【Author】
Yu, Xingxin; Zhao, Haoyue; Hou, Botao; Ying, Zonghao; Wu, Bin
【Source】2021 INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS (IJCNN)
【Abstract】Security attacks in smart contracts have drawn extensive attention due to the financial loss and erosion of trust caused by vulnerabilities. Even worse, smart contract is a tamper proof digital agreement and fixing bugs in it is difficult, so it is necessary for developers to detect security vulnerabilities in smart contract before deployment. Researchers have proposed several methods on smart contract vulnerability detection. However, despite the numerous vulnerability-finding tools, few of them have ideal detection performance because most of them rely on fixed rules, which is inefficient. In this paper, a modularized and systematic Deep Learning-based framework is proposed to automatically detect smart contracts vulnerability, called DeeSCVHunter. Particularly, we focus on two types of smart contract vulnerabilities: reentrancy and time dependence. And we propose a novel notion of Vulnerability Candidate Slice (VCS) to help models capture the key point of vulnerability. We conduct experiments on real-world dataset and the results prove the effectiveness of VCS, which leads to 25.76% improvement in F1-score at most. And extensive experiments also show that our proposed framework significantly outperforms state-of-the-art methods.
评论