyzing safety of smart contracts. In: Ndss, pp. 1–12 (2018)

    Google Scholar 

  39. Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269 (2016)

    Google Scholar 

  40. Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., Vechev, M.: Securify: Practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82 (2018)

    Google Scholar 

  41. Ethereum virtual machine operation codes (2019). https://ethervm.io/

  42. Mueller, B.: A framework for bug hunting on the ethereum blockchain (2017)

    Google Scholar 

  43. Brent, L., et al.: Vandal: A scalable security analysis framework for smart contracts. arXiv preprint arXiv:1809.03981 (2018)

  44. Zhang, L., et al.: CBGRU: a detection method of smart contract vulnerability based on a hybrid model. Sensors 22(9), 3577 (2022). https://doi.org/10.3390/s22093577

    Article  Google Scholar 

  45. Yu, X., Zhao, H., Hou, B., Ying, Z., Wu, B.: Deescvhunter: A deep learning-based framework for smart contract vulnerability detection. In: 2021 International Joint Conference on Neural Networks (IJCNN), pp. 1–8 (2021)

    Google Scholar 

  46. Liu, Z., Qian, P., Wang, X., Zhu, L., He, Q., Ji, S.: Smart contract vulnerability detection: From pure neural network to interpretable graph feature and expert pattern fusion. 08 2021, pp. 2751–2759 (2021)

    Google Scholar 

  47. Zhuang, Y., Liu, Z., Qian, P., Liu, Q., Wang, X., He, Q.: Smart contract vulnerability detection using graph neural network. In: Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence, IJCAI-20, C. Bessiere, Ed. International Joint Conferences on Artificial Intelligence Organization, 7 2020, pp. 3283–3290, main track. [Online]. Available: https://doi.org/10.24963/ijcai.2020/454

Download references

Acknowledgements

The work is supported in part by the National Natural Science Foundation of China under grants 62202146, 62072134 and U2001205, the Natural Science Foundation of Hubei Province under grants 2022CFB914 and 2021BEA163.

Author information

Authors and Affiliations

  1. Hubei University of Technology, Wuhan, 430068, China

    Meng Huang, Jia Yang & Cong Liu

Authors
  1. Meng Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jia Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cong Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jia Yang .

Editor information

Editors and Affiliations

  1. Hubei University of Technology, Wuhan, China

    Mingwu Zhang

  2. Hong Kong Polytechnic University, Kowloon, Hong Kong

    Man Ho Au

  3. University of Wollongong, Wollongong, NSW, Australia

    Yudi Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Huang, M., Yang, J., Liu, C. (2023). CDRF: A Detection Method of Smart Contract Vulnerability Based on Random Forest. In: Zhang, M., Au, M.H., Zhang, Y. (eds) Provable and Practical Security. ProvSec 2023. Lecture Notes in Computer Science, vol 14217. Springer, Cham. https://doi.org/10.1007/978-3-031-45513-1_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-45513-1_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-45512-4

  • Online ISBN: 978-3-031-45513-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics