An Efficient Vulnerability Detection Model for Ethereum Smart Contracts

Jin, Zhen; He, H. H.; Lv, Zhuo; Su, Chunhua; Xu, Guangquan; Wang, Wei

doi:10.1007/978-3-030-36938-5_26

Cited by 11 publications

(11 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They have a low level of automation and still require some human involvement. Third, they have a long audit time [29,30]. Our online data research found that Mythril averaged 60 s, Oyente was about 30 s, and Securify was about 20 s [31].…”

Section: Existing Methods For Detecting Smart Contract Vulnerabilitiesmentioning

confidence: 99%

SPCBIG-EC: A Robust Serial Hybrid Model for Smart Contract Vulnerability Detection

Zhang

Jin³

et al. 2022

Sensors

View full text Add to dashboard Cite

With countless devices connected to the Internet of Things, trust mechanisms are especially important. IoT devices are more deeply embedded in the privacy of people’s lives, and their security issues cannot be ignored. Smart contracts backed by blockchain technology have the potential to solve these problems. Therefore, the security of smart contracts cannot be ignored. We propose a flexible and systematic hybrid model, which we call the Serial-Parallel Convolutional Bidirectional Gated Recurrent Network Model incorporating Ensemble Classifiers (SPCBIG-EC). The model showed excellent performance benefits in smart contract vulnerability detection. In addition, we propose a serial-parallel convolution (SPCNN) suitable for our hybrid model. It can extract features from the input sequence for multivariate combinations while retaining temporal structure and location information. The Ensemble Classifier is used in the classification phase of the model to enhance its robustness. In addition, we focused on six typical smart contract vulnerabilities and constructed two datasets, CESC and UCESC, for multi-task vulnerability detection in our experiments. Numerous experiments showed that SPCBIG-EC is better than most existing methods. It is worth mentioning that SPCBIG-EC can achieve F1-scores of 96.74%, 91.62%, and 95.00% for reentrancy, timestamp dependency, and infinite loop vulnerability detection.

show abstract

Section: Existing Methods For Detecting Smart Contract Vulnerabilitiesmentioning

confidence: 99%

SPCBIG-EC: A Robust Serial Hybrid Model for Smart Contract Vulnerability Detection

Zhang

Jin³

et al. 2022

Sensors

View full text Add to dashboard Cite

show abstract

“…In addition, it is time-consuming for exploration of all the executable paths. In our previous work [37], we proposed an efficient vulnerability detection model for smart contract. In this work, we extend our previous work by proposing ContractWard that is an automated vulnerability detection model based on machine learning techniques.…”

Section: Related Workmentioning

confidence: 99%

ContractWard: Automated Vulnerability Detection Models for Ethereum Smart Contracts

Wang

Jin

et al. 2021

IEEE Trans. Netw. Sci. Eng.

Self Cite

205

View full text Add to dashboard Cite

Smart contracts are decentralized applications running on Blockchain. A very large number of smart contracts has been deployed on Ethereum. Meanwhile, security flaws of contracts have led to huge pecuniary losses and destroyed the ecological stability of contract layer on Blockchain. It is thus an emerging yet crucial issue to effectively and efficiently detect vulnerabilities in contracts. Existing detection methods like Oyente and Securify are mainly based on symbolic execution or analysis. These methods are very time-consuming, as the symbolic execution requires the exploration of all executable paths or the analysis of dependency graphs in a contract. In this work, we propose ContractWard to detect vulnerabilities in smart contracts with machine learning techniques. First, we extract bigram features from simplified operation codes of smart contracts. Second, we employ five machine learning algorithms and two sampling algorithms to build the models. ContractWard is evaluated with 49502 real-world smart contracts running on Ethereum. The experimental results demonstrate the effectiveness and efficiency of ContractWard. The predictive Micro-F1 and Macro-F1 of ContractWard are over 96% and the average detection time is 4 seconds on each smart contract when we use XGBoost for training the models and SMOTETomek for balancing the training sets.

show abstract

“…Researchers in [16] used 49502 real-world datasets to assess their approach which beat existing approaches. The researchers utilized three supervised ensembles classification algorithms namely: KNN, SVM, and RF, resulting in an F1 score of 0.98.…”

Section: Comparison With Related Workmentioning

confidence: 99%

“…[16] proposed using Random Forest machine learning methods to find vulnerabilities in Ethereum smart contracts. According to the researchers, the model can detect vulnerabilities efficiently and quickly using patterns learned from training samples.…”

mentioning

confidence: 99%

A Vulnerability Detection Approach for Automated Smart Contract Using Enhanced Machine Learning Techniques

Sosu

Chen

Brown-Acquaye

et al. 2022

Preprint

View full text Add to dashboard Cite

A typical contract would necessitate the use of an intermediary, make a payment to them, then wait for the record to return. Through a smart contract, though, it is as easy as putting the bitcoin into the vending machine, and the products would be published instantly. Smart contracts are Blockchain-based autonomous software. On Ethereum, a vast number of smart contracts have been deployed. Meanwhile, transaction security vulnerabilities have resulted in significant financial damages and have harmed the contract layer’s ecological integrity on Blockchain. As a result, detecting contract bugs reliably and efficiently is a new yet critical problem. Currently, available identification approaches, such as Oyente and Securify, depend primarily on symbolic execution or analysis. Since symbolic execution necessitates the discovery of all executable routes or the study of dependence diagrams in a contract, these approaches are time-consuming. In this paper, we suggest SmartPol, a machine learning-based method for detecting vulnerabilities in smart contracts. First, we use a data pre-processor to clean up the data before extracting features and classifying them. Second, we present a PSOGSA-based method for data optimisation and function extraction and a TSVM-based approach for semi-supervised learning classification models to identify smart contract vulnerabilities automatically. On EtherScan, SmartPol was used to test 49512 real-world smart contracts. The experimental findings show SmartPol’s reliability and efficacy. When we use PSOGSA for function extraction and TSVM classification sets, SmartPol’s predictive precision and accuracy are over 96%, and the average prediction time is 4 seconds on each smart contract.

show abstract

An Efficient Vulnerability Detection Model for Ethereum Smart Contracts

Cited by 11 publications

References 22 publications

SPCBIG-EC: A Robust Serial Hybrid Model for Smart Contract Vulnerability Detection

SPCBIG-EC: A Robust Serial Hybrid Model for Smart Contract Vulnerability Detection

ContractWard: Automated Vulnerability Detection Models for Ethereum Smart Contracts

A Vulnerability Detection Approach for Automated Smart Contract Using Enhanced Machine Learning Techniques

Contact Info

Product

Resources

About