VULPEDIA: Detecting vulnerable ethereum smart contracts via abstracted vulnerability signatures

【Author】 Ye, Jiaming; Ma, Mingliang; Lin, Yun; Ma, Lei; Xue, Yinxing; Zhao, Jianjun

【Source】JOURNAL OF SYSTEMS AND SOFTWARE

【影响因子】3.514

【Abstract】Recent years have seen smart contracts are getting increasingly popular in building trustworthy decentralized applications. Previous research has proposed static and dynamic techniques to detect vulnerabilities in smart contracts. These tools check vulnerable contracts against several predefined rules. However, the emerging new vulnerable types and programming skills to prevent possible vulnerabilities emerging lead to a large number of false positive and false negative reports of tools. To address this, we propose VULPEDIA, which mines expressive vulnerability signatures from contracts. VULPEDIA is based on the relaxed assumption that the owner of contract is not malicious. Specifically, we extract structural program features from vulnerable and benign contracts as vulnerability signatures, and construct a systematic detection method based on detection rules composed of vulnerability signatures. Compared with the rules defined by state-of-the-arts, our approach can extract more expressive rules to achieve better completeness (i.e., detection recall) and soundness (i.e., precision). We further evaluate VULPEDIA with four baselines (i.e., Slither, Securify, SmartCheck and Oyente) on the testing dataset consisting of 17,770 contracts. The experiment results show that VULPEDIA achieves best performance of precision on 4 types of vulnerabilities and leading recall on 3 types of vulnerabilities meanwhile exhibiting the great efficiency performance. (C) 2022 Elsevier Inc. All rights reserved.

【Keywords】Software analysis; Software clone analysis; Smart contract; Blockchain security; Software testing

【发表时间】2022 OCT

【收录时间】2022-08-15

【文献类型】实验仿真

【主题类别】

区块链治理-技术治理-智能合约漏洞检测