ABSTRACT
Ethereum is currently one of the most popular blockchain platforms. Smart contracts are an important part of blockchain. Because developers lack understanding of contract security and the huge value of contracts themselves, contracts are often attacked. Therefore, how to effectively detect smart contract vulnerabilities has become a crucial issue. This paper uses deep learning to detect vulnerabilities, which can get rid of dependence on expert experience. In order to solve the problem of poor detection effect caused by excessive noise, this paper proposes a vulnerability detection technology based on critical combination path and deep learning. The critical combination path only contains code related to vulnerabilities, eliminating many invalid codes, thus greatly reducing the impact of noise. At the same time, by analyzing the characteristics of assembly code, a normalization method is proposed to remove many homogeneous codes. The normalized critical combination paths are then vectorized using SimHash, and then converted to grayscale images for classification using a neural network. The experimental results show that the proposed scheme is effective.
- N. SZABO. The Idea of Smart Contracts. [EB/OL]. http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/idea.html, 1997.Google Scholar
- Buterin, V. A next-generation smart contract and decentralized application platform[EB/OL], https://cryptorating.eu/whitepapers/Ethereum/Ethereum_white_paper.pdf, 2014.Google Scholar
- Dannen C. Solidity programming[M]//Introducing Ethereum and Solidity. Apress, Berkeley, CA, 2017: 69-88.Google ScholarCross Ref
- Lin I C, Liao T C. A survey of blockchain security issues and challenges[J]. Int. J. Netw. Secur., 2017, 19(5): 653-659.Google Scholar
- Chinen Y, Yanai N, Cruz J P, RA: Hunting for re-entrancy attacks in ethereum smart contracts via static analysis[C]//2020 IEEE International Conference on Blockchain (Blockchain). IEEE, 2020: 327-336.Google Scholar
- Mehar M I, Shier C L, Giambattista A, Understanding a revolutionary and flawed grand experiment in blockchain: the DAO attack[J]. Journal of Cases on Information Technology (JCIT), 2019, 21(1): 19-32.Google ScholarCross Ref
- Chen Libo,Yin Tingting,Ni Yuandong,Zhang Chao. ERC20 Smart Contract Integer Overflow Series Vulnerability Disclosure[J]. Information Technology and Network Security,2018,37(08):3-6.Google Scholar
- Atzei N, Bartoletti M, Cimoli T. A survey of attacks on ethereum smart contracts (sok)[C] // International conference on principles of security and trust. Springer, Berlin, Heidelberg, 2017: 164-186.Google Scholar
- GAO Feng. Difficulty in fixing blockchain smart contract vulnerabilities[J]. Computer & Networking, 2018, 44(12): 50-51.Google Scholar
- King J C. Symbolic execution and program testing[J]. Communications of the ACM, 1976, 19(7): 385-394.Google ScholarDigital Library
- Hu Kai,Bai Xiaomin,Gao Lingchao,Dong Aiqiang. Formal verification method of smart contract[J].Research on Information Security, 2016,2(12):1080-1089.Google Scholar
- Tikhomirov S, Voskresenskaya E, Ivanitskiy I, Smartcheck: Static analysis of ethereum smart contracts[C]//Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain. 2018: 9-16.Google Scholar
- Huang H D . Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks[A].//2018 IEEE International Conference On BigData[C], Seattle, WA, USA :IEEE,2018.Google Scholar
- Daian P, Guth D, Hathhorn C, Runtime verification at work: A tutorial[C]//International Conference on Runtime Verification. Springer, Cham, 2016: 46-67.Google Scholar
- Kalra S, Goel S, Dhawan M, Zeus: analyzing safety of smart contracts[C]//Ndss. 2018: 1-12.Google Scholar
- Gurfinkel A, Kahsai T, Komuravelli A, The SeaHorn verification framework[C]//International Conference on Computer Aided Verification. Springer, Cham, 2015: 343-361.Google Scholar
- Allen F E. Control flow analysis[J]. ACM Sigplan Notices, 1970, 5(7): 1-19.Google ScholarDigital Library
- Luu L, Chu D H, Olickel H, Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. 2016: 254-269.Google Scholar
- Chang J, Gao B, Xiao H, sCompile: Critical path identification and analysis for smart contracts[C]//International Conference on Formal Engineering Methods. Springer, Cham, 2019: 286-304.Google Scholar
- Zhuang Y, Liu Z, Qian P, Smart Contract Vulnerability Detection using Graph Neural Network[C]//IJCAI. 2020: 3283-3290.Google Scholar
- Huang H D . Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks[A].//2018 IEEE International Conference On BigData[C], Seattle, WA, USA :IEEE,2018.Google Scholar
- Wood G. Ethereum: A secure decentralised generalised transaction ledger[J]. Ethereum project yellow paper, 2014, 151(2014): 1-32.Google Scholar
- Ni S , Qian Q , Zhang R . Malware identification using visualization images and deep learning[J]. Computers & Security, 2018, 77(AUG.):871-885.Google ScholarDigital Library
- Manku G S, Jain A, Das Sarma A. Detecting near-duplicates for web crawling[C]//Proceedings of the 16th international conference on World Wide Web. 2007: 141-150.Google Scholar
- Gao Z, Jayasundara V, Jiang L, Smartembed: A tool for clone and bug detection in smart contracts through structural code embedding[C]//2019 IEEE International Conference on Software Maintenance and Evolution (ICSME). IEEE, 2019: 394-397.Google Scholar
- LIU Yashu. Research on feature extraction and classification of malicious code based on machine learning[D].Beijing Jiaotong University,2020.Google Scholar
- SEC-BIT. Awesome-Buggy-Erc20-Tokens [EB/OL]. https://github.com/sec-bit/awesome-buggy-erc20-tokens, 2019.Google Scholar
Index Terms
- Smart Contract Vulnerability Detection Based on Critical Combination Path and Deep Learning
Recommendations
ContractFuzzer: fuzzing smart contracts for vulnerability detection
ASE '18: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software EngineeringDecentralized cryptocurrencies feature the use of blockchain to transfer values among peers on networks without central agency. Smart contracts are programs running on top of the blockchain consensus protocol to enable people make agreements while ...
A Critical-Path-Based Vulnerability Detection Method for tx.origin Dependency of Smart Contract
Smart Computing and CommunicationAbstractSmart contracts are one of the most successfully applied technologies on the blockchain, which are decentralized and immutable. Smart contracts cannot be modified once deployed. Therefore, security detection of smart contracts before deployment is ...
Smart Contract Symbol Execution Vulnerability Detection Method Based on CFG Path Pruning
BSCI '23: Proceedings of the 5th ACM International Symposium on Blockchain and Secure Critical InfrastructureIn recent years, with the continuous promotion of blockchain technology, the application of smart contracts has shown an explosive growth trend, and smart contract vulnerabilities seriously threaten the ecological security of blockchain. Aiming at the ...
Comments