Smart contract vulnerability detection has been more and more important in recent years. By the economic nature of blockchain, the vulnerabilities in smart contracts may directly lead to large financial losses. A variety of detection methods have been proposed to detect vulnerabilities such as reentrancy and timestamp dependence. However, as the number of smart contracts rapidly increases, new forms of reentrancy vulnerability have been exploited to perform powerful attacks. Existing machine learning based detection methods build their model based on the traditional “callvalue” pattern to detect reentrancy. Thus they are not able to adapt to the newly emerged vulnerabilities. In this work, we take the first step into building a flexible and accurate machine learning model for detecting the newly emerged vulnerabilities such as the “callvalue-excluded” reentrancy. Based on a deep investigation into real-world smart contracts, we extract effective features from program syntax and semantics, i.e. customized code property graph. A detection model named Code Property Graph Neural Network (CPGNN) is proposed to detect vulnerabilities in smart contracts. The proposed method is evaluated on over 2,000 smart contracts and the experiment results show that CPGNN can achieve high efficiency in vulnerability detection problem while effectively improving the detection accuracy.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Learning to Detect Smart Contract Vulnerabilities from Code Property Graph

  • Qing Xue,
  • Zhijie Zhong,
  • SiCheng Hao,
  • ZeWei Lin,
  • WeiLi Chen,
  • Jing Bian

摘要

Smart contract vulnerability detection has been more and more important in recent years. By the economic nature of blockchain, the vulnerabilities in smart contracts may directly lead to large financial losses. A variety of detection methods have been proposed to detect vulnerabilities such as reentrancy and timestamp dependence. However, as the number of smart contracts rapidly increases, new forms of reentrancy vulnerability have been exploited to perform powerful attacks. Existing machine learning based detection methods build their model based on the traditional “callvalue” pattern to detect reentrancy. Thus they are not able to adapt to the newly emerged vulnerabilities. In this work, we take the first step into building a flexible and accurate machine learning model for detecting the newly emerged vulnerabilities such as the “callvalue-excluded” reentrancy. Based on a deep investigation into real-world smart contracts, we extract effective features from program syntax and semantics, i.e. customized code property graph. A detection model named Code Property Graph Neural Network (CPGNN) is proposed to detect vulnerabilities in smart contracts. The proposed method is evaluated on over 2,000 smart contracts and the experiment results show that CPGNN can achieve high efficiency in vulnerability detection problem while effectively improving the detection accuracy.