Smart Contract Vulnerability Detection Method Based on Deep and Cross Network with Feature Aggregation

Peng Zhao; Jinsheng Li; Shuaijun Gao; Jie Zhao; Fang Liang

doi:10.54097/78sp5g67

Authors

Peng Zhao
Jinsheng Li
Shuaijun Gao
Jie Zhao
Fang Liang

DOI:

https://doi.org/10.54097/78sp5g67

Keywords:

Blockchain; Smart Contracts; Deep Learning; Vulnerability Detection; Deep and Cross Network.

Abstract

The advent of decentralised applications across a range of sectors has led to a growing emphasis on the research and development of methods to identify vulnerabilities in smart contracts for decentralised applications. However, current detection techniques have been found to have limitations in terms of accuracy and the number of false alarms they generate. In order to address the aforementioned issues, this paper puts forth a modular vulnerability detection model, designated as BAMC. The method initially utilises the word2vec model to derive the word vector representation of the smart contract, subsequently extracting the word order information through a bidirectional long short-term memory network. Subsequently, the attention mechanism and max-pooling operation are employed to process the word order information, thereby obtaining fine-grained features and key features. Ultimately, explicit bounded-degree feature interactions are achieved through the combination of deep and cross networks, thus enabling the detection of reentrancy vulnerabilities and timestamp vulnerabilities. The experimental results demonstrate that the proposed method exhibits superior performance in comparison to existing techniques, with significantly higher values for various indexes. Notably, the reentrancy vulnerability and the - of timestamp vulnerability reach 86.14 and 91.43 , respectively.

Downloads

Download data is not yet available.

References

[1] Szabo N. Smart Contracts: Building Blocks for Digital Markets[J]. EXTROPY: The Journal of Transhumanist Thought, 1996, 18(2): 28-30.

[2] Dupont Q. Experiments in Algorithmic Governance: A history and ethnography of " The DAO, " a failed Decentralized Autonomous Organization[M]. 2017.

[3] Sun T, Yu W. A Formal Verification Framework for Security Issues of Blockchain Smart Contracts[J]. Electronics, 2020, 9(2):255.

[4] SharkTeam. Annual Web3 Security Report 2022[EB/OL]. (2024-01-16).https://sharkteam.org/report/analysis/20230116001A_en.pdf.

[5] Nguyen T D, Pham L H, Sun J, et al. sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts[C]. International Conference on Software Engineering, 2020: 778-788.

[6] LUU L, CHU D H, OLICKEL H, et al. Making Smart Contracts Smarter[C]//ACM. 2016 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM,2016: 254-269.

[7] Antonino P, Roscoe AW. Formalising and verifying smart contracts with Solidifier: A bounded model checker for Solidity[EB/OL]. (2020-02-07)[2024-01-16]. https://arxiv.org/abs/2002.02710.

[8] Tikhomirov S, Voskresenskaya E, Ivanitskiy I, et al. SmartCheck: static analysis of ethereum smart contracts[C]. International Conference on Software Engineering, 2018: 9-16.

[9] Yuan Z, Zhenguang L, Peng Q, Qi L, Xiang W, Qinming H, et al. Smart Contract Vulnerability Detection Using Graph Neural Network.[C]. PROCEEDINGS OF THE TWENTY-NINTH INTERNATIONAL JOINT CONFERENCE ON ARTIFICIAL INTELLIGENCE, 2020: 3283-3290.

[10] Nianfeng L, Yang L, Lina L, Yuying W, et al. Smart Contract Vulnerability Detection Based on Deep and Cross Network[J]. 2022 3rd International Conference on Computer Vision, Image and Deep Learning & International Conference on Computer Engineering and Applications (CVIDL & ICCEA), 2022: 533-536.

[11] Peng Q, Zhenguang L, Qinming H, Roger Z, Xun W, et al. Towards Automated Reentrancy Detection For Smart Contracts Based On Sequential Models[J]. IEEE Access, 2020(8): 19685-19695.

[12] Wei W, Jingjing S, Guangquan X, Yidong L, Hao W, Chunhua S, et al. ContractWard: Automated Vulnerability Detection Models for Ethereum Smart Contracts[J]. IEEE Transactions on Network Science and Engineering, 2021, 8(2): 1133-1144.

[13] MIKOLOV T, CHEN Kai, CORRADO G, et al. Efficient Estimation of Word Representations in Vector Space[EB/OL]. (2013-01-16)[2023-05-22]. https://arxiv.org/abs/1301.3781.

[14] Hochreiter S, Schmidhuber J. Long Short-term Memory[J]. MIT Press, 1997, 9(8): 1735-1780.

[15] Lai S, Xu L, Liu K, et al. Recurrent Convolutional Neural Networks for Text Classification[C]. AAAI Conference on Artificial Intelligence, 2015: 2267-2273.

[16] VASWANI A, SHAZEER N, PARMAR N, et al. Attention is all you need[C]. Advances in neural information processing systems, 2017(30): 5998-6008.

[17] Wang R, Shivanna R, Cheng D Z, et al. DCN V2: Improved Deep & Cross Network and Practical Lessons for Web-scale Learning to Rank Systems[C]. The Web Conference,2021: 1785-1797.

[18] Yashavant C S, Kumar S, Karkare A. ScrawlD: A Dataset of Real World Ethereum Smart Contracts Labelled with Vulnerabilities[EB/OL]. (2022-02-25)[2024-01-18]. https://arxiv.org/abs/2202.11409.

[19] Durieux T, Ferreira J F, Abreu R, Cruz P, et al. Empirical review of automated analysis tools on 47,587 Ethereum smart contracts[C]. International Conference on SoftwareEngineering, 2020: 530-541.

[20] Mythril:security analysis tool for EVM bytecode[EB/OL]. [2023-05-01]. https://github.com/ConsenSys/mythril.