Rethinking Online Smart Contract Diagnosis in Blockchains: A Diffusion Perspective

【Author】 Hu, Qinnan; Wang, Yuntao; Su, Zhou; Luan, Tom H.; Li, Ruidong; Jiang, Zhenyu

【Source】IEEE TRANSACTIONS ON NETWORKING

【影响因子】

【Abstract】Due to the immutable nature of smart contracts, online contract diagnosis is the only viable approach for revealing vulnerabilities in deployed contracts. Existing online approaches face significant challenges in terms of efficiency, adaptability, and reliance on vulnerability labels. This paper proposes ConWatcher+, a new adaptive and label-efficient online contract diagnosis framework from the diffusion perspective, which is capable to detect yet unknown attacks under evolving tactics without reliance on vulnerability labels. ConWatcher+ simulates the Advanced Persistent Threat (APT) tactics commonly used in yet unknown attacks by continuously applying minor perturbations to legitimate interaction behaviors. It then reversely learns the denoising process, guided by potential logic vulnerabilities (i.e., functionality dependencies), to adaptively identify stealthy anomalies and detect yet unknown attacks without needing vulnerability labels. ConWatcher+ proceeds in five steps. First, real-time data extraction. We design a cost-effective contract runtime information collector, incorporating on-demand data retrieval and event-driven data update mechanisms to reduce communication overhead in online contract diagnosis. Second, interaction behavior modeling. Via bytecode-level, account-level, revenue-level modeling, and side-channel level behavior modeling, we propose behavior-aware multivariate time series model to accurately represent long-term contract interactions with multi-faceted behaviors. Third, APT-like noise adding. We leverage the forward diffusion model to produce minor and stochastic APT-like noises with efficiency. Fourth, reverse denoising learning. To effectively guide reverse denoising using functionality dependencies, we devise an adaptive contract-level analysis engine equipped with heterogeneous control flow graph modeling and heterogeneous message passing mechanisms to extract function-level and bytecode-level functionality dependencies. Last, contract anomaly detection. We establish a label-efficient attack detector based on reconstruction error for contract anomaly detection. It combines complex dependency analysis and deterministic inference to ensure high-quality data reconstruction and low detection latency. Extensive empirical validations on a manually constructed dataset, covering both mainstream and novel vulnerabilities, demonstrate ConWatcher+'s effectiveness, adaptability, and label efficiency, with an average F1-score of 0.92 across all types of attacks without prior knowledge of corresponding vulnerabilities.

【Keywords】Smart contracts; Blockchains; Adaptation models; Runtime; Logic; Real-time systems; Noise reduction; Costs; Virtual machines; Semantics; Blockchain; smart contract; online contract diagnosis; stealthy contract anomalies; label-efficient detection

【发表时间】2025 2025 SEP 5

【收录时间】2025-09-15

【文献类型】

【主题类别】

--