Smart Contract Vulnerability Detection: From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion

Smart contracts hold digital coins worth billions of dollars, their security issues have drawn extensive attention in the past years. Towards smart contract vulnerability detection, conventional methods heavily rely on fixed expert rules, leading to low accuracy and poor scalability. Recent deep learning approaches alleviate this issue but fail to encode useful expert knowledge. In this paper, we explore combining deep learning with expert patterns in an explainable fashion. Specifically, we develop automatic tools to extract expert patterns from the source code. We then cast the code into a semantic graph to extract deep graph features. Thereafter, the global graph feature and local expert patterns are fused to cooperate and approach the final prediction, while yielding their interpretable weights. Experiments are conducted on all available smart contracts with source code in two platforms, Ethereum and VNT Chain. Empirically, our system significantly outperforms state-of-the-art methods. Our code is released.

[1]  Koushik Sen,et al.  Looper: Lightweight Detection of Infinite Loops at Runtime , 2009, 2009 IEEE/ACM International Conference on Automated Software Engineering.

[2]  Matteo Maffei,et al.  A Semantic Framework for the Security Analysis of Ethereum smart contracts , 2018, POST.

[3]  Martin C. Rinard,et al.  Bolt: on-demand infinite loop escape in unmodified binaries , 2012, OOPSLA '12.

[4]  Zhenguang Liu,et al.  Smart Contract Vulnerability Detection using Graph Neural Network , 2020, IJCAI.

[5]  Sourav Sengupta,et al.  Towards Safer Smart Contracts: A Sequence Learning Approach to Detecting Vulnerabilities , 2018, ArXiv.

[6]  Sergei Tikhomirov,et al.  SmartCheck: Static Analysis of Ethereum Smart Contracts , 2018, 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).

[7]  Alex Groce,et al.  Slither: A Static Analysis Framework for Smart Contracts , 2019, 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).

[8]  Martin C. Rinard,et al.  Detecting and Escaping Infinite Loops with Jolt , 2011, ECOOP.

[9]  Andreas Ibing,et al.  A Fixed-Point Algorithm for Automated Static Detection of Infinite Loops , 2015, 2015 IEEE 16th International Symposium on High Assurance Systems Engineering.

[10]  Ye Liu,et al.  ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[11]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[12]  Ghassan O. Karame,et al.  Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks , 2018, NDSS.

[13]  Yoichi Hirai,et al.  Defining the Ethereum Virtual Machine for Interactive Theorem Provers , 2017, Financial Cryptography Workshops.

[14]  Kai Hu,et al.  SC-RBAC: A Smart Contract based RBAC Model for DApps , 2019, HCC.

[15]  Petar Tsankov,et al.  Securify: Practical Security Analysis of Smart Contracts , 2018, CCS.

[16]  Zhenguang Liu,et al.  Combining Graph Neural Networks With Expert Knowledge for Smart Contract Vulnerability Detection , 2021, IEEE Transactions on Knowledge and Data Engineering.

[17]  Chunhua Su,et al.  ContractWard: Automated Vulnerability Detection Models for Ethereum Smart Contracts , 2020, IEEE Transactions on Network Science and Engineering.

[18]  Sukrit Kalra,et al.  ZEUS: Analyzing Safety of Smart Contracts , 2018, NDSS.

[19]  Mika Ylianttila,et al.  Survey on blockchain based smart contracts: Applications, opportunities and challenges , 2021, J. Netw. Comput. Appl..

[20]  Roger Zimmermann,et al.  Towards Automated Reentrancy Detection for Smart Contracts Based on Sequential Models , 2020, IEEE Access.