Toward Vulnerability Detection for Ethereum Smart Contracts Using Graph-Matching Network

Toward Vulnerability Detection for Ethereum Smart Contracts Using Graph-Matching Network

With the blooming of blockchain-based smart contracts in decentralized applications, the security problem of smart contracts has become a critical issue, as vulnerable contracts have resulted in severe financial losses. Existing research works have explored vulnerability detection methods based on f...

Full description

Saved in:
Bibliographic Details
Published in:Future internet Vol. 14; no. 11; p. 326
Main Authors: Zhang, Yujian, Liu, Daifu
Format: Journal Article
Language:English
Published: Basel MDPI AG 01-11-2022
Subjects:
abstract semantic graph
Automation
Blockchain
Competition
Contracts
Cryptography
Graph matching
Graph neural networks
Graph representations
graph-matching network
Graphical representations
Internet
Programming languages
Semantics
Similarity
smart contract
Software
static analysis
Static code analysis
vulnerability detection
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the blooming of blockchain-based smart contracts in decentralized applications, the security problem of smart contracts has become a critical issue, as vulnerable contracts have resulted in severe financial losses. Existing research works have explored vulnerability detection methods based on fuzzing, symbolic execution, formal verification, and static analysis. In this paper, we propose two static analysis approaches called ASGVulDetector and BASGVulDetector for detecting vulnerabilities in Ethereum smart contacts from source-code and bytecode perspectives, respectively. First, we design a novel intermediate representation called abstract semantic graph (ASG) to capture both syntactic and semantic features from the program. ASG is based on syntax information but enriched by code structures, such as control flow and data flow. Then, we apply two different training models, i.e., graph neural network (GNN) and graph matching network (GMN), to learn the embedding of ASG and measure the similarity of the contract pairs. In this way, vulnerable smart contracts can be identified by calculating the similarity to labeled ones. We conduct extensive experiments to evaluate the superiority of our approaches to state-of-the-art competitors. Specifically, ASGVulDetector improves the best of three source-code-only static analysis tools (i.e., SmartCheck, Slither, and DR-GCN) regarding the F1 score by 12.6% on average, while BASGVulDetector improves that of the three detection tools supporting bytecode (i.e., ContractFuzzer, Oyente, and Securify) regarding the F1 score by 25.6% on average. We also investigate the effectiveness and advantages of the GMN model for detecting vulnerabilities in smart contracts.
ISSN:1999-5903
1999-5903
DOI:10.3390/fi14110326