SVScanner: Detecting smart contract vulnerabilities via deep semantic extraction

【Author】 Zhang, Hengyan; Zhang, Weizhe; Feng, Yuming; Liu, Yang

【Source】JOURNAL OF INFORMATION SECURITY AND APPLICATIONS

【影响因子】4.960

【Abstract】Blockchain is a significant advancement in technology recently, transforming the traditional centralized system into a decentralized one. Smart contracts, as one of the best applications of blockchain, show great potential in various fields, such as finance, supply chain, and the Internet of Things (IoT). As the world's first blockchain platform to support turing complete smart contracts, Ethereum has become the most critical infrastructure for the digital world. However, with the vigorous development of smart contracts, malicious attacks against smart contracts have frequently occurred in recent years. The issue of smart contract security has attracted widespread attention due to the huge financial losses caused by smart contract vulnerabilities. Although researchers have made some progress in detecting smart contract vulnerabilities through symbolic execution and fuzzing-based methods, existing methods mainly rely on expert knowledge and hand-crafted features, leading to many detection errors. Even worse, existing methods take tens of seconds or even minutes to detect each smart contract on average, which is extremely time-consuming. In this work, we present SVScanner, the new method combining two features of heterogeneous patterns to detect smart contract vulnerabilities in the blockchain. Specifically, we first extract global semantic features from the sequence of contract code tokens. Then we further use the attention mechanism to capture deep structural semantics from the Abstract Syntax Tree (AST) of smart contracts. Finally, we combine these two features from different patterns and use a text convolutional neural network (TextCNN) to detect contract bugs. Experimental results show that SVScanner has the ability to detect vulnerabilities effectively in real-world smart contract datasets. SVScanner achieves a 7.33% improvement in accuracy compared with other traditional methods. Moreover, our method requires significantly less detection time.

【Keywords】Blockchain; Smart contract; Vulnerability detection; Deep learning; Deep semantic extraction

【发表时间】2023 JUN

【收录时间】2023-06-01

【文献类型】实验仿真

【主题类别】

区块链治理-技术治理-智能合约漏洞检测