Learning to Detect Smart Contract Vulnerabilities from Code Property Graph
摘要
Smart contract vulnerability detection has been more and more important in recent years. By the economic nature of blockchain, the vulnerabilities in smart contracts may directly lead to large financial losses. A variety of detection methods have been proposed to detect vulnerabilities such as reentrancy and timestamp dependence. However, as the number of smart contracts rapidly increases, new forms of reentrancy vulnerability have been exploited to perform powerful attacks. Existing machine learning based detection methods build their model based on the traditional “callvalue” pattern to detect reentrancy. Thus they are not able to adapt to the newly emerged vulnerabilities. In this work, we take the first step into building a flexible and accurate machine learning model for detecting the newly emerged vulnerabilities such as the “callvalue-excluded” reentrancy. Based on a deep investigation into real-world smart contracts, we extract effective features from program syntax and semantics, i.e. customized code property graph. A detection model named Code Property Graph Neural Network (CPGNN) is proposed to detect vulnerabilities in smart contracts. The proposed method is evaluated on over 2,000 smart contracts and the experiment results show that CPGNN can achieve high efficiency in vulnerability detection problem while effectively improving the detection accuracy.