Detect Defects of Solidity Smart Contract Based on the Knowledge Graph

【Author】 Hu, Tianyuan; Li, Bixin; Pan, Zhenyu; Qian, Chen

【Source】IEEE TRANSACTIONS ON RELIABILITY

【影响因子】5.883

【Abstract】Smart contract security is one of the core issues in any application based on blockchain. There are many techniques focusing on smart contract security, however, due to the diversity of Solidity versions and limitations of detection time, it is difficult for them to comprehensively localize defects in different versions of smart contracts. In this article, we propose a static defect detection method based on the knowledge graph of the Solidity language and present a defect detection tool called SoliDetector. First, we define the ontology layer of the knowledge graph and construct the instance layer in which syntactic and logical relationships are captured. Second, we introduce the defect pattern to describe each defect and design inference rules to infer complex relationships and judge whether a defect exists. Finally, we localize defects by executing SPARQL queries. SoliDetector can support the detection of 20 kinds of defects and the automatic SPARQL query generation. We conducted several experiments on multiple datasets. SoliDetector obtains a high F-score (i.e., 92.97% on Dataset1 and 91.54% on the SmartBug dataset). To compare SoliDetector with SmartCheck, Slither, and Mythril, we conducted experiments on a labeled benchmark Dataset3 and real-world contracts. SoliDetector has a high F-score of 94.04% and is faster than other tools with an average time of 0.37 s for each contract.

【Keywords】Defect pattern; inference rule; knowledge graph; SPARQL query; smart contract

【发表时间】2024 MAR

【收录时间】2024-10-18

【文献类型】理论模型

【主题类别】

区块链治理-技术治理-智能合约漏洞检测