Smart contracts, as core components of the blockchain ecosystem, have security properties that directly affect the sustainability and value of decentralized applications. However, existing vulnerability detection methods exhibit significant limitations in terms of detection dimensions, environmental adaptability, and scalability of verification, leading to key issues such as high omission rates for cross-contract attacks and persistently high false positive rates in dynamic scenarios. Therefore, this paper proposes a smart contract vulnerability detection framework based on multi-objective detection, named MultiSCDetect. We also introduce a novel concept of Vulnerability Candidate Snippets (VCS) to help the model capture critical points of vulnerabilities.MultiSCDetect can detect 12 types of vulnerabilities, including 10 widely recognized threats, and identifies additional unknown types through implicit features and a Multi-Objective Detection (MOD) algorithm without the need for expert knowledge or predefined rules. It supports the parallel detection of multiple vulnerabilities, offering high scalability without requiring a separate model to be trained for each type, thereby reducing significant time and human resource costs.MultiSCDetect is evaluated using more than 18,000 smart contracts on Ethereum. Experimental results show that it achieves an average F1-score of 94.8%, indicating strong detection performance.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

MultiSCDetect: A Multi-objective Detection-Based Framework for Smart Contract Vulnerability Detection

  • Jing Dai,
  • Yan Ye,
  • Gang Du,
  • Dan Li

摘要

Smart contracts, as core components of the blockchain ecosystem, have security properties that directly affect the sustainability and value of decentralized applications. However, existing vulnerability detection methods exhibit significant limitations in terms of detection dimensions, environmental adaptability, and scalability of verification, leading to key issues such as high omission rates for cross-contract attacks and persistently high false positive rates in dynamic scenarios. Therefore, this paper proposes a smart contract vulnerability detection framework based on multi-objective detection, named MultiSCDetect. We also introduce a novel concept of Vulnerability Candidate Snippets (VCS) to help the model capture critical points of vulnerabilities.MultiSCDetect can detect 12 types of vulnerabilities, including 10 widely recognized threats, and identifies additional unknown types through implicit features and a Multi-Objective Detection (MOD) algorithm without the need for expert knowledge or predefined rules. It supports the parallel detection of multiple vulnerabilities, offering high scalability without requiring a separate model to be trained for each type, thereby reducing significant time and human resource costs.MultiSCDetect is evaluated using more than 18,000 smart contracts on Ethereum. Experimental results show that it achieves an average F1-score of 94.8%, indicating strong detection performance.